Merge pull request #87460 from MicrosoftDocs/master

9/4 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -19071,7 +19071,7 @@
     },
     {
       "source_path": "articles/active-directory/hybrid/whatis-hybrid-identity-health.md",
-      "redirect_url": "/azure/active-directory/hybrid/whatis-hybrid-identity",
+      "redirect_url": "/azure/active-directory/hybrid/whatis-azure-ad-connect",
       "redirect_document_id": false
     },
     {
@@ -38958,6 +38958,16 @@
       "redirect_url": "/azure/cognitive-services/face/overview",
       "redirect_document_id": false
     },
+	{
+	  "source_path": "articles/cognitive-services/Face/QuickStarts/csharp-detect-sdk.md",
+	  "redirect_url": "/azure/cognitive-services/face/quickstarts/csharp-sdk",
+	  "redirect_document_id": false
+	},
+	{
+		"source_path": "articles/cognitive-services/Face/Tutorials/FaceAPIinPythonTutorial.md",
+		"redirect_url": "/azure/cognitive-services/face/quickstarts/python-sdk#display-and-frame-faces",
+		"redirect_document_id": false
+	  },
     {
       "source_path": "articles/cognitive-services/Computer-vision/Home-v1.md",
       "redirect_url": "/azure/cognitive-services/computer-vision/home",

articles/active-directory-domain-services/faqs.md

@@ -51,7 +51,7 @@ To target specific device groups to enable the credential provider, use the foll
    1. Name: Security Keys for Windows Sign-In
    1. Description: Enables FIDO Security Keys to be used during Windows Sign In
    1. Platform: Windows 10 and later
-   1. Platform type: Custom
+   1. Profile type: Custom
    1. Custom OMA-URI Settings:
       1. Name: Turn on FIDO Security Keys for Windows Sign-In
       1. OMA-URI: ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin

articles/active-directory/authentication/howto-authentication-passwordless-security-key.md

@@ -175,7 +175,7 @@ Interactively acquiring the token prompts the user and gives them the opportunit
 
 When calling an API requiring Conditional Access, you can receive a claims challenge in the error from the API. In this case, you can pass the claims returned in the error to the `claimsRequest` field of the `AuthenticationParameters.ts` class to satisfy the appropriate policy. 
 
-See [Requesting Additional Claims]() for more detail.
+See [Requesting Additional Claims](active-directory-optional-claims.md) for more detail.
 
 ## Retrying after errors and exceptions
 

articles/active-directory/develop/msal-handling-exceptions.md

@@ -93,7 +93,7 @@ The modern security reports will provide additional capabilities from the older
 - Risk state, covering: At risk, Dismissed, Remediated, and Confirmed compromised
 - New risk-related detections (available to Azure AD Premium subscribers)
 
-For more information, see [Risky users](https://aka.ms/RiskyUsersDocs), [Risky sign-ins](https://aka.ms/RiskySigninsDocs), and [Risk detections](https://aka.ms/RiskDetectionsDocs).
+For more information, see [Risky users](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-users-report), [Risky sign-ins](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-sign-ins-report), and [Risk detections](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risk-detections-report).
 
 ---
 
@@ -139,7 +139,7 @@ For more information about this issue, see [Azure Active Directory Authenticatio
 
 In August 2019, we've added these 26 new apps with Federation support to the app gallery:
 
-[Civic Platform](https://docs.microsoft.com/azure/active-directory/saas-apps/civic-platform-tutorial), [Amazon Business](https://docs.microsoft.com/azure/active-directory/saas-apps/amazon-business-tutorial), [ProNovos Ops Manager](https://docs.microsoft.com/azure/active-directory/saas-apps/pronovos-ops-manager-tutorial), [Cognidox](https://docs.microsoft.com/azure/active-directory/saas-apps/cognidox-tutorial), [Viareport's Inativ Portal (Europe)](https://docs.microsoft.com/azure/active-directory/saas-apps/viareports-inativ-portal-europe-tutorial), [Azure Databricks](https://azure.microsoft.com/services/databricks), [Robin](https://docs.microsoft.com/azure/active-directory/saas-apps/robin-tutorial), [Academy Attendance](https://docs.microsoft.com/azure/active-directory/saas-apps/academy-attendance-tutorial), [Priority Matrix](https://sync.appfluence.com/pmwebng/), [Cousto MySpace](https://cousto.platformers.be/account/login), [Uploadcare](https://uploadcare.com/accounts/signup/), [Carbonite Endpoint Backup](https://docs.microsoft.com/azure/active-directory/saas-apps/carbonite-endpoint-backup-tutorial), [CPQSync by Cincom](https://docs.microsoft.com/azure/active-directory/saas-apps/cpqsync-by-cincom-tutorial), [Chargebee](https://docs.microsoft.com/azure/active-directory/saas-apps/chargebee--tutorial), [deliver.media™ Portal](https://portal.deliver.media), [Frontline Education](https://docs.microsoft.com/azure/active-directory/saas-apps/frontline-education-tutorial), [F5](https://www.f5.com/products/security/access-policy-manager), [stashcat AD connect](https://www.stashcat.com), [Blink](https://docs.microsoft.com/azure/active-directory/saas-apps/blink-tutorial), [Vocoli](https://docs.microsoft.com/azure/active-directory/saas-apps/vocoli-tutorial), [ProNovos Analytics](https://docs.microsoft.com/azure/active-directory/saas-apps/pronovos-analytics-tutorial), [Sigstr](https://docs.microsoft.com/azure/active-directory/saas-apps/sigstr-tutorial), [Darwinbox](https://docs.microsoft.com/azure/active-directory/saas-apps/darwinbox-tutorial), [Watch by Colors](https://docs.microsoft.com/azure/active-directory/saas-apps/watch-by-colors-tutorial), [Harness](https://docs.microsoft.com/azure/active-directory/saas-apps/harness-tutorial), [EAB Navigate Strategic Care](https://docs.microsoft.com/azure/active-directory/saas-apps/eab-navigate-strategic-care-tutorial)
+[Civic Platform](https://docs.microsoft.com/azure/active-directory/saas-apps/civic-platform-tutorial), [Amazon Business](https://docs.microsoft.com/azure/active-directory/saas-apps/amazon-business-tutorial), [ProNovos Ops Manager](https://docs.microsoft.com/azure/active-directory/saas-apps/pronovos-ops-manager-tutorial), [Cognidox](https://docs.microsoft.com/azure/active-directory/saas-apps/cognidox-tutorial), [Viareport's Inativ Portal (Europe)](https://docs.microsoft.com/azure/active-directory/saas-apps/viareports-inativ-portal-europe-tutorial), [Azure Databricks](https://azure.microsoft.com/services/databricks), [Robin](https://docs.microsoft.com/azure/active-directory/saas-apps/robin-tutorial), [Academy Attendance](https://docs.microsoft.com/azure/active-directory/saas-apps/academy-attendance-tutorial), [Priority Matrix](https://sync.appfluence.com/pmwebng/), [Cousto MySpace](https://cousto.platformers.be/account/login), [Uploadcare](https://uploadcare.com/accounts/signup/), [Carbonite Endpoint Backup](https://docs.microsoft.com/azure/active-directory/saas-apps/carbonite-endpoint-backup-tutorial), [CPQSync by Cincom](https://docs.microsoft.com/azure/active-directory/saas-apps/cpqsync-by-cincom-tutorial), [Chargebee](https://docs.microsoft.com/azure/active-directory/saas-apps/chargebee-tutorial), [deliver.media™ Portal](https://portal.deliver.media), [Frontline Education](https://docs.microsoft.com/azure/active-directory/saas-apps/frontline-education-tutorial), [F5](https://www.f5.com/products/security/access-policy-manager), [stashcat AD connect](https://www.stashcat.com), [Blink](https://docs.microsoft.com/azure/active-directory/saas-apps/blink-tutorial), [Vocoli](https://docs.microsoft.com/azure/active-directory/saas-apps/vocoli-tutorial), [ProNovos Analytics](https://docs.microsoft.com/azure/active-directory/saas-apps/pronovos-analytics-tutorial), [Sigstr](https://docs.microsoft.com/azure/active-directory/saas-apps/sigstr-tutorial), [Darwinbox](https://docs.microsoft.com/azure/active-directory/saas-apps/darwinbox-tutorial), [Watch by Colors](https://docs.microsoft.com/azure/active-directory/saas-apps/watch-by-colors-tutorial), [Harness](https://docs.microsoft.com/azure/active-directory/saas-apps/harness-tutorial), [EAB Navigate Strategic Care](https://docs.microsoft.com/azure/active-directory/saas-apps/eab-navigate-strategic-care-tutorial)
 
 For more information about the apps, see [SaaS application integration with Azure Active Directory](https://aka.ms/appstutorial). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](https://aka.ms/azureadapprequest).
 
@@ -398,7 +398,7 @@ All Azure AD administrators can now select the banner at the top of existing sec
 
 - Risk state, covering: At risk, Dismissed, Remediated, and Confirmed compromised
 
-For more information, see [Risky users report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risky-users-signins#risky-users-report) and [Risky sign-ins report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risky-users-signins#risky-sign-ins-report).
+For more information, see [Risky users report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-users-report) and [Risky sign-ins report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-sign-ins-report).
 
 ---
 

articles/active-directory/fundamentals/whats-new.md

@@ -183,7 +183,7 @@ The following procedure walks you through converting an existing standard domain
 
 1. Connect to your Azure AD Directory as a tenant administrator: Connect-MsolService .
 2.	Configure your desired Office 365 domain to use federation with SAML 2.0:
-	`$dom = "contoso.com" $BrandName - "Sample SAML 2.0 IDP" $LogOnUrl = "https://WS2012R2-0.contoso.com/passiveLogon" $LogOffUrl = "https://WS2012R2-0.contoso.com/passiveLogOff" $ecpUrl = "https://WS2012R2-0.contoso.com/PAOS" $MyURI = "urn:uri:MySamlp2IDP" $MySigningCert = @" MIIC7jCCAdagAwIBAgIQRrjsbFPaXIlOG3GTv50fkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyh BREZTIFNpZ25pbmcgLSBXUzIwMTJSMi0wLnN3aW5mb3JtZXIuY29tMB4XDTE0MDEyMDE1MTY0MFoXDT E1MDEyMDE1MTY0MFowMzExMC8GA1UEAxMoQURGUyBTaWduaW5nIC0gV1MyMDEyUjItMC5zd2luZm9yb WVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKe+rLVmXy1QwCwZwqgbbp1/kupQ VcjKuKLitVDbssFyqbDTjP7WRjlVMWAHBI3kgNT7oE362Gf2WMJFf1b0HcrsgLin7daRXpq4Qi6OA57 sW1YFMj3sqyuTP0eZV3S4+ZbDVob6amsZIdIwxaLP9Zfywg2bLsGnVldB0+XKedZwDbCLCVg+3ZWxd9 T/jV0hpLIIWr+LCOHqq8n8beJvlivgLmDJo8f+EITnAxWcsJUvVai/35AhHCUq9tc9sqMp5PWtabAEM b2AU72/QlX/72D2/NbGQq1BWYbqUpgpCZ2nSgvlWDHlCiUo//UGsvfox01kjTFlmqQInsJVfRxF5AcC AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAi8c6C4zaTEc7aQiUgvnGQgCbMZbhUXXLGRpjvFLKaQzkwa9 eq7WLJibcSNyGXBa/SfT5wJgsm3TPKgSehGAOTirhcqHheZyvBObAScY7GOT+u9pVYp6raFrc7ez3c+ CGHeV/tNvy1hJNs12FYH4X+ZCNFIT9tprieR25NCdi5SWUbPZL0tVzJsHc1y92b2M2FxqRDohxQgJvy JOpcg2mSBzZZIkvDg7gfPSUXHVS1MQs0RHSbwq/XdQocUUhl9/e/YWCbNNxlM84BxFsBUok1dH/gzBy Sx+Fc8zYi7cOq9yaBT3RLT6cGmFGVYZJW4FyhPZOCLVNsLlnPQcX3dDg9A==" "@ $uri = "http://WS2012R2-0.contoso.com/adfs/services/trust" $Protocol = "SAMLP" Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $MyURI -ActiveLogOnUri $ecpUrl -SigningCertificate $MySigningCert -IssuerUri $uri -LogOffUri $url -PreferredAuthenticationProtocol $Protocol` 
+	`$dom = "contoso.com" $BrandName - "Sample SAML 2.0 IDP" $LogOnUrl = "https://WS2012R2-0.contoso.com/passiveLogon" $LogOffUrl = "https://WS2012R2-0.contoso.com/passiveLogOff" $ecpUrl = "https://WS2012R2-0.contoso.com/PAOS" $MyURI = "urn:uri:MySamlp2IDP" $MySigningCert = @" MIIC7jCCAdagAwIBAgIQRrjsbFPaXIlOG3GTv50fkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyh BREZTIFNpZ25pbmcgLSBXUzIwMTJSMi0wLnN3aW5mb3JtZXIuY29tMB4XDTE0MDEyMDE1MTY0MFoXDT E1MDEyMDE1MTY0MFowMzExMC8GA1UEAxMoQURGUyBTaWduaW5nIC0gV1MyMDEyUjItMC5zd2luZm9yb WVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKe+rLVmXy1QwCwZwqgbbp1/kupQ VcjKuKLitVDbssFyqbDTjP7WRjlVMWAHBI3kgNT7oE362Gf2WMJFf1b0HcrsgLin7daRXpq4Qi6OA57 sW1YFMj3sqyuTP0eZV3S4+ZbDVob6amsZIdIwxaLP9Zfywg2bLsGnVldB0+XKedZwDbCLCVg+3ZWxd9 T/jV0hpLIIWr+LCOHqq8n8beJvlivgLmDJo8f+EITnAxWcsJUvVai/35AhHCUq9tc9sqMp5PWtabAEM b2AU72/QlX/72D2/NbGQq1BWYbqUpgpCZ2nSgvlWDHlCiUo//UGsvfox01kjTFlmqQInsJVfRxF5AcC AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAi8c6C4zaTEc7aQiUgvnGQgCbMZbhUXXLGRpjvFLKaQzkwa9 eq7WLJibcSNyGXBa/SfT5wJgsm3TPKgSehGAOTirhcqHheZyvBObAScY7GOT+u9pVYp6raFrc7ez3c+ CGHeV/tNvy1hJNs12FYH4X+ZCNFIT9tprieR25NCdi5SWUbPZL0tVzJsHc1y92b2M2FxqRDohxQgJvy JOpcg2mSBzZZIkvDg7gfPSUXHVS1MQs0RHSbwq/XdQocUUhl9/e/YWCbNNxlM84BxFsBUok1dH/gzBy Sx+Fc8zYi7cOq9yaBT3RLT6cGmFGVYZJW4FyhPZOCLVNsLlnPQcX3dDg9A==" "@ $uri = "http://WS2012R2-0.contoso.com/adfs/services/trust" $Protocol = "SAMLP" Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $BrandName -Authentication Federated -PassiveLogOnUri $LogOnUrl -ActiveLogOnUri $ecpUrl -SigningCertificate $MySigningCert -IssuerUri $MyURI -LogOffUri $LogOffUrl -PreferredAuthenticationProtocol $Protocol` 
 
 3.  You can obtain the signing certificate base64 encoded string from your IDP metadata file. An example of this location has been provided but may differ slightly based on your implementation.
 

articles/active-directory/hybrid/how-to-connect-fed-saml-idp.md

@@ -35,6 +35,8 @@ This table describes the ports and protocols that are required for communication
 | SMB | 445 (TCP/UDP) |Used by Seamless SSO to create a computer account in the AD forest. |
 | LDAP/SSL |636 (TCP/UDP) |Used for data import from AD. The data transfer is signed and encrypted. Only used if you are using SSL. |
 | RPC |49152- 65535 (Random high RPC Port)(TCP/UDP) |Used during the initial configuration of Azure AD Connect when it binds to the AD forests, and during Password synchronization. See [KB929851](https://support.microsoft.com/kb/929851), [KB832017](https://support.microsoft.com/kb/832017), and [KB224196](https://support.microsoft.com/kb/224196) for more information. |
+|WinRM  | 5985 (TCP/UDP) |Only used if you are installing AD FS with gMSA by Azure AD Connect Wizard|
+|AD DS Web Services | 9389 (TCP/UDP) |Only used if you are installing AD FS with gMSA by Azure AD Connect Wizard |
 
 ## Table 2 - Azure AD Connect and Azure AD
 This table describes the ports and protocols that are required for communication between the Azure AD Connect server and Azure AD.
@@ -97,8 +99,10 @@ This table describes the following outbound ports and protocols that are require
 
 | Protocol | Ports | Description |
 | --- | --- | --- |
-| HTTPS |443(TCP/UDP) |Outbound |
-| Azure Service Bus |5671 (TCP/UDP) |Outbound |
+| HTTPS |443(TCP) |Outbound |
+| Azure Service Bus |5671 (TCP) |Outbound |
+
+Azure Service Bus port 5671 is no longer required for the latest version of agent. The latest Azure AD Connect Health agent version only required port 443.
 
 ### 7b - Endpoints for Azure AD Connect Health agent for (AD FS/Sync) and Azure AD
 For a list of endpoints, see [the Requirements section for the Azure AD Connect Health agent](how-to-connect-health-agent-install.md#requirements).

articles/active-directory/hybrid/media/whatis-aadc-admin-agent/adminagent0.png

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/25/2019
+ms.date: 09/04/2019
 ms.subservice: hybrid
 ms.author: billmath
 ms.topic: conceptual
@@ -26,19 +26,20 @@ The information that the Azure AD Connect Administration Agent retrieves from yo
 The Azure AD Connect Administration Agent is not installed on the Azure AD Connect Server by default. 
 
 ## Install the Azure AD Connect Administration Agent on the Azure AD Connect server 
-The Azure AD Connect Administration Agent binaries are placed in the AAD Connect server. To install the agent, do the following: 
 
+Prerequisites:
+1.	Azure AD Connect is installed on the server
+2.	Azure AD Connect Health is installed on the server
 
+![admin agent](media/whatis-aadc-admin-agent/adminagent0.png)
 
-1. Open powershell in admin mode 
-2. Navigate to the directory where the application is located 
-cd “C:\Program Files\Microsoft Azure Active Directory Connect\SetupFiles” 
-3. Run the AADConnectAdminAgentSetup.exe application 
- 
-When prompted, please enter your Azure AD global admin credentials. 
+The Azure AD Connect Administration Agent binaries are placed in the AAD Connect server. To install the agent, do the following:
 
->[!NOTE]
->There is a known issue where you will be prompted for your credentials multiple times. This will be fixed in the next release.
+1.	Open powershell in admin mode
+2.	Navigate to the directory where the application is located cd “C:\Program Files\Microsoft Azure Active Directory Connect\Tools”
+3.	Run ConfigureAdminAgent.ps1
+
+When prompted, please enter your Azure AD global admin credentials. This should be the same credentials entered during Azure AD Connect installation.
 
 After the agent is installed, you’ll see the following two new programs in the “Add/Remove Programs” list in the Control Panel of your server: 
 

articles/active-directory/hybrid/reference-connect-ports.md

@@ -405,6 +405,14 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Directory Management|Get idps for a specific admin flow|
 |Directory Management|Get list of all admin flows|
 |Directory Management|Get list of tags for all admin flows for all users|
+|Group Management|Bulk Download group members - started|
+|Group Management|Bulk Download group members - finished|
+|Group Management|Bulk import group members - started|
+|Group Management|Bulk import group members - finished|
+|Group Management|Bulk remove group members - started|
+|Group Management|Bulk remove group members - finished|
+|Group Management|Bulk download groups - started|
+|Group Management|Bulk download groups - finished|
 |Group Management|Get list of tenants for a user|
 |Group Management|Get local accounts' self-asserted claims|
 |Group Management|Get localized resource json|
@@ -451,28 +459,42 @@ This articles lists the audit activities that can be logged in your audit logs.
 |Role Management|Delete device configuration|
 |Role Management|Device no longer compliant|
 |Role Management|Device no longer managed|
-|User Management|Remove registered owner from device|
-|User Management|Remove registered users from device|
-|User Management|Update device|
-|User Management|Update device configuration|
+|User Management|AccessReview_Review|
+|User Management|AccessReview_Update|
+|User Management|ActivationAborted|
+|User Management|ActivationApproved|
+|User Management|ActivationCanceled|
+|User Management|ActivationRequested|
 |User Management|Add eligible member to role|
 |User Management|Add member to role|
 |User Management|Add role assignment to role definition|
 |User Management|Add role from template|
 |User Management|Add scoped member to role|
+|User Management|Added|
+|User Management|Assign|
+|User Management|Bulk create users - started|
+|User Management|Bulk create users - finished|
+|User Management|Bulk delete users - started|
+|User Management|Bulk delete users - finished|
+|User Management|Bulk download users - started|
+|User Management|Bulk download users - finished|
+|User Management|Bulk restore deleted users - started|
+|User Management|Bulk restore deleted users - finished|
+|User Management|Bulk invite users - started|
+|User Management|Bulk invite users - finished|
+|User Management|Remove registered owner from device|
+|User Management|Remove registered users from device|
 |User Management|Remove eligible member from role|
 |User Management|Remove member from role|
 |User Management|Remove role assignment from role definition|
 |User Management|Remove scoped member from role|
+|User Management|Update device|
+|User Management|Update device configuration|
 |User Management|Update role|
-|User Management|AccessReview_Review|
-|User Management|AccessReview_Update|
-|User Management|ActivationAborted|
-|User Management|ActivationApproved|
-|User Management|ActivationCanceled|
-|User Management|ActivationRequested|
-|User Management|Added|
-|User Management|Assign|
+
+
+
+
 
 
 ## Identity protection