Skip to content

Commit f378b63

Browse files
committed
Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-preview-arr
2 parents b357e25 + b3b6947 commit f378b63

File tree

142 files changed

+2415
-1213
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

142 files changed

+2415
-1213
lines changed

.openpublishing.redirection.json

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32264,11 +32264,6 @@
3226432264
"redirect_url": "/azure/expressroute/expressroute-security-controls",
3226532265
"redirect_document_id": false
3226632266
},
32267-
{
32268-
"source_path": "articles/key-vault/key-vault-security-controls.md",
32269-
"redirect_url": "/azure/key-vault/security-baseline",
32270-
"redirect_document_id": false
32271-
},
3227232267
{
3227332268
"source_path": "articles/key-vault/automation-manage-key-vault.md",
3227432269
"redirect_url": "/azure/key-vault/",
@@ -50558,6 +50553,10 @@
5055850553
"source_path": "articles/aks/use-cosmosdb-osba-mongo-app.md",
5055950554
"redirect_url": "/azure/aks/",
5056050555
"redirect_document_id": false
50556+
},
50557+
{
50558+
"source_path": "articles/cognitive-services/speech-service/ship-application.md",
50559+
"redirect_url": "/azure/cognitive-services/speech-service/speech-sdk"
5056150560
}
5056250561
]
5056350562
}

articles/active-directory-domain-services/compare-identity-solutions.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,17 @@ Although the three Active Directory-based identity solutions share a common name
2323

2424
* **Active Directory Domain Services (AD DS)** - Enterprise-ready lightweight directory access protocol (LDAP) server that provides key features such as identity and authentication, computer object management, group policy, and trusts.
2525
* AD DS is a central component in many organizations with an on-premises IT environment, and provides core user account authentication and computer management features.
26+
* For more information, see [Active Directory Domain Services overview in the Windows Server documentation][overview-adds].
2627
* **Azure Active Directory (Azure AD)** - Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Office 365, the Azure portal, or SaaS applications.
2728
* Azure AD can be synchronized with an on-premises AD DS environment to provide a single identity to users that works natively in the cloud.
29+
* For more information about Azure AD, see [What is Azure Active Directory?][whatis-azuread]
2830
* **Azure Active Directory Domain Services (Azure AD DS)** - Provides managed domain services with a subset of fully-compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.
2931
* Azure AD DS integrates with Azure AD, which itself can synchronize with an on-premises AD DS environment. This ability extends central identity use cases to traditional web applications that run in Azure as part of a lift-and-shift strategy.
3032

3133
This overview article compares and contrasts how these identity solutions can work together, or would be used independently, depending on the needs of your organization.
3234

35+
To get started, [create an Azure AD DS managed domain using the Azure portal][tutorial-create].
36+
3337
## Azure AD DS and self-managed AD DS
3438

3539
If you have applications and services that need access to traditional authentication mechanisms such as Kerberos or NTLM, there are two ways to provide Active Directory Domain Services in the cloud:
@@ -116,3 +120,5 @@ To get started with using Azure AD DS, [create an Azure AD DS managed domain usi
116120
[manage-gpos]: manage-group-policy.md
117121
[tutorial-ldaps]: tutorial-configure-ldaps.md
118122
[tutorial-create]: tutorial-create-instance.md
123+
[whatis-azuread]: ../active-directory/fundamentals/active-directory-whatis.md
124+
[overview-adds]: /windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview

articles/active-directory-domain-services/overview.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ ms.author: iainfou
1919

2020
Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication that is fully compatible with Windows Server Active Directory. You use these domain services without the need to deploy, manage, and patch domain controllers in the cloud. Azure AD DS integrates with your existing Azure AD tenant, which makes it possible for users to sign in using their existing credentials. You can also use existing groups and user accounts to secure access to resources, which provides a smoother lift-and-shift of on-premises resources to Azure.
2121

22+
To get started, [create an Azure AD DS managed domain using the Azure portal][tutorial-create].
23+
2224
Azure AD DS replicates identity information from Azure AD, so works with Azure AD tenants that are cloud-only, or synchronized with an on-premises Active Directory Domain Services (AD DS) environment. The same set of Azure AD DS features exist for both environments.
2325

2426
* If you have an existing on-premises AD DS environment, you can synchronize user account information to provide a consistent identity for users.
@@ -49,7 +51,11 @@ Azure AD DS offers alternatives to the need to create VPN connections back to an
4951

5052
## Azure AD DS features and benefits
5153

52-
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy, DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD. The following features of Azure AD DS simplify deployment and management operations:
54+
To provide identity services to applications and VMs in the cloud, Azure AD DS is fully compatible with a traditional AD DS environment for operations such as domain-join, secure LDAP (LDAPS), Group Policy, DNS management, and LDAP bind and read support. LDAP write support is available for objects created in the Azure AD DS managed domain, but not resources synchronized from Azure AD.
55+
56+
To learn more about your identity options, [compare Azure AD DS with Azure AD, Active Directory Domain Services on Azure VMs, and Active Directory Domain Services on-premises][compare].
57+
58+
The following features of Azure AD DS simplify deployment and management operations:
5359

5460
* **Simplified deployment experience:** Azure AD DS is enabled for your Azure AD tenant using a single wizard in the Azure portal.
5561
* **Integrated with Azure AD:** User accounts, group memberships, and credentials are automatically available from your Azure AD tenant. New users, groups, or changes to attributes from your Azure AD tenant or your on-premises AD DS environment are automatically synchronized to Azure AD DS.

articles/active-directory-domain-services/password-policy.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,11 @@ To complete this article, you need the following resources and privileges:
4242

4343
Fine-grained password policies (FGPPs) let you apply specific restrictions for password and account lockout policies to different users in a domain. For example, to secure privileged accounts you can apply stricter account lockout settings than regular non-privileged accounts. You can create multiple FGPPs within an Azure AD DS managed domain and specify the order of priority to apply them to users.
4444

45+
For more information about password policies and using the Active Directory Administration Center, see the following articles:
46+
47+
* [Learn about fine-grained password policies](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770394(v=ws.10))
48+
* [Configure fine-grained password policies using AD Administration Center](/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-#fine_grained_pswd_policy_mgmt)
49+
4550
Policies are distributed through group association in an Azure AD DS managed domain, and any changes you make are applied at the next user sign-in. Changing the policy doesn't unlock a user account that's already locked out.
4651

4752
Password policies behave a little differently depending on how the user account they're applied to was created. There are two ways a user account can be created in Azure AD DS:

0 commit comments

Comments
 (0)