Merge branch 'release-azuresql' of https://github.com/MicrosoftDocs/azure-docs-pr into 05-21-mi-ml-in-new-scheme

Author: garyericson

.openpublishing.publish.config.json

@@ -515,6 +515,11 @@
       "url": "https://github.com/Azure-Samples/azure-cosmos-java-getting-started",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-cosmos-java-sql-api-samples",
+      "url": "https://github.com/Azure-Samples/azure-cosmos-java-sql-api-samples",
+      "branch": "master"
+    },    
     {
       "path_to_root": "azure-storage-snippets",
       "url": "https://github.com/azure-samples/AzureStorageSnippets",

.openpublishing.redirection.json

@@ -39856,6 +39856,11 @@
       "redirect_url": "/azure/dev-spaces/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/dev-spaces/how-to/helm-3.md",
+      "redirect_url": "/azure/dev-spaces/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/monitoring/monitoring-overview.md",
       "redirect_url": "/azure/azure-monitor/overview",
@@ -48505,6 +48510,11 @@
       "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/python-receipts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/form-recognizer/quickstarts/dotnet-sdk.md",
+      "redirect_url": "/azure/cognitive-services/form-recognizer/quickstarts/client-library?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Upload-Images.md",
       "redirect_url": "/azure/cognitive-services/content-moderator",
@@ -52494,6 +52504,16 @@
       "redirect_url": "/azure/batch/error-handling",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/batch/batch-api-differences.md",
+      "redirect_url": "/azure/batch/batch-apis-tools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/batch/batch-integration-policies.md",
+      "redirect_url": "/azure/batch/policy-samples",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/troubleshooting/troubleshoot-vm-unresponsive-group-policy-local-users.md",
       "redirect_url": "/azure/virtual-machines/troubleshooting/unresponsive-vm-apply-group-policy",
@@ -53366,8 +53386,8 @@
     },
     {
         "source_path": "articles/sql-database/sql-database-glossary-terms.md",
-        "redirect_url": "/azure/azure-sql/glossary-terms",
-        "redirect_document_id": true
+        "redirect_url": "/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview",
+        "redirect_document_id": false
     },
     {
         "source_path": "articles/sql-database/sql-database-high-availability.md",
@@ -54318,6 +54338,8 @@
         "source_path": "articles/data-factory/connector-azure-sql-database-managed-instance.md",
         "redirect_url": "/azure/data-factory/connector-azure-sql-managed-instance",
         "redirect_document_id": true
-    }
+    },
+
+
   ]
 }

articles/active-directory-b2c/configure-tokens.md

@@ -50,7 +50,7 @@ You can configure the token lifetime on any user flow.
 
 ## Next steps
 
-Learn more about how to [use access tokens](access-tokens.md).
+Learn more about how to [request access tokens](access-tokens.md).
 
 
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -202,9 +202,12 @@ If your previous computer certificate has expired, and a new certificate has bee
 
 ### Microsoft Azure Government additional steps
 
-For customers that use Azure Government cloud, the following additional configuration steps are required on each NPS server:
+For customers that use Azure Government cloud, the following additional configuration steps are required on each NPS server.
 
-1. Open **Registry Editor** on the NPS server.
+> [!IMPORTANT]
+> Only configure these registry settings if you're an Azure Government customer.
+
+1. If you're an Azure Government customer, open **Registry Editor** on the NPS server.
 1. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa`. Set the following key values:
 
     | Registry key       | Value |

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -106,7 +106,7 @@ Note: For users who have [Password hash synchronization (PHS)](https://docs.micr
 
 You can help users register quickly by deploying SSPR alongside another popular application or service in the organization. This action will generate a large volume of sign-ins and will drive registration.
 
-Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. YOU can use this data post deployment to show the value SSPR is bringing to the organization.
+Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. You can use this data post deployment to show the value SSPR is bringing to the organization.
 
 #### Enable combined registration for SSPR and MFA
 
@@ -344,4 +344,4 @@ Audit logs for registration and password reset are available for 30 days. If sec
 
 * [Consider implementing Azure AD password protection](https://docs.microsoft.com/azure/active-directory/authentication/concept-password-ban-bad)
 
-* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)
+* [Consider implementing Azure AD Smart Lockout](https://docs.microsoft.com/azure/active-directory/authentication/howto-password-smart-lockout)

articles/active-directory/b2b/facebook-federation.md

@@ -1,4 +1,5 @@
 ---
+
 title: Add Facebook as an identity provider - Azure AD
 description: Federate with Facebook to enable external users (guests) to sign in to your Azure AD apps with their own Facebook accounts.
 

articles/active-directory/cloud-provisioning/how-to-prerequisites.md

@@ -59,14 +59,9 @@ Run the [IdFix tool](https://docs.microsoft.com/office365/enterprise/prepare-dir
    - Your agents need access to login.windows.net and login.microsoftonline.com for initial registration. Open your firewall for those URLs as well.
    - For certificate validation, unblock the following URLs: mscrl.microsoft.com:80, crl.microsoft.com:80, ocsp.msocsp.com:80, and www\.microsoft.com:80. These URLs are used for certificate validation with other Microsoft products, so you might already have these URLs unblocked.
 
-### Verify the port
-To verify that Azure is listening on port 443 and that your agent can communicate with it, use the following URL:
-
-https://aadap-portcheck.connectorporttest.msappproxy.net/ 
-
-This test verifies that your agents can communicate with Azure over port 443. Open a browser, and go to the previous URL from the server where the agent is installed.
+>[!NOTE]
+> Installing the cloud provisioning agent on Windows Server Core is not supported.
 
-![Verification of port reachability](media/how-to-install/verify2.png)
 
 ### Additional requirements
 - [Microsoft .NET Framework 4.7.1](https://www.microsoft.com/download/details.aspx?id=56116) 

articles/active-directory/conditional-access/howto-conditional-access-insights-reporting.md

@@ -96,6 +96,19 @@ You can also investigate the sign-ins of a specific user by searching for sign-i
 
 ## Troubleshooting
 
+### Why are queries failing due to a permissions error?
+
+In order to access the workbook, you need the proper Azure AD permissions as well as Log Analytics workspace permissions. To test whether you have the proper workspace permissions by running a sample log analytics query:
+
+1. Sign in to the **Azure portal**.
+1. Browse to **Azure Active Directory** > **Logs**.
+1. Type `SigninLogs` into the query box and select **Run**.
+1. If the query does not return any results, your workspace may not have been configured correctly. 
+
+![Troubleshoot failing queries](./media/howto-conditional-access-insights-reporting/query-troubleshoot-sign-in-logs.png)
+
+For more information about how to stream Azure AD sign-in logs to a Log Analytics workspace, see the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
+
 ### Why is the workbook taking a long time to load?  
 
 Depending on the time range selected and the size of your tenant, the workbook may be evaluating an extraordinarily large number of sign-in events. For large tenants, the volume of sign-ins may exceed the query capacity of Log Analytics. Try shortening the time range to 4 hours to see if the workbook loads.  

articles/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa.md

@@ -50,7 +50,7 @@ The following steps will help create a Conditional Access policy to require All
    1. Select **Done**.
 1. Under **Cloud apps or actions** > **Include**, select **All cloud apps**.
    1. Under **Exclude**, select any applications that do not require multi-factor authentication.
-1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**, and select **Done**.
+1. Under **Conditions** > **Client apps (Preview)**, set **Configure** to **Yes**. Under **Select the client apps this policy will apply to** leave all defaults selected and select **Done**.
 1. Under **Access controls** > **Grant**, select **Grant access**, **Require multi-factor authentication**, and select **Select**.
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create to enable your policy.