Merge pull request #50 from MicrosoftDocs/master

newer stuff

.openpublishing.redirection.json

@@ -5050,6 +5050,16 @@
             "redirect_url": "/azure/machine-learning/team-data-science-process/apps-anomaly-detection-api",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/machine-learning/team-data-science-process/project-execution.md",
+            "redirect_url": "/azure/machine-learning/team-data-science-process/agile-development",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/machine-learning/team-data-science-process/move-data-to-azure-blob-using-python.md",
+            "redirect_url": "/azure/storage/blobs/storage-python-how-to-use-blob-storage",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/machine-learning/machine-learning-automated-data-pipeline-cheat-sheet.md",
             "redirect_url": "/azure/machine-learning/team-data-science-process/automated-data-pipeline-cheat-sheet",
@@ -5690,6 +5700,11 @@
             "redirect_url": "/azure/sql-database/saas-tenancy-tenant-analytics",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/sql-database/saas-dbpertenant-wingtip-app-guidance-tips.md",
+            "redirect_url": "/azure/sql-database/saas-tenancy-wingtip-app-guidance-tips",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/sql-database/sql-database-cloud-migrate-compatible-export-bacpac-sqlpackage.md",
             "redirect_url": "/azure/sql-database/sql-database-export",

articles/active-directory-b2c/active-directory-b2c-faqs.md

@@ -72,13 +72,13 @@ The email signature contains the B2C tenant's name that you provided when you fi
 Currently there is no way to change the "From:" field on the email. Vote on [feedback.azure.com](https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15334335-fully-customizable-verification-emails) you are interested in customizing the body of the verification email.
 
 ### How can I migrate my existing user names, passwords, and profiles from my database to Azure AD B2C?
-You can use the Azure AD Graph API to write your migration tool. See the [Graph API sample](active-directory-b2c-devquickstarts-graph-dotnet.md) for details.
+You can use the Azure AD Graph API to write your migration tool. See the [User migration guide](active-directory-b2c-user-migration.md) for details.
 
 ### What password policy is used for local accounts in Azure AD B2C?
 The Azure AD B2C password policy for local accounts is based on the policy for Azure AD. Azure AD B2C's sign-up, sign-up or sign-in and password reset policies uses the "strong" password strength and doesn't expire any passwords. Read the [Azure AD password policy](https://msdn.microsoft.com/library/azure/jj943764.aspx) for more details.
 
 ### Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
-No, Azure AD Connect is not designed to work with Azure AD B2C. Consider using the [Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md) for user migration.
+No, Azure AD Connect is not designed to work with Azure AD B2C. Consider using the [Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md) for user migration.  See the [User migration guide](active-directory-b2c-user-migration.md) for details.
 
 ### Can my app open up Azure AD B2C pages within an iFrame?
 No, for security reasons, Azure AD B2C pages cannot be opened within an iFrame.  Our service communicates with the browser to prohibit iFrames.  The security community in general and the OAUTH2 specification, recommend against using iFrames for identity experiences due to the risk of click-jacking.

articles/active-directory-domain-services/active-directory-ds-join-rhel-linux-vm.md

@@ -79,13 +79,13 @@ Now that the required packages are installed on the Linux virtual machine, the n
     sudo realm discover CONTOSO100.COM
     ```
 
-      > [!NOTE] 
-      > **Troubleshooting:**
-      > If *realm discover* is unable to find your managed domain:
-        * Ensure that the domain is reachable from the virtual machine (try ping).
-        * Check that the virtual machine has indeed been deployed to the same virtual network in which the managed domain is available.
-        * Check to see if you have updated the DNS server settings for the virtual network to point to the domain controllers of the managed domain.
-      >
+     > [!NOTE] 
+     > **Troubleshooting:**
+     > If *realm discover* is unable to find your managed domain:
+     * Ensure that the domain is reachable from the virtual machine (try ping).
+     * Check that the virtual machine has indeed been deployed to the same virtual network in which the managed domain is available.
+     * Check to see if you have updated the DNS server settings for the virtual network to point to the domain controllers of the managed domain.
+     >
 
 2. Initialize Kerberos. In your SSH terminal, type the following command: 
 

articles/active-directory-domain-services/active-directory-ds-join-ubuntu-linux-vm.md

@@ -117,13 +117,13 @@ Now that the required packages are installed on the Linux virtual machine, the n
     sudo realm discover CONTOSO100.COM
     ```
 
-      > [!NOTE] 
-      > **Troubleshooting:**
-      > If *realm discover* is unable to find your managed domain:
-        * Ensure that the domain is reachable from the virtual machine (try ping).
-        * Check that the virtual machine has indeed been deployed to the same virtual network in which the managed domain is available.
-        * Check to see if you have updated the DNS server settings for the virtual network to point to the domain controllers of the managed domain.
-      >
+   > [!NOTE] 
+   > **Troubleshooting:**
+   > If *realm discover* is unable to find your managed domain:
+     * Ensure that the domain is reachable from the virtual machine (try ping).
+     * Check that the virtual machine has indeed been deployed to the same virtual network in which the managed domain is available.
+     * Check to see if you have updated the DNS server settings for the virtual network to point to the domain controllers of the managed domain.
+   >
 
 2. Initialize Kerberos. In your SSH terminal, type the following command: 
 

articles/active-directory/active-directory-conditional-access-controls.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 11/03/2017
+ms.date: 11/29/2017
 ms.author: markvi
 ms.reviewer: calebb
 
@@ -109,7 +109,7 @@ Providers currently offering a compatible service include:
 
 - RSA
 
-- Trusona
+- [Trusona](https://www.trusona.com/docs/azure-ad-integration-guide)
 
 For more information on those services, contact the providers directly.
 

articles/active-directory/active-directory-conditional-access-technical-reference.md

@@ -12,16 +12,16 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 11/28/2017
+ms.date: 11/29/2017
 ms.author: markvi
 ms.reviewer: spunukol
 
 ---
 # Azure Active Directory conditional access technical reference
 
-You can use [Azure Active Directory (Azure AD) conditional access](active-directory-conditional-access-azure-portal.md) to fine-tune how authorized users can access your resources.  
+You can use [Azure Active Directory (Azure AD) conditional access](active-directory-conditional-access-azure-portal.md) to fine-tune how authorized users can access your resources.   
 
-This topic provides support information for the following configuration options for a conditional access policy: 
+This article provides you with support information for the following configuration options for a conditional access policy: 
 
 - Cloud applications assignments
 
@@ -35,7 +35,7 @@ This topic provides support information for the following configuration options
 
 ## Cloud apps assignments
 
-When you configure a conditional access policy, you need to [select the cloud apps that use your policy](active-directory-conditional-access-azure-portal.md#who). 
+With conditional access policies, you control how your users access your [cloud apps](active-directory-conditional-access-azure-portal.md#who). When you configure a conditional access policy, you need to select at least one cloud app. 
 
 ![Select the cloud apps for your policy](./media/active-directory-conditional-access-technical-reference/09.png)
 
@@ -45,6 +45,7 @@ When you configure a conditional access policy, you need to [select the cloud ap
 You can assign a conditional access policy to the following cloud apps from Microsoft:
 
 - Azure Information Protection - [Learn more](https://docs.microsoft.com/information-protection/get-started/faqs#i-see-azure-information-protection-is-listed-as-an-available-cloud-app-for-conditional-accesshow-does-this-work)
+
 - Azure RemoteApp
 
 - Microsoft Dynamics 365
@@ -100,7 +101,7 @@ In a conditional access policy, you can configure the device platform condition
 
 ## Client apps condition 
 
-When you configure a conditional access policy, you can [select client apps](active-directory-conditional-access-azure-portal.md#client-apps) for the client app condition. Set the client apps condition to grant or block access when an access attempt is made from the following types of client apps:
+In your conditional access policy, you can configure the [client apps](active-directory-conditional-access-azure-portal.md#client-apps) condition to tie the policy to the client app that has initiated an access attempt. Set the client apps condition to grant or block access when an access attempt is made from the following types of client apps:
 
 - Browser
 - Mobile apps and desktop apps
@@ -109,11 +110,11 @@ When you configure a conditional access policy, you can [select client apps](act
 
 ### Supported browsers 
 
-Control browser access by using the **Browser** option in your conditional access policy. Access is granted only when the access attempt is made by a supported browser. When an access attempt is made by an unsupported browser, the attempt is blocked.
+In your conditional access policy, you can select **Browsers** as client app.
 
 ![Control access for supported browsers](./media/active-directory-conditional-access-technical-reference/05.png)
 
-In your conditional access policy, the following browsers are supported: 
+This setting has an impact on access attempts made from the following browsers: 
 
 
 | OS                     | Browsers                            | Support     |
@@ -137,11 +138,13 @@ In your conditional access policy, the following browsers are supported:
 
 ### Supported mobile applications and desktop clients
 
-Control app and client access by using the **Mobile apps and desktop clients** option in your conditional access policy. Access is granted only when the access attempt is made by a supported mobile app or desktop client. When an access attempt is made by an unsupported app or client, the attempt is blocked.
+In your conditional access policy, you can select **Mobile apps and desktop clients** as client app.
+
 
 ![Control access for supported mobile apps or desktop clients](./media/active-directory-conditional-access-technical-reference/06.png)
 
-The following mobile apps and desktop clients support conditional access for Office 365 and other Azure AD-connected service applications:
+
+This setting has an impact on access attempts made from the following mobile apps and desktop clients: 
 
 
 |Client apps|Target Service|Platform|
@@ -167,11 +170,11 @@ The following mobile apps and desktop clients support conditional access for Off
 
 ## Approved client app requirement 
 
-Control client connections by using the **Require approved client app** option in your conditional access policy. Access is granted only when a connection attempt is made by an approved client app.
+In your conditional access policy, you can require that an access attempt to the selected cloud apps needs to be made from an approved client app. 
 
 ![Control access for approved client apps](./media/active-directory-conditional-access-technical-reference/21.png)
 
-The following client apps can be used with the approved client application requirement:
+This setting applies to the following client apps:
 
 
 - Microsoft Azure Information Protection

articles/active-directory/active-directory-how-subscriptions-associated-directory.md

@@ -37,7 +37,6 @@ You must sign in with an account that exists in both the current directory with
 5. The recipient clicks the link and follows the instructions, including entering their payment information. When the recipient succeeds, the subscription is transferred. 
 6. The default directory of the subscription is changed to the directory that the user is in.
 
-For more information, see [Transfer Azure subscription ownership to another account](../billing/billing-subscription-transfer.md).
 
 ## Next steps
 * To learn more about how to change administrators for an Azure subscription, see [Transfer ownership of an Azure subscription to another account](../billing/billing-subscription-transfer.md)

articles/active-directory/active-directory-saas-docusign-provisioning-tutorial.md

@@ -12,7 +12,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 07/10/2017
+ms.date: 11/28/2017
 ms.author: jeedes
 
 ---
@@ -38,10 +38,13 @@ Before configuring and enabling the provisioning service, you need to decide wha
 
 ### Important tips for assigning users to DocuSign
 
-*   It is recommended that a single Azure AD user is assigned to DocuSign to test the provisioning configuration. Additional users and/or groups may be assigned later.
+*   It is recommended that a single Azure AD user is assigned to DocuSign to test the provisioning configuration. Additional users may be assigned later.
 
 *   When assigning a user to DocuSign, you must select a valid user role. The "Default Access" role does not work for provisioning.
 
+> [!NOTE]
+> Azure AD does not support group provisioning with the Docusign application, only users can be provisioned.
+
 ## Enable User Provisioning
 
 This section guides you through connecting your Azure AD to DocuSign's user account provisioning API, and configuring the provisioning service to create, update, and disable assigned user accounts in DocuSign based on user and group assignment in Azure AD.
@@ -83,7 +86,7 @@ The objective of this section is to outline how to enable user provisioning of A
 
 12. Click **Save.**
 
-It starts the initial synchronization of any users and/or groups assigned to DocuSign in the Users and Groups section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 20 minutes as long as the service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity reports, which describe all actions performed by the provisioning service on your DocuSign app.
+It starts the initial synchronization of any users assigned to DocuSign in the Users and Groups section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 20 minutes as long as the service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity reports, which describe all actions performed by the provisioning service on your DocuSign app.
 
 You can now create a test account. Wait for up to 20 minutes to verify that the account has been synchronized to DocuSign.
 

articles/active-directory/active-directory-saas-filecloud-tutorial.md

@@ -7,13 +7,13 @@ author: jeevansd
 manager: femila
 ms.reviewer: joflore
 
-ms.assetid: f39f0ddd-b504-4562-971f-77b88d1e75fb
+ms.assetid: 2263e583-3eb2-4a06-982d-33f5f54858f4
 ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 07/19/2017
+ms.date: 11/27/2017
 ms.author: jeedes
 
 ---
@@ -106,12 +106,13 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
 
 	![FileCloud Domain and URLs single sign-on information](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_url.png)
 
-    a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<subdomain>.filecloudhosted.com`
+    a. In the **Sign-on URL** textbox, type a URL using the following pattern: 
+	`https://<subdomain>.filecloudonline.com`
 
-	b. In the **Identifier** textbox, type a URL using the following pattern: `https://<subdomain>.filecloudhosted.com/simplesaml/module.php/saml/sp/metadata.php/default-sp`
+	b. In the **Identifier** textbox, type a URL using the following pattern: `https://<subdomain>.filecloudonline.com/simplesaml/module.php/saml/sp/metadata.php/default-sp`
 
 	> [!NOTE] 
-	> These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact [FileCloud Client support team](mailto:support@codelathe.com) to get these values.
+	> These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact [FileCloud Client support team](mailto:support@codelathe.com) to get these values. 
 
 4. On the **SAML Signing Certificate** section, click **Metadata XML** and then save the metadata file on your computer.
 
@@ -129,23 +130,23 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
 
 8. On the left navigation pane, click **Settings**. 
 
-    ![Settings section On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_000.png)
+    ![Configure Single Sign-On On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_000.png)
 
 9. Click **SSO** tab on Settings section. 
 
-    ![Single Sign-On Tab On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_001.png)
+    ![Configure Single Sign-On On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_001.png)
 
 10. Select **SAML** as **Default SSO Type** on **Single Sign On (SSO) Settings** panel.
 
-    ![Single Sign-On Settings Panel On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_002.png)
+    ![Configure Single Sign-On On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_002.png)
 
-11. Paste **SAML Entity ID**, which you have copied from Azure portal into the **IdP End Point URL** textbox.
+11. In the **IdP End Point URL** textbox, paste the value of **SAML Entity ID** which you have copied from Azure portal.
 
-    ![IDP End Point URL Textbox](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_003.png)
+    ![Configure Single Sign-On On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_003.png)
 
 12. Open your downloaded metadata file in notepad, copy the content of it into your clipboard, and then paste it to the **IdP Meta Data** textbox on **SAML Settings** panel.
 
-	![IDP Meta Data Section on App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_004.png)
+	![Configure Single Sign-On On App side](./media/active-directory-saas-filecloud-tutorial/tutorial_filecloud_004.png)
 
 13. Click **Save** button.
 
@@ -190,7 +191,7 @@ The objective of this section is to create a test user in the Azure portal calle
 The objective of this section is to create a user called Britta Simon in FileCloud. FileCloud supports just-in-time provisioning, which is by default enabled. There is no action item for you in this section. A new user is created during an attempt to access FileCloud if it doesn't exist yet.
 
 >[!NOTE]
->If you need to create a user manually, you need to contact the [FileCloud Client support team](mailto:support@codelathe.com). 
+>If you need to create a user manually, you need to contact the [FileCloud Client support team](mailto:support@codelathe.com).
 
 ### Assign the Azure AD test user
 
@@ -224,9 +225,10 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting
 
 ### Test single sign-on
 
-The objective of this section is to test your Azure AD SSO configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration using the Access Panel.
 
 When you click the FileCloud tile in the Access Panel, you should get automatically signed-on to your FileCloud application.
+For more information about the Access Panel, see [Introduction to the Access Panel](active-directory-saas-access-panel-introduction.md). 
 
 ## Additional resources