etherscan-io
diff --git a/‎articles/active-directory/devices/azureadjoin-plan.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/devices/azureadjoin-plan.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/active-directory/devices/hybrid-azuread-join-manual.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/devices/hybrid-azuread-join-manual.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/devices/hybrid-azuread-join-plan.md
Lines changed: 8 additions & 8 deletions b/‎articles/active-directory/devices/hybrid-azuread-join-plan.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/users-groups-roles/licensing-service-plan-reference.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/users-groups-roles/licensing-service-plan-reference.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/aks/api-server-authorized-ip-ranges.md
Lines changed: 2 additions & 2 deletions b/‎articles/aks/api-server-authorized-ip-ranges.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/concepts-storage.md
Lines changed: 3 additions & 1 deletion b/‎articles/aks/concepts-storage.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/aks/tutorial-kubernetes-prepare-app.md
Lines changed: 1 addition & 1 deletion b/‎articles/aks/tutorial-kubernetes-prepare-app.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/app-service/web-sites-integrate-with-vnet.md
Lines changed: 1 addition & 2 deletions b/‎articles/app-service/web-sites-integrate-with-vnet.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎articles/application-gateway/application-gateway-faq.md
Lines changed: 1 addition & 5 deletions b/‎articles/application-gateway/application-gateway-faq.md
Lines changed: 1 addition & 5 deletions
diff --git a/‎articles/automation/automation-update-management.md
Lines changed: 1 addition & 1 deletion b/‎articles/automation/automation-update-management.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-functions/functions-bindings-signalr-service.md
Lines changed: 9 additions & 4 deletions b/‎articles/azure-functions/functions-bindings-signalr-service.md
Lines changed: 9 additions & 4 deletions
@@ -66,11 +66,11 @@ A federated environment should have an identity provider that supports both WS-T
 
 - **WS-Fed:** This protocol is required to join a device to Azure AD.
 - **WS-Trust:** This protocol is required to sign in to an Azure AD joined device.
- When you're using AD FS, you need to enable the following WS-Trust endpoints  
- - /adfs/services/trust/2005/usernamemixed  
- - /adfs/services/trust/13/usernamemixed  
- - /adfs/services/trust/2005/certificatemixed  
- - /adfs/services/trust/13/certificatemixed 
+When you're using AD FS, you need to enable the following WS-Trust endpoints:
+ `/adfs/services/trust/2005/usernamemixed`
+ `/adfs/services/trust/13/usernamemixed`
+ `/adfs/services/trust/2005/certificatemixed`
+ `/adfs/services/trust/13/certificatemixed`
 
 If your identity provider does not support these protocols, Azure AD join does not work natively. Beginning with  Windows 10 1809, your users can sign in to an Azure AD joined device with a SAML-based identity provider through [web sign-in on Windows 10](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#web-sign-in-to-windows-10). Currently, web sign-in is a preview feature and is not recommended for production deployments.
 
 
@@ -174,12 +174,12 @@ In a federated Azure AD configuration, devices rely on AD FS or an  on-premises
 Windows current devices authenticate by using Integrated Windows Authentication to an active WS-Trust endpoint (either 1.3 or 2005 versions) hosted by the on-premises federation service.
 
 When you're using AD FS, you need to enable the following WS-Trust endpoints
-- /adfs/services/trust/2005/windowstransport 
-- /adfs/services/trust/13/windowstransport 
-- /adfs/services/trust/2005/usernamemixed
-- /adfs/services/trust/13/usernamemixed
-- /adfs/services/trust/2005/certificatemixed
-- /adfs/services/trust/13/certificatemixed
+- `/adfs/services/trust/2005/windowstransport`
+- `/adfs/services/trust/13/windowstransport`
+- `/adfs/services/trust/2005/usernamemixed`
+- `/adfs/services/trust/13/usernamemixed`
+- `/adfs/services/trust/2005/certificatemixed`
+- `/adfs/services/trust/13/certificatemixed`
 
 > [!WARNING]
 > Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust WIndows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
 
@@ -111,14 +111,14 @@ These scenarios don't require you to configure a federation server for authentic
 A federated environment should have an identity provider that supports the following requirements. If you have a federated environment using Active Directory Federation Services (AD FS), then the above requirements are already supported.
 
 - **WIAORMULTIAUTHN claim:** This claim is required to do hybrid Azure AD join for Windows down-level devices.
-- **WS-Trust protocol:** This protocol is required to authenticate Windows current hybrid Azure AD joined devices with Azure AD.
-  When you're using AD FS, you need to enable the following WS-Trust endpoints 
-  - /adfs/services/trust/2005/windowstransport  
-  - /adfs/services/trust/13/windowstransport  
-  - /adfs/services/trust/2005/usernamemixed 
-  - /adfs/services/trust/13/usernamemixed 
-  - /adfs/services/trust/2005/certificatemixed 
-  - /adfs/services/trust/13/certificatemixed 
+- **WS-Trust protocol:** This protocol is required to authenticate Windows current hybrid Azure AD joined devices with Azure AD. 
+When you're using AD FS, you need to enable the following WS-Trust endpoints: 
+  `/adfs/services/trust/2005/windowstransport`  
+  `/adfs/services/trust/13/windowstransport`  
+  `/adfs/services/trust/2005/usernamemixed` 
+  `/adfs/services/trust/13/usernamemixed`
+  `/adfs/services/trust/2005/certificatemixed` 
+  `/adfs/services/trust/13/certificatemixed` 
 
 > [!WARNING] 
 > Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust WIndows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
 
@@ -12,7 +12,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 05/06/2019
+ms.date: 07/31/2019
 ms.author: mimart
 ms.reviewer: arvinh
 ms.custom: aaddev;it-pro;seohack1
@@ -70,7 +70,7 @@ Applications that support the SCIM profile described in this article can be conn
    ![Example: An app's Provisioning page in the Azure portal][2]<br/>
    *Figure 3: Configuring provisioning in the Azure portal*
 
-1. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/v2/
+1. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/
 1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD includes an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD-issued token.
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
@@ -675,7 +675,7 @@ The easiest way to implement a SCIM endpoint that can accept provisioning reques
 1. Enter a name for your application, and select **Add** to create an app object. The application object created is intended to represent the target app you would be provisioning to and implementing single sign-on for, and not just the SCIM endpoint.
 1. In the app management screen, select **Provisioning** in the left panel.
 1. In the **Provisioning Mode** menu, select **Automatic**.    
-1. In the **Tenant URL** field, enter the internet-exposed URL and port of your SCIM endpoint. The entry is something like http://testmachine.contoso.com:9000 or http://\<ip-address>:9000/, where \<ip-address> is the internet exposed IP address.
+1. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/
 
 1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD includes an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD-issued token.
 1. Select **Test Connection** to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempt fails, error information is displayed.  
 
@@ -101,6 +101,7 @@ When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
 | SKYPE FOR BUSINESS PSTN CONFERENCING	| MCOMEETADV	| 0c266dff-15dd-4b49-8397-2bb16070ed52	| MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40) | AUDIO CONFERENCING (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40) |
 | SKYPE FOR BUSINESS PSTN DOMESTIC AND INTERNATIONAL CALLING	| MCOPSTN2	| d3b4fe1f-9992-4930-8acb-ca6ec609365e	| MCOPSTN2 (5a10155d-f5c1-411a-a8ec-e99aae125390) | DOMESTIC AND INTERNATIONAL CALLING PLAN (5a10155d-f5c1-411a-a8ec-e99aae125390) |
 | SKYPE FOR BUSINESS PSTN DOMESTIC CALLING	| MCOPSTN1	| 0dab259f-bf13-4952-b7f8-7db8f131b28d	| MCOPSTN1 (4ed3ff63-69d7-4fb7-b984-5aec7f605ca8) | DOMESTIC CALLING PLAN (4ed3ff63-69d7-4fb7-b984-5aec7f605ca8) |
+| SKYPE FOR BUSINESS PSTN DOMESTIC CALLING	(120 Minutes)| MCOPSTN5	| 54a152dc-90de-4996-93d2-bc47e670fc06	| MCOPSTN5 (54a152dc-90de-4996-93d2-bc47e670fc06) | DOMESTIC CALLING PLAN (54a152dc-90de-4996-93d2-bc47e670fc06) |
 | VISIO ONLINE PLAN 1	| VISIOONLINE_PLAN1	| 4b244418-9658-4451-a2b8-b5e2b364e9bd	| ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) |
 | VISIO Online Plan 2	| VISIOCLIENT	| c5928f49-12ba-48f7-ada3-0d743a3601d5	| ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIO_CLIENT_SUBSCRIPTION (663a804f-1c30-4ff0-9915-9db84f0d1cea)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIO_CLIENT_SUBSCRIPTION (663a804f-1c30-4ff0-9915-9db84f0d1cea)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) |
 | WINDOWS 10 ENTERPRISE E3	| WIN10_PRO_ENT_SUB	| cb10e6cd-9da4-4992-867b-67546b1db821	| WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111) | WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111)
 
@@ -216,13 +216,13 @@ To enable API server authorized IP ranges, you provide a list of authorized IP a
 
 Use [az aks update][az-aks-update] command and specify the *--api-server-authorized-ip-ranges* to allow. These IP address ranges are usually address ranges used by your on-premises networks. Add the public IP address of your own Azure firewall obtained in the previous step, such as *20.42.25.196/32*.
 
-The following example enables API server authorized IP ranges on the cluster named *myAKSCluster* in the resource group named *myResourceGroup*. The IP address ranges to authorize are *20.42.25.196/32* (the Azure firewall public IP address), then *172.0.0.10/16* and *168.10.0.10/18*:
+The following example enables API server authorized IP ranges on the cluster named *myAKSCluster* in the resource group named *myResourceGroup*. The IP address ranges to authorize are *20.42.25.196/32* (the Azure firewall public IP address), then *172.0.0.0/16* and *168.10.0.0/18*:
 
 ```azurecli-interactive
 az aks update \
     --resource-group myResourceGroup \
     --name myAKSCluster \
-    --api-server-authorized-ip-ranges 20.42.25.196/32,172.0.0.10/16,168.10.0.10/18
+    --api-server-authorized-ip-ranges 20.42.25.196/32,172.0.0.0/16,168.10.0.0/18
 ```
 
 ## Update or disable authorized IP ranges
 
@@ -30,7 +30,9 @@ Applications often need to be able to store and retrieve data. As Kubernetes typ
 Traditional volumes to store and retrieve data are created as Kubernetes resources backed by Azure Storage. You can manually create these data volumes to be assigned to pods directly, or have Kubernetes automatically create them. These data volumes can use Azure Disks or Azure Files:
 
 - *Azure Disks* can be used to create a Kubernetes *DataDisk* resource. Disks can use Azure Premium storage, backed by high-performance SSDs, or Azure Standard storage, backed by regular HDDs. For most production and development workloads, use Premium storage. Azure Disks are mounted as *ReadWriteOnce*, so are only available to a single node. For storage volumes that can be accessed by multiple nodes simultaneously, use Azure Files.
-- *Azure Files* can be used to mount an SMB 3.0 share backed by an Azure Storage account to pods. Files let you share data across multiple nodes and pods. Currently, Files can only use Azure Standard storage backed by regular HDDs.
+- *Azure Files* can be used to mount an SMB 3.0 share backed by an Azure Storage account to pods. Files let you share data across multiple nodes and pods. Files can use Azure Standard storage backed by regular HDDs, or Azure Premium storage, backed by high-performance SSDs.
+> [!NOTE] 
+> Azure Files support premium storage in AKS clusters that run Kubernetes 1.13 or higher.
 
 In Kubernetes, volumes can represent more than just a traditional disk where information can be stored and retrieved. Kubernetes volumes can also be used as a way to inject data into a pod for use by the containers. Common additional volume types in Kubernetes include:
 
 
@@ -101,7 +101,7 @@ Stop and remove the container instances and resources with the [docker-compose d
 docker-compose down
 ```
 
-When the local application has been removed, you have a Docker image that contains the Azure Vote application, *azure-front-front*, for use with the next tutorial.
+When the local application has been removed, you have a Docker image that contains the Azure Vote application, *azure-vote-front*, for use with the next tutorial.
 
 ## Next steps
 
 
@@ -131,11 +131,10 @@ The Gateway required VNet Integration feature:
 * Enables up to five VNets to be integrated with in an App Service Plan 
 * Allows the same VNet to be used by multiple apps in an App Service Plan without impacting the total number that can be used by an App Service plan.  If you have 6 apps using the same VNet in the same App Service plan, that counts as 1 VNet being used. 
 * Requires a Virtual Network Gateway that is configured with Point to Site VPN
-* Is not supported for use with Linux apps
 * Supports a 99.9% SLA due to the SLA on the gateway
 
 This feature does not support:
-
+* Use with Linux apps
 * Accessing resources across ExpressRoute 
 * Accessing resources across Service Endpoints 
 
 
@@ -96,7 +96,7 @@ Yes. See [Modifications to a request](https://docs.microsoft.com/azure/applicati
 
 New Application Gateway v1 SKU deployments can take up to 20 minutes to provision. Changes to instance size or count aren't disruptive, and the gateway remains active during this time.
 
-Deployments that use the v2 SKU can take up to 6 minutes to provision.
+Most deployments that use the v2 SKU take around 6 minutes to provision. However it can take longer depending on the type of deployment. For example, deployments across multiple Availability Zones with many instances can take more than 6 minutes. 
 
 ### Can I use Exchange Server as a backend with Application Gateway?
 
@@ -319,10 +319,6 @@ Yes. You can enable DDoS protection on the virtual network where the application
 
 Yes. For details see, [Migrate Azure Application Gateway and Web Application Firewall from v1 to v2](migrate-v1-v2.md).
 
-### Does WAF support non UTF-8 encoding?
-
-No. WAF currently supports only UTF-8 encoding.
-
 ## Diagnostics and logging
 
 ### What types of logs does Application Gateway provide?
 
@@ -17,7 +17,7 @@ You can use the Update Management solution in Azure Automation to manage operati
 You can enable Update Management for virtual machines directly from your Azure Automation account. To learn how to enable Update Management for virtual machines from your Automation account, see [Manage updates for multiple virtual machines](manage-update-multi.md). You can also enable Update Management for a virtual machine from the virtual machine page in the Azure portal. This scenario is available for [Linux](../virtual-machines/linux/tutorial-monitoring.md#enable-update-management) and [Windows](../virtual-machines/windows/tutorial-monitoring.md#enable-update-management) virtual machines.
 
 > [!NOTE]
-> The Update Management solution requires linking a Log Analytics workspace to your Automation account. For a definitive list of supported regions, see [https://docs.microsoft.com/en-us/azure/automation/how-to/region-mappings]. The region mappings do not affect the ability to manage virtual machines in a
+> The Update Management solution requires linking a Log Analytics workspace to your Automation account. For a definitive list of supported regions, see [Azure Workspace mappings](./how-to/region-mappings.md). The region mappings do not affect the ability to manage virtual machines in a
 > separate region than your Automation account.
 
 [!INCLUDE [azure-monitor-log-analytics-rebrand](../../includes/azure-monitor-log-analytics-rebrand.md)]
 
@@ -276,14 +276,15 @@ The following example adds a user to a group.
 [FunctionName("addToGroup")]
 public static Task AddToGroup(
     [HttpTrigger(AuthorizationLevel.Anonymous, "post")]HttpRequest req,
-    string userId,
+    ClaimsPrincipal claimsPrincipal,
     [SignalR(HubName = "chat")]
         IAsyncCollector<SignalRGroupAction> signalRGroupActions)
 {
+    var userIdClaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);
     return signalRGroupActions.AddAsync(
         new SignalRGroupAction
         {
-            UserId = userId,
+            UserId = userIdClaim.Value,
             GroupName = "myGroup",
             Action = GroupAction.Add
         });
@@ -298,20 +299,24 @@ The following example removes a user from a group.
 [FunctionName("removeFromGroup")]
 public static Task RemoveFromGroup(
     [HttpTrigger(AuthorizationLevel.Anonymous, "post")]HttpRequest req,
-    string userId,
+    ClaimsPrincipal claimsPrincipal,
     [SignalR(HubName = "chat")]
         IAsyncCollector<SignalRGroupAction> signalRGroupActions)
 {
+    var userIdClaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);
     return signalRGroupActions.AddAsync(
         new SignalRGroupAction
         {
-            UserId = userId,
+            UserId = userIdClaim.Value,
             GroupName = "myGroup",
             Action = GroupAction.Remove
         });
 }
 ```
 
+> [!NOTE]
+> In order to get the `ClaimsPrincipal` correctly bound, you must have configured the authentication settings in Azure Functions.
+
 ### 2.x JavaScript send message output examples
 
 #### Broadcast to all clients