Merge pull request MicrosoftDocs#2634 from MicrosoftDocs/FromPrivateRepo

From private repo

articles/active-directory/active-directory-saas-symantecwebsecurityservice(wss)-tutorial.md

@@ -3,7 +3,7 @@ title: 'Tutorial: Azure Active Directory integration with Symantec Web Security
 description: Learn how to configure single sign-on between Azure Active Directory and Symantec Web Security Service (WSS).
 services: active-directory
 documentationCenter: na
-author: jeevansd
+author: MicrosoftGuyJFlo
 manager: femila
 
 ms.assetid: d6e4d893-1f14-4522-ac20-0c73b18c72a5
@@ -13,7 +13,7 @@ ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
 ms.date: 07/08/2017
-ms.author: jeedes
+ms.author: joflore
 
 ---
 # Tutorial: Azure Active Directory integration with Symantec Web Security Service (WSS)

articles/active-directory/connect/active-directory-aadconnect-federation-management.md

@@ -173,6 +173,9 @@ It's easy to add a domain to be federated with Azure AD by using Azure AD Connec
 
    ![Ready to configure](media/active-directory-aadconnect-federation-management/AdditionalDomain5.PNG)
 
+> [!NOTE]
+> Users from the added federated domain must be synchronized before they will be able to login to Azure AD.
+
 ## AD FS customization
 The following sections provide details about some of the common tasks that you might have to perform when you customize your AD FS sign-in page.
 

articles/active-directory/connect/active-directory-aadconnect-get-started-custom.md

@@ -275,6 +275,9 @@ The AD FS service requires a domain service account to authenticate users and lo
 
 If you selected Group Managed Service Account and this feature has never been used in Active Directory, you are prompted for Enterprise Admin credentials. These credentials are used to initiate the key store and enable the feature in Active Directory.
 
+> [!NOTE]
+> Azure AD Connect performs a check to detect if the AD FS service is already registered as a SPN in the domain.  AD DS will not allow duplicate SPN’s to be registered at once.  If a duplicate SPN is found, you will not be able to proceed further until the SPN is removed.
+
 ![AD FS Service Account](./media/active-directory-aadconnect-get-started-custom/adfs5.png)
 
 ### Select the Azure AD domain that you wish to federate

articles/active-directory/develop/active-directory-devhowto-appsource-certified.md

@@ -13,29 +13,104 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/28/2017
+ms.date: 08/03/2017
 ms.author: andret
 ms.custom: aaddev
 
 ---
-# How to get AppSource Certified for Azure Active Directory (AD)
-To receive AppSource certification for Azure AD, your application must implement the multi-tenant sign in pattern with Azure AD using the OpenID Connect or OAuth 2.0 protocols.  
 
-If you’re not familiar with Azure AD sign-in or multi-tenant application development:
+# How to get AppSource Certified for Azure Active Directory
+[Microsoft AppSource](https://appsource.microsoft.com/) is a destination for business users to discover, try, and manage line-of-business SaaS applications (standalone SaaS and add-on to existing Microsoft SaaS products).
 
-1. Start by reading about the [Browser to Web App scenarios in Authentication Scenarios for Azure AD][AAD-Auth-Scenarios-Browser-To-WebApp].  
-2. Next, check out the Azure AD [web application quick-start guides][AAD-QuickStart-Web-Apps], which demonstrate how to implement sign-in, and include companion code samples.
+To list a standalone SaaS application on AppSource, your application must accept single sign-on from work accounts from any company or organization that has Azure Active Directory. The sign-in process must use the [OpenID Connect](./active-directory-protocols-openid-connect-code.md) or [OAuth 2.0](./active-directory-protocols-oauth-code.md) protocols. SAML integration is not accepted for AppSource certification.
 
-   > [!TIP]
-   > Try the preview of our new [developer portal](https://identity.microsoft.com/Docs/Web) that will help you get up and running with Azure Active Directory in just a few minutes!  The developer portal will walk you through the process of registering an app and integrating Azure AD into your code.  When you’re finished, you will have a simple application that can authenticate users in your tenant and a back-end that can accept tokens and perform validation.
-   >
-   >
-3. To learn how to implement the multi-tenant sign-in pattern with Azure AD, check out [How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern][AAD-Howto-Multitenant-Overview]
+## Guides and code samples
+If you want to learn about how to integrate your application with Azure Active Directory using Open ID connect, follow our guides and code samples in the [Azure Active Directory developer's guide](./active-directory-developers-guide.md#get-started "Get Started with Azure AD for developers").
 
-## Related content
-For more information on building applications that support Azure AD sign-in, or to get help and support, refer to the [Azure AD Developer's Guide][AAD-Dev-Guide].
+## Multi-tenant applications
 
-Please use the Disqus comments section following this article to provide feedback and help us refine and shape our content.
+An application that accepts sign-ins from users from any company or organization that have Azure Active Directory without requiring a separate instance, configuration, or deployment is known as a *multi-tenant application*. AppSource recommends that applications implement multi-tenancy to enable the *single-click* free trial experience.
+
+In order to enable multi-tenancy on your application:
+- Set `Multi-Tenanted` property to `Yes` on your application registration's information in the [Azure Portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) (by default, applications created in the Azure Portal are configured as *single-tenant*)
+- Update your code to send requests to the '`common`' endpoint (update the endpoint from *https://login.microsoftonline.com/{yourtenant}* to *https://login.microsoftonline.com/common*)
+- For some platforms, like ASP.NET, you need also to update your code to accept multiple issuers
+
+For more information about multi-tenancy, see: [How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern](./active-directory-devhowto-multi-tenant-overview.md).
+
+### Single-tenant applications
+Applications that only accept sign-ins from users of a defined Azure Active Directory instance are known as *single-tenant application*. External users (including Work or School accounts from other organizations, or personal account) can sign in to a single-tenant application after adding each user as *guest account* to the Azure Active Directory instance that the application is registered. You can add users as guest accounts to an Azure Active Directory via the [*Azure AD B2B collaboration*](../active-directory-b2b-what-is-azure-ad-b2b.md) - and it can be done [programatically](../active-directory-b2b-code-samples.md). When you add a user as guest account to an Azure Active Directory, an invitation email is sent to the user, who has to accept the invitation by clicking on the link in the invitation email. Invitations that are sent to an additional user in an inviting organization that is also a member of the partner organization are not required to accept an invitation to sign in.
+
+Single-tenant applications can enable the *Contact Me* experience, but if you want to enable the single-click/ free trial experience that AppSource recommends, enable multi-tenancy on your application instead.
+
+
+## AppSource trial experiences
+
+### Free Trial (Customer-led trial experience) 
+The *customer-led trial* is the experience that AppSource recommends as it offers a single-click access to your application. Below an illustration of how this experience looks like:<br/><br/>
+
+<table >
+<tr>
+    <td valign="top" width="33%">1.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step1.png" width="85%"/><ul><li>User finds your application in AppSource Web Site</li><li>Selects ‘Free trial’ option</li></ul></td>
+    <td valign="top" width="33%">2.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step2.png" width="85%" /><ul><li>AppSource redirects user to a URL in your web site</li><li>Your web site starts the <i>single-sign-on</i> process automatically (on page load)</li></ul></td>
+    <td valign="top" width="33%">3.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step3.png" width="85%"/><ul><li>User is redirected to Microsoft Sign-in page</li><li>User provides credentials to sign in</li></ul></td>
+</tr>
+<tr>
+    <td valign="top" width="33%">4.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step4.png" width="85%"/><ul><li>User gives consent for your application</li></ul></td>
+    <td valign="top" width="33%">5.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step5.png" width="85%"/><ul><li>Sign-in completes and user is redirected back to your web site</li><li>User starts the free trial</li></ul></td>
+    <td></td>
+</tr>
+</table>
+
+### Contact Me (Partner-led trial experience)
+The *partner trial experience* can be used when a manual or a long-term operation needs to happen to provision the user/ company: for example, your application needs to provision virtual machines, database instances, or operations that take much time to complete. In this case, after user selects the *'Request Trial'* button and fills out a form, AppSource sends you the user's contact information. Upon receiving this information, you then provision the environment and send the instructions to the user on how to access the trial experience:<br/><br/>
+
+<table valign="top">
+<tr>
+    <td valign="top" width="33%">1.<br/><img src="media/active-directory-devhowto-appsource-certified/partner-led-trial-step1.png" width="85%"/><ul><li>User finds your application in AppSource web site</li><li>Selects ‘Contact Me’ option</li></ul></td>
+    <td valign="top" width="33%">2.<br/><img src="media/active-directory-devhowto-appsource-certified/partner-led-trial-step2.png" width="85%"/><ul><li>Fills out a form with contact information</li></ul></td>
+     <td valign="top" width="33%">3.<br/><br/>
+        <table bgcolor="#f7f7f7">
+        <tr>
+            <td><img src="media/active-directory-devhowto-appsource-certified/UserContact.png" width="55%"/></td>
+            <td>You receive user information</td>
+        </tr>
+        <tr>
+            <td><img src="media/active-directory-devhowto-appsource-certified/SetupEnv.png" width="55%"/></td>
+            <td>Setup environment</td>
+        </tr>
+        <tr>
+            <td><img src="media/active-directory-devhowto-appsource-certified/ContactCustomer.png" width="55%"/></td>
+            <td>Contact user with trial info</td>
+        </tr>
+        </table><br/><br/>
+        <ul><li>You receive user's information and setup trial instance</li><li>You send the hyperlink to access your application to the user</li></ul>
+    </td>
+</tr>
+<tr>
+    <td valign="top" width="33%">4.<br/><img src="media/active-directory-devhowto-appsource-certified/partner-led-trial-step3.png" width="85%"/><ul><li>User accesses your application and complete the single-sign-on process</li></ul></td>
+    <td valign="top" width="33%">5.<br/><img src="media/active-directory-devhowto-appsource-certified/partner-led-trial-step4.png" width="85%"/><ul><li>User gives consent for your application</li></ul></td>
+    <td valign="top" width="33%">6.<br/><img src="media/active-directory-devhowto-appsource-certified/customer-led-trial-step5.png" width="85%"/><ul><li>Sign-in completes and user is redirected back to your web site</li><li>User starts the free trial</li></ul></td>
+
+</tr>
+</table>
+
+### More information
+For more information about the AppSource trial experience, see [this video](https://aka.ms/trialexperienceforwebapps). 
+
+## Next Steps
+
+- For more information on building applications that support Azure Active Directory sign-ins, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/active-directory-authentication-scenarios) 
+
+- For information on how to list your SaaS application in AppSource, go see [AppSource Partner Information](https://appsource.microsoft.com/partners)
+
+
+## Get Support
+For Azure Active Directory integration, we use [Stack Overflow](http://stackoverflow.com/questions/tagged/azure-active-directory) with the community to provide support. 
+
+We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with `[azure-active-directory]`.
+
+Use the following comments section to provide feedback and help us refine and shape our content.
 
 <!--Reference style links -->
 [AAD-Auth-Scenarios]: ./active-directory-authentication-scenarios.md
@@ -45,4 +120,4 @@ Please use the Disqus comments section following this article to provide feedbac
 [AAD-QuickStart-Web-Apps]: ./active-directory-developers-guide.md#get-started
 
 
-<!--Image references-->
+<!--Image references-->