Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-fresh

Author: HeidiSteen

.github/workflows/stale.yml

@@ -19,7 +19,8 @@ jobs:
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
         operations-per-run: 1200
-        ascending: false
+        ascending: true
+        start-date: '2021-04-12' 
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.active-directory.json

@@ -19,6 +19,11 @@
         "source_path_from_root": "/articles/active-directory/develop/active-directory-v2-registration-portal.md",
         "redirect_url": "/azure/active-directory/develop/quickstart-register-app",
         "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/articles/active-directory/manage-apps/access-panel-manage-self-service-access.md",
+        "redirect_url": "/azure/active-directory/manage-apps/manage-self-service-access",
+        "redirect_document_id": false
       }
     ]
 }

.openpublishing.redirection.healthcare-apis.json

@@ -177,11 +177,6 @@
         "redirect_url": "/azure/healthcare-apis/fhir/register-service-azure-ad-client-app",
         "redirect_document_id": true
     },
-    {
-        "source_path_from_root": "/articles/healthcare-apis/security-controls-policy.md",
-        "redirect_url": "/azure/healthcare-apis/fhir/security-controls-policy",
-        "redirect_document_id": true
-    },
     {
         "source_path_from_root": "/articles/healthcare-apis/tutorial-web-app-fhir-server.md",
         "redirect_url": "/azure/healthcare-apis/fhir/tutorial-web-app-fhir-server",
@@ -334,7 +329,7 @@
     },
     {
         "source_path_from_root": "/articles/healthcare-apis/fhir/partner-ecosystem.md",
-        "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/partner-ecosystem",
+        "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir/fhir-features-supported",
         "redirect_document_id": true
     },
     {
@@ -456,6 +451,11 @@
         "source_path_from_root": "/articles/healthcare-apis/azure-api-for-fhir/access-fhir-postman-tutorial.md",
         "redirect_url": "/azure/healthcare-apis/use-postman",
         "redirect_document_id": true
-    }
+    },
+    {
+        "source_path_from_root": "/articles/healthcare-apis/fhir/security-controls-policy.md",
+        "redirect_url": "/azure/healthcare-apis/security-controls-policy",
+        "redirect_document_id": true
+    },
   ]
 }

.openpublishing.redirection.json

@@ -49,6 +49,12 @@
             "source_path_from_root": "/articles/synapse-analytics/sql/develop-best-practices.md",
             "redirect_url": "/azure/synapse-analytics/sql/best-practices-dedicated-sql-pool",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/synapse-analytics/sql-data-warehouse/sql-data-warehouse-best-practices-development.md",
+            "redirect_url": "/azure/synapse-analytics/sql/best-practices-dedicated-sql-pool",
+            "redirect_document_id": false
         }
     ]
 }
+

.openpublishing.redirection.synapse-analytics.json

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/06/2020
+ms.date: 10/01/2021
 ms.author: vigunase
 ms.subservice: B2C
 ---

articles/active-directory-b2c/best-practices.md

@@ -16,13 +16,13 @@ ms.subservice: B2C
 
 # Single-page sign in using the OAuth 2.0 implicit flow in Azure Active Directory B2C
 
-Many modern applications have a single-page app front end that is written primarily in JavaScript. Often, the app is written by using a framework like React, Angular, or Vue.js. Single-page apps and other JavaScript apps that run primarily in a browser have some additional challenges for authentication:
+Many modern applications have a single-page app (SPA) front end that is written primarily in JavaScript. Often, the app is written by using a framework like React, Angular, or Vue.js. SPAs and other JavaScript apps that run primarily in a browser have some additional challenges for authentication:
 
 - The security characteristics of these apps are different from traditional server-based web applications.
 - Many authorization servers and identity providers do not support cross-origin resource sharing (CORS) requests.
 - Full-page browser redirects away from the app can be invasive to the user experience.
 
-The recommended way of supporting single-page applications is [OAuth 2.0 Authorization code flow (with PKCE)](./authorization-code-flow.md).
+The recommended way of supporting SPAs is [OAuth 2.0 Authorization code flow (with PKCE)](./authorization-code-flow.md).
 
 Some frameworks, like [MSAL.js 1.x](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-core), only support the implicit grant flow. In these cases, Azure Active Directory B2C (Azure AD B2C) supports the OAuth 2.0 authorization implicit grant flow. The flow is described in [section 4.2 of the OAuth 2.0 specification](https://tools.ietf.org/html/rfc6749). In implicit flow, the app receives tokens directly from the Azure Active Directory (Azure AD) authorize endpoint, without any server-to-server exchange. All authentication logic and session handling is done entirely in the JavaScript client with either a page redirect or a pop-up box.
 
@@ -64,7 +64,7 @@ client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
 
 At this point, the user is asked to complete the policy's workflow. The user might have to enter their username and password, sign in with a social identity, sign up for the directory, or any other number of steps. User actions depend on how the user flow is defined.
 
-After the user completes the user flow, Azure AD returns a response to your app at the value you used for `redirect_uri`. It uses the method specified in the `response_mode` parameter. The response is exactly the same for each of the user action scenarios, independent of the user flow that was executed.
+After the user completes the user flow, Azure AD B2C returns a response to your app at the value you used for `redirect_uri`. It uses the method specified in the `response_mode` parameter. The response is exactly the same for each of the user action scenarios, independent of the user flow that was executed.
 
 ### Successful response
 A successful response that uses `response_mode=fragment` and `response_type=id_token+token` looks like the following, with line breaks for legibility:
@@ -122,7 +122,9 @@ One of the properties of this configuration document is the `jwks_uri`. The valu
 https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_sign_in/discovery/v2.0/keys
 ```
 
-To determine which user flow was used to sign an ID token (and where to fetch the metadata from), you have two options. First, the user flow name is included in the `acr` claim in `id_token`. For information about how to parse the claims from an ID token, see the [Azure AD B2C token reference](tokens-overview.md). Your other option is to encode the user flow in the value of the `state` parameter when you issue the request. Then, decode the `state` parameter to determine which user flow was used. Either method is valid.
+To determine which user flow was used to sign an ID token (and where to fetch the metadata from), you have two options:
+-  The user flow name is included in the `acr` claim in `id_token`. For information about how to parse the claims from an ID token, see the [Azure AD B2C token reference](tokens-overview.md). 
+- Encode the user flow in the value of the `state` parameter when you issue the request. Then, decode the `state` parameter to determine which user flow was used. Either method is valid.
 
 After you've acquired the metadata document from the OpenID Connect metadata endpoint, you can use the RSA-256 public keys (located at this endpoint) to validate the signature of the ID token. There might be multiple keys listed at this endpoint at any given time, each identified by a `kid`. The header of `id_token` also contains a `kid` claim. It indicates which of these keys was used to sign the ID token. For more information, including learning about [validating tokens](tokens-overview.md), see the [Azure AD B2C token reference](tokens-overview.md).
 <!--TODO: Improve the information on this-->
@@ -146,7 +148,7 @@ After you have validated the ID token, you can begin a session with the user. In
 ## Get access tokens
 If the only thing your web apps needs to do is execute user flows, you can skip the next few sections. The information in the following sections is applicable only to web apps that need to make authenticated calls to a web API, and which are protected by Azure AD B2C.
 
-Now that you've signed the user into your single-page app, you can get access tokens for calling web APIs that are secured by Azure AD. Even if you have already received a token by using the `token` response type, you can use this method to acquire tokens for additional resources without redirecting the user to sign in again.
+Now that you've signed the user into your SPA, you can get access tokens for calling web APIs that are secured by Azure AD. Even if you have already received a token by using the `token` response type, you can use this method to acquire tokens for additional resources without redirecting the user to sign in again.
 
 In a typical web app flow, you would make a request to the `/token` endpoint. However, the endpoint does not support CORS requests, so making AJAX calls to get a refresh token is not an option. Instead, you can use the implicit flow in a hidden HTML iframe element to get new tokens for other web APIs. Here's an example, with line breaks for legibility:
 
@@ -241,4 +243,4 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 
 ## Next steps
 
-See the code sample: [Sign-in with Azure AD B2C in a JavaScript single-page application](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-core-samples/VanillaJSTestApp/app/b2c).
+See the code sample: [Sign-in with Azure AD B2C in a JavaScript SPA](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-core-samples/VanillaJSTestApp/app/b2c).

articles/active-directory-b2c/implicit-flow-single-page-application.md

@@ -24,7 +24,7 @@ The **Localization** element enables you to support multiple locales or language
 The following IDs are used for a content definition with an ID of `api.signuporsignin`, and [self-asserted technical profile](self-asserted-technical-profile.md).
 
 | ID | Default value | Page Layout Version |
-| -- | ------------- | ------ |
+| --- | ------------- | ------ |
 | **forgotpassword_link** | Forgot your password? | `All` |
 | **createaccount_intro** | Don't have an account? | `All` |
 | **button_signin** | Sign in | `All` |
@@ -92,7 +92,7 @@ The following example localizes the Facebook identity provider to Arabic:
 ### Sign-up or sign-in error messages
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **UserMessageIfInvalidPassword** | Your password is incorrect. |
 | **UserMessageIfPasswordExpired**| Your password has expired.|
 | **UserMessageIfClaimsPrincipalDoesNotExist** | We can't seem to find your account. |
@@ -142,7 +142,7 @@ The following example localizes the Facebook identity provider to Arabic:
 The following are the IDs for a content definition with an ID of `api.localaccountsignup` or any content definition that starts with `api.selfasserted`, such as `api.selfasserted.profileupdate` and `api.localaccountpasswordreset`, and [self-asserted technical profile](self-asserted-technical-profile.md).
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **ver_sent** | Verification code has been sent to: |
 | **ver_but_default** | Default |
 | **cancel_message** | The user has canceled entering self-asserted information |
@@ -181,7 +181,7 @@ The following are the IDs for a content definition with an ID of `api.localaccou
 ### Sign-up and self-asserted pages error messages
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 | **UserMessageIfClaimsPrincipalAlreadyExists** | A user with the specified ID already exists. Please choose a different one. |
 | **UserMessageIfClaimNotVerified** | Claim not verified: {0} |
 | **UserMessageIfIncorrectPattern** | Incorrect pattern for: {0} |
@@ -255,7 +255,7 @@ The following example shows the use of some of the user interface elements in th
 The Following are the IDs for a content definition with an ID of `api.phonefactor`, and [phone factor technical profile](phone-factor-technical-profile.md).
 
 | ID | Default value | Page Layout Version |
-| -- | ------------- | ------ |
+| --- | ------------- | ------ |
 | **button_verify** | Call Me | `All` |
 | **country_code_label** | Country Code | `All` |
 | **cancel_message** | The user has canceled multi-factor authentication | `All` |
@@ -279,7 +279,7 @@ The Following are the IDs for a content definition with an ID of `api.phonefacto
 | **invalid_number** | Please enter a valid phone number | `All` |
 | **intro_sms** | We have the following number on record for you. We will send a code via SMS to authenticate you. | `All` |
 | **intro_entry_mixed** | Enter a number below that we can send a code via SMS or phone to authenticate you. | `All` |
-| **number_pattern** | ^\\+(?:[0-9][\\x20-]?){6,14}[0-9]$ | `All` |
+| **number_pattern** | `^\\+(?:[0-9][\\x20-]?){6,14}[0-9]$` | `All` |
 | **intro_sms_p** |We have the following numbers on record for you. Choose a number that we can send a code via SMS to authenticate you. | `All` |
 | **requiredField_countryCode** | Please select your country code | `All` |
 | **requiredField_number** | Please enter your phone number | `All` |
@@ -357,7 +357,7 @@ The following example shows the use of some of the user interface elements in th
 The following are the IDs for a [Verification display control](display-control-verification.md) with [page layout version](page-layout.md) 2.1.0 or higher.
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |intro_msg <sup>*</sup>| Verification is necessary. Please click Send button.|
 |success_send_code_msg | Verification code has been sent. Please copy it to the input box below.|
 |failure_send_code_msg | We are having trouble verifying your email address. Please enter a valid email address and try again.|
@@ -398,7 +398,7 @@ Note: The `intro_msg` element is hidden, and not shown on the self-asserted page
 The following are the IDs for a [Verification display control](display-control-verification.md) with [page layout version](page-layout.md) 2.0.0.
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |verification_control_but_change_claims |Change |
 |verification_control_fail_send_code |Failed to send the code, please try again later. |
 |verification_control_fail_verify_code |Failed to verify the code, please try again later. |
@@ -428,7 +428,7 @@ The following are the IDs for a [Verification display control](display-control-v
 The following are the IDs for [Restful service technical profile](restful-technical-profile.md) error messages:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |DefaultUserMessageIfRequestFailed | Failed to establish connection to restful service end point. Restful service URL: {0} |
 |UserMessageIfCircuitOpen | {0} Restful Service URL: {1} |
 |UserMessageIfDnsResolutionFailed | Failed to resolve the hostname of the restful service endpoint. Restful service URL: {0} |
@@ -453,7 +453,7 @@ The following are the IDs for [Restful service technical profile](restful-techni
 The following are the IDs for an [Azure AD MFA technical profile](multi-factor-auth-technical-profile.md) error message:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |UserMessageIfCouldntSendSms | Cannot Send SMS to the phone, please try another phone number. |
 |UserMessageIfInvalidFormat | Your phone number is not in a valid format, please correct it and try again.|
 |UserMessageIfMaxAllowedCodeRetryReached | Wrong code entered too many times, please try again later.|
@@ -481,7 +481,7 @@ The following are the IDs for an [Azure AD MFA technical profile](multi-factor-a
 The following are the IDs for [Azure AD SSPR technical profile](aad-sspr-technical-profile.md) error messages:
 
 | ID | Default value |
-| -- | ------------- |
+| --- | ------------- |
 |UserMessageIfChallengeExpired | The code has expired.|
 |UserMessageIfInternalError | The email service has encountered an internal error, please try again later.|
 |UserMessageIfThrottled | You have sent too many requests, please try again later.|
@@ -507,8 +507,8 @@ The following are the IDs for [Azure AD SSPR technical profile](aad-sspr-technic
 
 The following are the IDs for a [one-time password technical profile](one-time-password-technical-profile.md) error messages
 
-| ID | Default value |
-| -- | ------------- |
+| ID | Default value | Description | 
+| --- | ------------- | ----------- |
 | UserMessageIfSessionDoesNotExist | No | The message to display to the user if the code verification session has expired. It is either the code has expired or the code has never been generated for a given identifier. |
 | UserMessageIfMaxRetryAttempted | No | The message to display to the user if they've exceeded the maximum allowed verification attempts. |
 | UserMessageIfMaxNumberOfCodeGenerated | No | The message to display to the user if the code generation has exceeded the maximum allowed number of attempts. |
@@ -536,7 +536,7 @@ The following are the IDs for a [one-time password technical profile](one-time-p
 The following are the IDs for claims transformations error messages:
 
 | ID | Claims transformation | Default value |
-| -- | ------------- |------------- |
+| --- | ------------- |------------- |
 |UserMessageIfClaimsTransformationBooleanValueIsNotEqual |[AssertBooleanClaimIsEqualToValue](boolean-transformations.md#assertbooleanclaimisequaltovalue) | Boolean claim value comparison failed for claim type "inputClaim".| 
 |DateTimeGreaterThan |[AssertDateTimeIsGreaterThan](date-transformations.md#assertdatetimeisgreaterthan) | Claim value comparison failed: The provided left operand is greater than the right operand.|
 |UserMessageIfClaimsTransformationStringsAreNotEqual |[AssertStringClaimsAreEqual](string-transformations.md#assertstringclaimsareequal) | Claim value comparison failed using StringComparison "OrdinalIgnoreCase".|