Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into swa/byo-afd

Author: craigshoemaker

.github/workflows/stale.yml

@@ -18,7 +18,7 @@ jobs:
         stale-pr-label: inactive
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
-        operations-per-run: 1200
+        operations-per-run: 1300
         ascending: false
         # start-date: '2021-03-19'
         stale-pr-message: >

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/virtual-machines/linux/login-using-aad.md",
+      "redirect_url": "/previous-versions/azure/virtual-machines/linux/login-using-aad",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/machine-learning/classic/ai-gallery-control-personal-data-dsr.md",
       "redirect_url": "/previous-versions/azure/machine-learning/classic/ai-gallery-control-personal-data-dsr",
@@ -2458,6 +2463,16 @@
       "redirect_url": "/azure/machine-learning/reference-yaml-overview.md",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/machine-learning/tutorial-train-models-with-aml.md",
+      "redirect_url": "/azure/machine-learning/tutorial-train-deploy-notebook",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/tutorial-deploy-models-with-aml.md",
+      "redirect_url": "/azure/machine-learning/tutorial-train-deploy-notebook",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/machine-learning/how-to-create-labeling-projects.md",
       "redirect_url": "/azure/machine-learning/how-to-create-image-labeling-projects",
@@ -34393,6 +34408,11 @@
       "redirect_url": "https://azure.microsoft.com/blog/dear-documentdb-customers-welcome-to-azure-cosmos-db/",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/documentdb/sql-query-operators.md",
+      "redirect_url": "sql-query-logical-operators",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/search/search-case-studies.md",
       "redirect_url": "https://azure.microsoft.com/case-studies",
@@ -41748,6 +41768,86 @@
       "redirect_url": "/azure/cognitive-services/Content-Moderator/encrypt-data-at-rest",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/ecommerce-retail-catalog-moderation.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/facebook-post-moderation.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/moderation-jobs-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/quick-start.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/review-api.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/try-review-api-job.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/try-review-api-workflow.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/video-moderation-human-review.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/video-reviews-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/video-transcript-reviews-quickstart-dotnet.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Configure.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/human-in-the-loop.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Review-Moderated-Images.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/Review-Tool-User-Guide/Workflows.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/try-review-api-review.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Content-Moderator/whats-new.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/cognitive-services/Custom-Vision-Service/custom-vision-encryption-of-data-at-rest.md",
       "redirect_url": "/azure/cognitive-services/Custom-Vision-Service/encrypt-data-at-rest",
@@ -45049,4 +45149,4 @@
       "redirect_document_id": false
     }
   ]
-}
+}

articles/active-directory-b2c/access-tokens.md

@@ -60,11 +60,11 @@ If the **response_type** parameter in an `/authorize` request includes `token`,
 
 ## Request a token
 
-To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code. Custom domains are not supported for use with access tokens. Use your tenant-name.onmicrosoft.com domain in the request URL.
+To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code.
 
 In the following example, you replace these values in the query string:
 
-- `<tenant-name>` - The name of your Azure AD B2C tenant.
+- `<tenant-name>` - The name of your [Azure AD B2C tenant](tenant-management.md#get-your-tenant-name). If you're using a custom domain, replace `tenant-name.b2clogin.com` with your domain, such as `contoso.com`. 
 - `<policy-name>` - The name of your custom policy or user flow.
 - `<application-ID>` - The application identifier of the web application that you registered to support the user flow.
 - `<application-ID-URI>` - The application identifier URI that you set under **Expose an API** blade of the client application.

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/12/2021
+ms.date: 1/11/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -133,8 +133,30 @@ The following table lists the [OAuth2 identity provider](oauth2-technical-profil
 
 | Claim | Description | Example |
 | ----- | ----------------------- | --------|
-| {oauth2:access_token} | The access token. | N/A |
-| {oauth2:refresh_token} | The refresh token. | N/A |
+| {oauth2:access_token} | The OAuth2 identity provider access token. The `access_token` attribute. | `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni...` |
+| {oauth2:token_type}   | The type of the access token. The `token_type` attribute. | Bearer  |
+| {oauth2:expires_in}   | The length of time that the access token is valid in seconds. The `expires_in` attribute. The output claim [DataType](claimsschema.md#datatype) must be `int` or `long`. | 960000 |
+| {oauth2:refresh_token} | The OAuth2 identity provider refresh token. The `refresh_token` attribute. | `eyJraWQiOiJacW9pQlp2TW5pYVc2MUY...` |
+
+To use the OAuth2 identity provider claim resolvers, set the output claim's `PartnerClaimType` attribute to the claim resolver.  The following example demonstrates how the get the external identity provider claims:
+
+```xml
+<ClaimsProvider>
+  <DisplayName>Contoso</DisplayName>
+  <TechnicalProfiles>
+    <TechnicalProfile Id="Contoso-OAUTH">
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessTokenType" PartnerClaimType="{oauth2:token_type}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessTokenExpiresIn" PartnerClaimType="{oauth2:expires_in}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderRefreshToken" PartnerClaimType="{oauth2:refresh_token}" />
+      </OutputClaims>
+      ...
+    </TechnicalProfile>
+  </TechnicalProfiles>
+</ClaimsProvider>
+```
+
 
 ## Using claim resolvers
 

articles/active-directory-b2c/manage-user-access.md

@@ -135,11 +135,11 @@ When you develop your application, you ordinarily capture users' acceptance of t
 
 The following steps describe how you can manage terms of use:
 
-1. Record the acceptance of the terms of use and the date of acceptance by using the Graph API and extended attributes. You can do so by using both built-in and custom user flows. We recommend that you create and use the **extension_termsOfUseConsentDateTime** and **extension_termsOfUseConsentVersion** attributes.
+1. Record the acceptance of the terms of use and the date of acceptance by using the Graph API and extended attributes. You can do so by using both built-in user flows and custom policies. We recommend that you create and use the **extension_termsOfUseConsentDateTime** and **extension_termsOfUseConsentVersion** attributes.
 
-2. Create a required check box labeled "Accept Terms of Use," and record the result during sign-up. You can do so by using both built-in and custom user flows.
+2. Create a required check box labeled "Accept Terms of Use," and record the result during sign-up. You can do so by using both built-in user flows and custom policies.
 
-3. Azure AD B2C stores the terms of use agreement and the user's acceptance. You can use the Graph API to query for the status of any user by reading the extension attribute that's used to record the response (for example, read **termsOfUseTestUpdateDateTime**). You can do so by using both built-in and custom user flows.
+3. Azure AD B2C stores the terms of use agreement and the user's acceptance. You can use the Graph API to query for the status of any user by reading the extension attribute that's used to record the response (for example, read **termsOfUseTestUpdateDateTime**). You can do so by using both built-in user flows and custom policies.
 
 4. Require acceptance of updated terms of use by comparing the date of acceptance to the date of the latest version of the terms of use. You can compare the dates only by using a custom user flow. Use the extended attribute **extension_termsOfUseConsentDateTime**, and compare the value to the claim of **termsOfUseTextUpdateDateTime**. If the acceptance is old, force a new acceptance by displaying a self-asserted screen. Otherwise, block access by using policy logic.
 

articles/active-directory-b2c/saml-identity-provider-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/20/2021
+ms.date: 01/11/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -166,6 +166,7 @@ The **OutputClaimsTransformations** element may contain a collection of **Output
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 |SingleLogoutEnabled| No| Indicates whether during sign-in the technical profile attempts to sign out from federated identity providers. For more information, see [Azure AD B2C session sign-out](session-behavior.md#sign-out).  Possible values: `true` (default), or `false`.|
 |ForceAuthN| No| Passes the ForceAuthN value in the SAML authentication request to determine if the external SAML IDP will be forced to prompt the user for authentication. By default, Azure AD B2C sets the ForceAuthN value to false on initial login. If the session is then reset (for example by using the `prompt=login` in OIDC) then the ForceAuthN value will be set to `true`. Setting the metadata item as shown below will force the value for all requests to the external IDP.  Possible values: `true` or `false`.|
+|ProviderName| No| Passes the ProviderName value in the SAML authentication request.|
 
 
 ## Cryptographic keys

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -52,7 +52,7 @@ You learn how to register an application in the next tutorial.
 
         ![Directories + subscriptions with Switch button](media/tutorial-create-tenant/switch-directory.png)
 
-1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription your're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
+1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription you're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
 
     1. On the Azure portal, search for and select **Subscriptions**.
     2. Select your subscription, and then in the left menu, select **Resource providers**. If you don't see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to expand it.

articles/active-directory-b2c/user-profile-attributes.md

@@ -166,7 +166,7 @@ In user migration scenarios, if the accounts you want to migrate have weaker pas
 
 ## MFA phone number attribute
 
-When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
+When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
 
 In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number is available through `strongAuthenticationPhoneNumber` claim type.
 

articles/active-directory-domain-services/network-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/12/2021
+ms.date: 01/06/2022
 ms.author: justinha
 
 ---
@@ -85,7 +85,9 @@ You can enable name resolution using conditional DNS forwarders on the DNS serve
 
 ## Network resources used by Azure AD DS
 
-A managed domain creates some networking resources during deployment. These resources are needed for successful operation and management of the managed domain, and shouldn't be manually configured.
+A managed domain creates some networking resources during deployment. These resources are needed for successful operation and management of the managed domain, and shouldn't be manually configured. 
+
+Don't lock the networking resources used by Azure AD DS. If networking resources get locked, they can't be deleted. When domain controllers need to be rebuilt in that case, new networking resources with different IP addresses need to be created. 
 
 | Azure resource                          | Description |
 |:----------------------------------------|:---|