Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into tamram22-0223

Author: tamram

.openpublishing.publish.config.json

@@ -75,6 +75,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "azure_storage-snippets",
+      "url": "https://github.com/Azure-Samples/AzureStorageSnippets",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azure_cli_scripts",
       "url": "https://github.com/Azure-Samples/azure-cli-samples",
@@ -885,6 +891,7 @@
     "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json",
     "articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json",
     "articles/mysql/.openpublishing.redirection.mysql.json",
-    "articles/container-apps/.openpublishing.redirection.container-apps.json"
+    "articles/container-apps/.openpublishing.redirection.container-apps.json",
+    "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json"
   ]
 }

.openpublishing.redirection.json

@@ -2,27 +2,29 @@
 
 Thank you for taking the time to contribute to the Microsoft Azure documentation.
 
-This guide covers some general topics related to contribution and refers to the [contributors guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
+This guide covers some general topics related to contribution and refers to the [contributor guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
 
 ## Code of Conduct
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/), or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
+
+For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
 
 ## How can I contribute?
 
-There are many ways to contribute to the documentation, review the sections below to find out which one is right for you.
+There are many ways to contribute to the documentation. Review the following sections to find out which one is right for you.
 
-### Reporting Bugs and Suggesting Enhancements
+### Reporting bugs and suggesting enhancements
 
 Please use the Feedback tool at the bottom of any article to submit bugs and suggestions.
 
 ![Feedback Tool](media/feedback-tool.png)
 
 ### Editing in GitHub
 
-Follow the guidance for [Quick edits to existing documents](/contribute/#quick-edits-to-existing-documents) in our contributors guide.
+Follow the guidance for [Quick edits to existing documents](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) in our contributor guide.
+
+### Pull requests
 
-### Pull Request
+Review the guidance for [pull requests](https://docs.microsoft.com/contribute/how-to-write-workflows-major#pull-request-processing) and the contribution workflow in our contributor guide.
 
-Review the guidance for [Pull Requests](/contribute/how-to-write-workflows-major#pull-request-processing) in our contributors guide.

CONTRIBUTING.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/21/2021
+ms.date: 02/25/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -167,7 +167,7 @@ To obtain the values, look at the OpenID Connect discovery metadata for each of
 
 Perform these steps for each Azure AD tenant that should be used to sign in:
 
-1. Open your browser and go to the OpenID Connect metadata URL for the tenant. Find the **issuer** object and record its value. It should look similar to `https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/.well-known/openid-configuration`.
+1. Open your browser and go to the OpenID Connect metadata URL for the tenant. Find the `issuer` object and record its value. It should look similar to `https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0`.
 1. Copy and paste the value into the **ValidTokenIssuerPrefixes** key. Separate multiple issuers with a comma. An example with two issuers appears in the previous `ClaimsProvider` XML sample.
 
 [!INCLUDE [active-directory-b2c-add-identity-provider-to-user-journey](../../includes/active-directory-b2c-add-identity-provider-to-user-journey.md)]

articles/active-directory-b2c/identity-provider-azure-ad-multi-tenant.md

@@ -9,14 +9,14 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 01/25/2022
+ms.date: 02/25/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
 
 # Define an OAuth2 custom error technical profile in an Azure Active Directory B2C custom policy
 
-This article describes how to handle an OAuth2 custom error with Azure Active Directory B2C (Azure AD B2C). Use this technical profile if something logic goes wrong within your policy. The technical profile returns error to your OAuth2 or OpenId Connect relying party application.
+This article describes how to handle an OAuth2 custom error with Azure Active Directory B2C (Azure AD B2C). Use this technical profile if something logic goes wrong within your policy. The technical profile returns error to your OAuth2 or OpenId Connect relying party application. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/technical-profiles/oauth2-error) of the OAuth2 custom error technical profile. 
 
 To handle custom OAuth2 error message:
 
@@ -89,7 +89,7 @@ The CryptographicKeys element contains the following key:
 
 ## Invoke the technical profile
 
-You can call the OAuth2 error technical profile from a user journey, or sub journey. Set the [orchestration step](userjourneys.md#orchestrationsteps) type to `SendClaims` with a reference to your OAuth2 error technical profile.
+You can call the OAuth2 error technical profile from a [user journey](userjourneys.md), or [sub journey](subjourneys.md) (type of `transfer`). Set the [orchestration step](userjourneys.md#orchestrationsteps) type to `SendClaims` with a reference to your OAuth2 error technical profile.
 
 If your user journey or sub journey already has another `SendClaims` orchestration step, set the `DefaultCpimIssuerTechnicalProfileReferenceId` attribute to the token issuer technical profile.
 

articles/active-directory-b2c/oauth2-error-technical-profile.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 11/30/2021
+ms.date: 02/25/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -79,11 +79,12 @@ You can configure the Azure AD B2C session behavior, including:
   - **Application** - This setting allows you to maintain a user session exclusively for an application, independent of other applications. For example, you can use this setting if you want the user to sign in to Contoso Pharmacy regardless of whether the user is already signed into Contoso Groceries.
   - **Policy** - This setting allows you to maintain a user session exclusively for a user flow, independent of the applications using it. For example, if the user has already signed in and completed a multi-factor authentication (MFA) step, the user can be given access to higher-security parts of multiple applications, as long as the session tied to the user flow doesn't expire.
   - **Suppressed** - This setting forces the user to run through the entire user flow upon every execution of the policy.
-- **Keep me signed in (KMSI)** - Extends the session lifetime through the use of a persistent cookie. If this feature is enabled and the user selects it, the session remains active even after the user closes and reopens the browser. The session is revoked only when the user signs out. The KMSI feature only applies to sign-in with local accounts. The KMSI feature takes precedence over the session lifetime.
 
 ::: zone pivot="b2c-user-flow"
 
-To configure the session behavior:
+### Configure the user flow
+
+To configure the session behavior in your user flow, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
@@ -99,15 +100,49 @@ To configure the session behavior:
 
 ::: zone pivot="b2c-custom-policy"
 
-To change your session behavior and SSO configurations, you add a **UserJourneyBehaviors** element inside of the [RelyingParty](relyingparty.md) element.  The **UserJourneyBehaviors** element must immediately follow the **DefaultUserJourney**. Your **UserJourneyBehavors** element should look like this example:
+### Configure the custom policy
+
+To configure the session behavior in your custom policy, follow these steps:
+
+1. Open the relying party (RP) file, for example *SignUpOrSignin.xml*
+1. If it doesn't already exist, add the following `<UserJourneyBehaviors>` element to the `<RelyingParty>` element. It must be located immediately after `<DefaultUserJourney ReferenceId="UserJourney Id"/>`.
+
+    ```xml
+    <UserJourneyBehaviors>
+      <SingleSignOn Scope="Application" />
+      <SessionExpiryType>Absolute</SessionExpiryType>
+      <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
+    </UserJourneyBehaviors>
+    ```
+    
+    After you add the user journey behavior elements, the `RelyingParty` element should look like the following example:
+    
+    ```xml
+    <RelyingParty>
+      <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
+      <UserJourneyBehaviors>
+        <SingleSignOn Scope="Application" />
+        <SessionExpiryType>Absolute</SessionExpiryType>
+        <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
+      </UserJourneyBehaviors>
+      <TechnicalProfile Id="PolicyProfile">
+        <DisplayName>PolicyProfile</DisplayName>
+        <Protocol Name="OpenIdConnect" />
+        <OutputClaims>
+          <OutputClaim ClaimTypeReferenceId="displayName" />
+          <OutputClaim ClaimTypeReferenceId="givenName" />
+          ...
+        </OutputClaims>
+        <SubjectNamingInfo ClaimType="sub" />
+      </TechnicalProfile>
+    </RelyingParty>
+    ```
+    
+
+1. Change the value of the `Scope` attribute to one of the possible value: `Suppressed`, `Tenant`, `Application`, or `Policy`. For more information, check out the [RelyingParty](relyingparty.md) reference article.
+1. Set the `SessionExpiryType` element to `Rolling` or `Absolute`. For more information, check out the [RelyingParty](relyingparty.md) reference article.
+1. Set the `SessionExpiryInSeconds` element to a numeric value  between 900 seconds (15 minutes) and 86,400 seconds(24 hours). For more information, check out the [RelyingParty](relyingparty.md) reference article.
 
-```xml
-<UserJourneyBehaviors>
-   <SingleSignOn Scope="Application" />
-   <SessionExpiryType>Absolute</SessionExpiryType>
-   <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
-</UserJourneyBehaviors>
-```
 ::: zone-end
 
 ## Enable Keep me signed in (KMSI)

articles/active-directory-b2c/session-behavior.md

@@ -111,6 +111,7 @@ To delete a replica set, complete the following steps:
 1. Choose your managed domain, such as *aaddscontoso.com*.
 1. On the left-hand side, select **Replica sets**. From the list of replica sets, select the **...** context menu next to the replica set you want to delete.
 1. Select **Delete** from the context menu, then confirm you want to delete the replica set.
+1. In the Azure ADDS management VM, access the DNS console and manually delete DNS records for the domain controllers from the deleted replica set.
 
 > [!NOTE]
 > Replica set deletion may be a time-consuming operation.

articles/active-directory-domain-services/tutorial-create-replica-set.md

@@ -49,7 +49,7 @@ Let's cover each step:
 
    :::image type="content" border="true" source="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-alt.png" alt-text="Screenshot of the Sign-in if FIDO2 is also enabled.":::
 
-1. After the user clicks the link, the client is redirected to the certauth endpoint, which is [https://certauth.login.microsoftonline.com](https://certauth.login.microsoftonline.com) for Azure Global. For [Azure Government](/azure-government/compare-azure-government-global-azure.md#guidance-for-developers), the certauth endpoint is [https://certauth.login.microsoftonline.us](https://certauth.login.microsoftonline.us). For the correct endpoint for other environments, see the specific Microsoft cloud docs. 
+1. After the user clicks the link, the client is redirected to the certauth endpoint, which is [https://certauth.login.microsoftonline.com](https://certauth.login.microsoftonline.com) for Azure Global. For [Azure Government](/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers), the certauth endpoint is [https://certauth.login.microsoftonline.us](https://certauth.login.microsoftonline.us). For the correct endpoint for other environments, see the specific Microsoft cloud docs. 
 
    The endpoint performs mutual authentication and requests the client certificate as part of the TLS handshake. You will see an entry for this request in the Sign-in logs. There is a [known issue](#known-issues) where User ID is displayed instead of Username.
 
@@ -236,4 +236,3 @@ For the next test scenario, configure the authentication policy where the Issuer
 - [How to configure Azure AD CBA](how-to-certificate-based-authentication.md)
 - [FAQ](certificate-based-authentication-faq.yml)
 - [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
-

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Enable passwordless security key sign-in to on-premises resources by using Azure AD 
 
-This document discusses how to enable passwordless authentication to on-premises resources for environments with both *Azure Active Directory (Azure AD)-joined* and *hybrid Azure AD-joined* Windows 10 devices. This passwordless authentication functionality provides seamless single sign-on (SSO) to on-premises resources when you use Microsoft-compatible security keys, or with [Windows Hello for Business Cloud trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md)
+This document discusses how to enable passwordless authentication to on-premises resources for environments with both *Azure Active Directory (Azure AD)-joined* and *hybrid Azure AD-joined* Windows 10 devices. This passwordless authentication functionality provides seamless single sign-on (SSO) to on-premises resources when you use Microsoft-compatible security keys, or with [Windows Hello for Business Cloud trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust)
 
 ## Use SSO to sign in to on-premises resources by using FIDO2 keys
 

articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md

@@ -146,11 +146,11 @@
     items:
     - name: Troubleshoot issues
       href: cloudknox-troubleshoot.md
-  #- name: Training material
-    #expanded: false
-    #items:
-    #- name: Get started with CloudKnox training videos
-      #href: cloudknox-training-videos.md
+  - name: Training videos
+    expanded: false
+    items:
+    - name: Get started with CloudKnox training videos
+      href: cloudknox-training-videos.md
   - name: Reference
     expanded: false
     items: