Merge branch 'patch-29' of https://github.com/batamig/azure-docs-pr; branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into patch-29

Author: batamig

.openpublishing.publish.config.json

@@ -639,6 +639,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "sample-active-directory-aspnetcore-webapp-openidconnect-v2",
+      "url": "https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2",
+      "branch": "aspnetcore3-1",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "cognitive-services-content-moderator-samples",
       "url": "https://github.com/Azure-Samples/cognitive-services-content-moderator-samples",

.openpublishing.redirection.json

@@ -386,11 +386,6 @@
         "redirect_url": "/security/benchmark/azure/baselines/batch-security-baseline",
         "redirect_document_id": false
     },
-    {
-        "source_path_from_root": "/articles/cloud-services/security-baseline.md",
-        "redirect_url": "/security/benchmark/azure/baselines/cloud-services-security-baseline",
-        "redirect_document_id": false
-    },
     {
         "source_path_from_root": "/articles/cloud-shell/security-baseline.md",
         "redirect_url": "/security/benchmark/azure/baselines/cloud-shell-security-baseline",

.openpublishing.redirection.security-benchmark.json

@@ -45,7 +45,7 @@ articles/synapse-analytics/sql-data-warehouse/ @anumjs @ronortloff @julieMSFT
 articles/synapse-analytics/synapse-link/ @Rodrigossz @SnehaGunda @jovanpop-msft
 
 # Cognitive Services
-articles/cognitive-services/ @erhopf @aahill @trevorbye @patrickfarley @nitinme @mrbullwinkle @laujan
+articles/cognitive-services/ @aahill @patrickfarley @nitinme @mrbullwinkle @laujan
 
 # DevOps
 articles/ansible/ @TomArcherMsft
@@ -58,7 +58,7 @@ articles/virtual-machines/ @cynthn @mimckitt
 articles/virtual-machine-scale-sets/ @ju-shim @mimckitt
 articles/cloud-services/ @mimckitt
 articles/cloud-services-extended-support/ @mimckitt
-articles/service-fabric/ @erikadoyle @mimckitt
+articles/service-fabric/ @sukanyamsft @mimckitt
 articles/container-instances/ @macolso @mimckitt
 articles/container-registry/ @dlepow @mimckitt
 

CODEOWNERS

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/24/2021
+ms.date: 07/01/2021
 ms.custom: project-no-code
 ms.author: mimart
 ms.subservice: B2C
@@ -20,27 +20,39 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-## Password reset flow
+## Overview
 
-The [sign-up and sign-in journey](add-sign-up-and-sign-in-policy.md) allows users to reset their own password using the **Forgot your password?** link. The password reset flow involves the following steps:
+Within a [sign-up and sign-in journey](add-sign-up-and-sign-in-policy.md), users can reset their own passwords using the **Forgot your password?** link. This self-service password reset flow applies to local accounts in Azure AD B2C that use an [email address](sign-in-options.md#email-sign-in) or [username](sign-in-options.md#username-sign-in) with a password for sign-in.
 
-1. From the sign-up and sign-in page, the user clicks the **Forgot your password?** link. Azure AD B2C initiates the password reset flow.
-2. The user provides their email address and selects **Send verification code**. Azure AD B2C will then send the user a verification code.
+The password reset flow involves the following steps:
 
-* The user needs to open the mail box and copy the verification code. The user then enters the verification code in Azure AD B2C password reset page, and selects **Verify code**.
+![Password reset flow](./media/add-password-reset-policy/password-reset-flow.png)
 
-> [!NOTE]
-> After the email is verified, the user can still select **Change e-mail**, type the other email, and repeat the email verification from the beginning.
-3. The user can then enter a new password.
+**1.** From the sign-up and sign-in page, the user clicks the **Forgot your password?** link. Azure AD B2C initiates the password reset flow.
 
-![Password reset flow](./media/add-password-reset-policy/password-reset-flow.png)
+**2.** The user provides their email address and selects **Send verification code**. Azure AD B2C sends the verification code to the user's inbox. The user copies the verification code from the email, enters the code in the Azure AD B2C password reset page, and selects **Verify code**.
 
-The password reset flow applies to local accounts in Azure AD B2C that use an [email address](sign-in-options.md#email-sign-in) or [username](sign-in-options.md#username-sign-in) with a password for sign-in.
+**3.** The user can then enter a new password. (After the email is verified, the user can still select the **Change e-mail** button; see [Hiding the change email button](#hiding-the-change-email-button) below.)
 
 > [!TIP]
-> The self-service password reset flow allows users to change their password when the user forgets their password and wants to reset it. Consider configuring a [password change flow](add-password-change-policy.md) to support cases where a user knows their password and wants to change it.
+> The self-service password reset flow allows users to change their password when the user forgets their password and wants to reset it. 
+> - For cases where a user knows their password and wants to change it, use a [password change flow](add-password-change-policy.md). 
+> - For cases where you want to to force users to reset their passwords (for example, when they sign in for the first time, when their passwords have been reset by an admin, or after they've been migrated to Azure AD B2C with random passwords) use a [force password reset](force-password-reset.md) flow.
+
+### Hiding the change email button
+
+After the email is verified, the user can still select **Change email**, type the another email, and repeat the email verification from the beginning. If you'd prefer to hide the **Change email** button, you can modify the CSS to hide the associated HTML element(s) on the page. For example, you can add the CSS entry below to the selfAsserted.HTML and [customize the user interface with HTML templates](customize-ui-with-html.md).
+
+```html
+<style type="text/css">
+   .changeClaims
+   {
+     visibility: hidden;
+   }
+</style>
+```
 
-A common practice after migrating users to Azure AD B2C with random passwords is to have the users verify their email addresses and reset their passwords during their first sign-in. It's also common to force the user to reset their password after an administrator changes their password; see [force password reset](force-password-reset.md) to enable this feature.
+Note that the default name of the **Change email** button in the selfasserted.html page is `changeclaims`. You can find the button name by inspecting the page source of the sign-up page using a browser tool (such as Inspect).
 
 ## Prerequisites
 

articles/active-directory-b2c/add-password-reset-policy.md

@@ -258,33 +258,32 @@ The workbook will display reports in the form of a dashboard.
 Alerts are created by alert rules in Azure Monitor and can automatically run saved queries or custom log searches at regular intervals. You can create alerts based on specific performance metrics or when certain events are created, absence of an event, or a number of events are created within a particular time window. For example, alerts can be used to notify you when average number of sign-in exceeds a certain threshold. For more information, see [Create alerts](../azure-monitor/alerts/alerts-log.md).
 
 
-Use the following instructions to create a new Azure Alert, which will send an [email notification](../azure-monitor/alerts/action-groups.md#configure-notifications) whenever there is a 25% drop in the **Total Requests** compare to previous period. Alert will run every 5 minutes and look for the drop within last 24 hours windows. The alerts are created using Kusto query language.
+Use the following instructions to create a new Azure Alert, which will send an [email notification](../azure-monitor/alerts/action-groups.md#configure-notifications) whenever there is a 25% drop in the **Total Requests** compare to previous period. Alert will run every 5 minutes and look for the drop in the last hour compared to the hour before that. The alerts are created using Kusto query language.
 
 
 1. From **Log Analytics workspace**, select **Logs**. 
 1. Create a new **Kusto query** by using the query below.
 
     ```kusto
-    let start = ago(24h);
+    let start = ago(2h);
     let end = now();
     let threshold = -25; //25% decrease in total requests.
     AuditLogs
     | serialize TimeGenerated, CorrelationId, Result
-    | make-series TotalRequests=dcount(CorrelationId) on TimeGenerated in range(start, end, 1h)
+    | make-series TotalRequests=dcount(CorrelationId) on TimeGenerated from start to end step 1h
     | mvexpand TimeGenerated, TotalRequests
-    | where TotalRequests > 0
-    | serialize TotalRequests, TimeGenerated, TimeGeneratedFormatted=format_datetime(todatetime(TimeGenerated), 'yyyy-M-dd [hh:mm:ss tt]')
+    | serialize TotalRequests, TimeGenerated, TimeGeneratedFormatted=format_datetime(todatetime(TimeGenerated), 'yyyy-MM-dd [HH:mm:ss]')
     | project   TimeGeneratedFormatted, TotalRequests, PercentageChange= ((toreal(TotalRequests) - toreal(prev(TotalRequests,1)))/toreal(prev(TotalRequests,1)))*100
-    | order by TimeGeneratedFormatted
+    | order by TimeGeneratedFormatted desc
     | where PercentageChange <= threshold   //Trigger's alert rule if matched.
     ```
 
-1. Select **Run**, to test the query. You should see the results if there is a drop of 25% or more in the total requests within the past 24 hours.
+1. Select **Run**, to test the query. You should see the results if there is a drop of 25% or more in the total requests within the past hour.
 1. To create an alert rule based on the query above, use the **+ New alert rule** option available in the toolbar.
 1. On the **Create an alert rule** page, select **Condition name** 
 1. On the **Configure signal logic** page, set following values and then use **Done** button to save the changes.
     * Alert logic: Set **Number of results** **Greater than** **0**.
-    * Evaluation based on: Select **1440** for Period (in minutes) and **5** for Frequency (in minutes) 
+    * Evaluation based on: Select **120** for Period (in minutes) and **5** for Frequency (in minutes) 
 
     ![Create a alert rule condition](./media/azure-monitor/alert-create-rule-condition.png)
 

articles/active-directory-b2c/azure-monitor.md

@@ -18,14 +18,6 @@ ms.subservice: B2C
 
 When you set up an identity provider for sign-up and sign-in in your Azure Active Directory B2C (Azure AD B2C) application, you need to specify a redirect URL. You should no longer reference *login.microsoftonline.com* in your applications and APIs for authenticating users with Azure AD B2C. Instead, use *b2clogin.com* for all new applications, and migrate existing applications from *login.microsoftonline.com* to *b2clogin.com*.
 
-## Deprecation of login.microsoftonline.com
-
-**October 2020 update:** We're extending a grace period for tenants who are unable to meet the originally announced deprecation date of 04 December 2020. Retirement of login.microsoftonline.com will now occur no earlier than **14 January 2021.**
-
-**Background**: On 04 December 2019, we originally [announced](https://azure.microsoft.com/updates/b2c-deprecate-msol/) the scheduled retirement of login.microsoftonline.com support in Azure AD B2C on 04 December 2020. This provided existing tenants one (1) year to migrate to b2clogin.com. New tenants created after 04 December 2019 will not accept requests from login.microsoftonline.com. All functionality remains the same on the b2clogin.com endpoint.
-
-The deprecation of login.microsoftonline.com does not impact Azure Active Directory tenants. Only Azure Active Directory B2C tenants are affected by this change.
-
 ## What endpoints does this apply to
 The transition to b2clogin.com only applies to authentication endpoints that use Azure AD B2C policies (user flows or custom policies) to authenticate users. These endpoints have a `<policy-name>` parameter which specifies the policy Azure AD B2C should use. [Learn more about Azure AD B2C policies](technical-overview.md#identity-experiences-user-flows-or-custom-policies). 
 

articles/active-directory-b2c/b2clogin.md

@@ -142,17 +142,19 @@ You should now see Trusona as a **new OpenID Connect Identity Provider** listed
 
 1. Select **OK**.  
 
-### Test the Policy
+### Test the policy
 
-1. Select your newly created policy.
+1. Select the policy you created.
 
-2. Select **Run user flow**.
+1. Select **Run user flow**, and then select the settings:
 
-3. In the form, enter the Replying URL.
+   1. **Application**: Select the registered app.
+ 
+   1. **Reply URL**: Select the redirect URL.
+   
+1. Select **Run user flow**. You should be redirected to the Trusona OIDC gateway. On the Trusona gateway, scan the displayed Secure QR code with the Trusona app or with a custom app using the Trusona mobile SDK.
 
-4. Select **Run user flow**. You should be redirected to the Trusona OIDC gateway. On the Trusona gateway, scan the displayed Secure QR code with the Trusona app or with a custom app using the Trusona mobile SDK.
-
-5. After scanning the Secure QR code, you should be redirected to the Reply URL you defined in step 3.
+1. After you scan the Secure QR code, you should be redirected to the Reply URL you defined.
 
 ## Next steps  
 

articles/active-directory-b2c/media/azure-monitor/alert-create-rule-condition.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: reference
-ms.date: 05/11/2021
+ms.date: 07/02/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -728,6 +728,8 @@ ToLower(source, culture)
 **Description:** 
 Takes a *source* string value and converts it to lower case using the culture rules that are specified. If there is no *culture* info specified, then it will use Invariant culture.
 
+If you would like to set existing values in the target system to lower case, [update the schema for your target application](./customize-application-attributes.md#editing-the-list-of-supported-attributes) and set the property caseExact to 'true' for the attribute that you are interested in. 
+
 **Parameters:** 
 
 | Name | Required/ Repeating | Type | Notes |
@@ -755,6 +757,8 @@ ToUpper(source, culture)
 **Description:** 
 Takes a *source* string value and converts it to upper case using the culture rules that are specified. If there is no *culture* info specified, then it will use Invariant culture.
 
+If you would like to set existing values in the target system to upper case, please [update the schema for your target application](./customize-application-attributes.md#editing-the-list-of-supported-attributes) and set the property caseExact to 'true' for the attribute that you are interested in. 
+
 **Parameters:** 
 
 | Name | Required/ Repeating | Type | Notes |