Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI-200568-episode-forty-three

Author: AlizaBernstein

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,12 +9,12 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 01/17/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
 
-#Customer intent: As a developer using Azure Active Directory B2C custom policies, I want to understand how to use claim resolvers in my technical profiles, so that I can provide context information about authorization requests and populate claims with dynamic values.
+#Customer intent: As a developer using Azure AD B2C custom policies, I want to understand how to use claim resolvers in my technical profiles, so that I can provide context information about authorization requests and populate claims with dynamic values.
 
 ---
 
@@ -122,6 +122,17 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | {OAUTH-KV:loyalty_number} | A query string parameter. | 1234 |
 | {OAUTH-KV:any custom query string} | A query string parameter. | N/A |
 
+## SAML key-value parameters
+
+In a SAML authentication request, any parameter name that's included in the request, but isn’t specific to the protocol (such as SAMLRequest) can be mapped to a claim in the user journey. For example, the request may include a custom parameter such as `username`. This applies to both SP-Initiated and IDP-Initiated SAML requests.
+
+| Claim | Description | Example |
+| ----- | ----------------------- | --------|
+| {SAML-KV:username} | A query string or POST body parameter. | [email protected] |
+| {SAML-KV:loyalty_number} |  A query string or POST body parameter. | 1234 |
+| {SAML-KV:any custom query string} |  A query string or POST body parameter. | N/A |
+
+
 ## SAML
 
 The following table lists the claim resolvers  with information about the SAML authorization request:

articles/active-directory-b2c/configure-authentication-sample-python-web-app.md

@@ -86,24 +86,21 @@ Extract the sample file to a folder where the total length of the path is 260 or
 
 In the project's root directory, follow these steps:
 
-1. Rename the *app_config.py* file to *app_config.py.OLD*.
-1. Rename the *app_config_b2c.py* file to *app_config.py*. This file contains information about your Azure AD B2C identity provider. 
-
-1. Create an `.env` file in the root folder of the project using `.env.sample.b2c` as a guide.
+1. Create an `.env` file in the root folder of the project using `.env.sample` as a guide.
 
     ```shell
     FLASK_DEBUG=True
-    TENANT_NAME=<tenant name>
+    B2C_TENANT_NAME=<tenant name>
     CLIENT_ID=<client id>
     CLIENT_SECRET=<client secret>
-    SIGNUPSIGNIN_USER_FLOW=B2C_1_profile_editing
-    EDITPROFILE_USER_FLOW=B2C_1_reset_password
-    RESETPASSWORD_USER_FLOW=B2C_1_signupsignin1
+    SIGNUPSIGNIN_USER_FLOW=B2C_1_signupsignin1
+    EDITPROFILE_USER_FLOW=B2C_1_profile_editing
+    RESETPASSWORD_USER_FLOW=B2C_1_reset_password
     ```
 
     |Key  |Value  |
     |---------|---------|
-    |`TENANT_NAME`| The first part of your Azure AD B2C [tenant name](tenant-management-read-tenant-name.md#get-your-tenant-name) (for example, `contoso`). |
+    |`B2C_TENANT_NAME`| The first part of your Azure AD B2C [tenant name](tenant-management-read-tenant-name.md#get-your-tenant-name) (for example, `contoso`). |
     |`CLIENT_ID`| The web API application ID from [step 2.1](#step-21-register-the-app).|
     |`CLIENT_SECRET`| The client secret value you created in [step 2.2](#step-22-create-a-web-app-client-secret). |
     |`*_USER_FLOW`|The user flows you created in [step 1](#step-1-configure-your-user-flow).|

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -177,7 +177,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 | ------- | :--: | ----- |
 | Azure portal | GA |   |
 | [Application Insights user journey logs](troubleshoot-with-application-insights.md) | Preview | Used for troubleshooting during development.  |
-| [Application Insights event logs](analytics-with-application-insights.md) | Preview | Used to monitor user flows in production. |
+| [Application Insights event logs](analytics-with-application-insights.md) | Preview | Used to monitor user flows and custom policies in production. |
 
 ## Other features 
 

articles/active-directory-b2c/openid-connect.md

@@ -94,7 +94,7 @@ Error responses can also be sent to the `redirect_uri` parameter so that the app
 ```http
 GET https://jwt.ms/#
 error=access_denied
-&error_description=the+user+canceled+the+authentication
+&error_description=AADB2C90091%3a+The+user+has+cancelled+entering+self-asserted+information.%0d%0aCorrelation+ID%3a+xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx%0d%0aTimestamp%3a+xxxx-xx-xx+xx%3a23%3a27Z%0d%0a
 &state=arbitrary_data_you_can_receive_in_the_response
 ```
 
@@ -202,8 +202,8 @@ Error responses look like:
 
 ```json
 {
-    "error": "access_denied",
-    "error_description": "The user revoked access to the app."
+    "error": "invalid_grant",
+    "error_description": "AADB2C90080: The provided grant has expired. Please re-authenticate and try again. Current time: xxxxxxxxxx, Grant issued time: xxxxxxxxxx, Grant expiration time: xxxxxxxxxx\r\nCorrelation ID: xxxxxxxx-xxxx-xxxX-xxxx-xxxxxxxxxxxx\r\nTimestamp: xxxx-xx-16 xx:10:52Z\r\n"
 }
 ```
 
@@ -279,8 +279,8 @@ Error responses look like:
 
 ```json
 {
-    "error": "access_denied",
-    "error_description": "The user revoked access to the app.",
+    "error": "invalid_grant",
+    "error_description": "AADB2C90129: The provided grant has been revoked. Please reauthenticate and try again.\r\nCorrelation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\r\nTimestamp: xxxx-xx-xx xx:xx:xxZ\r\n",
 }
 ```
 
@@ -318,4 +318,4 @@ To set the required ID Token in logout requests, see [Configure session behavior
 
 ## Next steps
 
-- Learn more about [Azure AD B2C session](session-behavior.md).
+- Learn more about [Azure AD B2C session](session-behavior.md).

articles/active-directory-b2c/restful-technical-profile.md

@@ -276,13 +276,13 @@ The following example shows a C# class that returns an error message:
 ```csharp
 public class ResponseContent
 {
-  public string version { get; set; }
-  public int status { get; set; }
-  public string code { get; set; }
-  public string userMessage { get; set; }
-  public string developerMessage { get; set; }
-  public string requestId { get; set; }
-  public string moreInfo { get; set; }
+  public string Version { get; set; }
+  public int Status { get; set; }
+  public string Code { get; set; }
+  public string UserMessage { get; set; }
+  public string DeveloperMessage { get; set; }
+  public string RequestId { get; set; }
+  public string MoreInfo { get; set; }
 }
 ```
 

articles/active-directory-b2c/userinfo-endpoint.md

@@ -9,6 +9,7 @@ ms.service: active-directory
 
 ms.topic: reference
 ms.date: 01/11/2024
+
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type

articles/active-directory-b2c/userjourneys.md

@@ -8,13 +8,12 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 01/17/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
 
-#Customer intent: As a developer integrating Azure AD B2C into an application, I want to understand how user journeys, authorization technical profiles, orchestration steps, preconditions, claims provider selection, claims exchanges, and journey lists work, so that I can configure the policy file correctly and ensure a successful user flow.
-
+#Customer intent: As a developer integrating Azure AD B2C into an application, I want to understand how custom policy user journeys work so that I can design the steps that a users goes through for the relying party application to obtain the desired claims for a user.  
 ---
 
 # UserJourneys
@@ -92,7 +91,7 @@ A user journey is represented as an orchestration sequence that must be followed
 
 Orchestration steps can be conditionally executed based on preconditions defined in the orchestration step element. For example, you can check to perform an orchestration step only if a specific claim exists, or if a claim is equal or not to the specified value.
 
-To specify the ordered list of orchestration steps, an **OrchestrationSteps** element is added as part of the policy. This element is required.
+To specify the ordered list of orchestration steps, an **OrchestrationSteps** element is added as part of the policy. This element is required. 
 
 ```xml
 <UserJourney Id="SignUpOrSignIn">
@@ -111,7 +110,7 @@ The **OrchestrationStep** element contains the following attributes:
 
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
-| `Order` | Yes | The order of the orchestration steps. |
+| `Order` | Yes | The order of the orchestration steps. The value of the `Order` attribute starts at `1` through `N`. So, if you've 10 steps and you delete the second step, you need to renumber the steps three to 10 to become two to nine. |
 | `Type` | Yes | The type of the orchestration step. Possible values: <ul><li>**ClaimsProviderSelection** - Indicates that the orchestration step presents various claims providers to the user to select one.</li><li>**CombinedSignInAndSignUp** - Indicates that the orchestration step presents a combined social provider sign-in and local account sign-up page.</li><li>**ClaimsExchange** - Indicates that the orchestration step exchanges claims with a claims provider.</li><li>**GetClaims** - Specifies that the orchestration step should process claim data sent to Azure AD B2C from the relying party via its `InputClaims` configuration.</li><li>**InvokeSubJourney** - Indicates that the orchestration step exchanges claims with a [sub journey](subjourneys.md).</li><li>**SendClaims** - Indicates that the orchestration step sends the claims to the relying party with a token issued by a claims issuer.</li></ul> |
 | ContentDefinitionReferenceId | No | The identifier of the [content definition](contentdefinitions.md) associated with this orchestration step. Usually the content definition reference identifier is defined in the self-asserted technical profile. But, there are some cases when Azure AD B2C needs to display something without a technical profile. There are two examples - if the type of the orchestration step is one of following: `ClaimsProviderSelection` or  `CombinedSignInAndSignUp`, Azure AD B2C needs to display the identity provider selection without having a technical profile. |
 | CpimIssuerTechnicalProfileReferenceId | No | The type of the orchestration step is `SendClaims`. This property defines the technical profile identifier of the claims provider that issues the token for the relying party.  If absent, no relying party token is created. |

articles/ai-services/document-intelligence/containers/install-run.md

@@ -8,7 +8,7 @@ ms.service: azure-ai-document-intelligence
 ms.custom:
   - ignite-2023
 ms.topic: how-to
-ms.date: 12/13/2023
+ms.date: 01/17/2024
 ms.author: lajanuar
 ---
 
@@ -676,10 +676,6 @@ The Document Intelligence containers send billing information to Azure by using
 
 Queries to the container are billed at the pricing tier of the Azure resource used for the API `Key`. You're billed for each container instance used to process your documents and images.
 
-> [!NOTE]
-> Currently, Document Intelligence v3 containers only support pay as you go pricing. Support for commitment tiers and disconnected mode will be added in March 2023.
-Azure AI containers aren't licensed to run without being connected to the metering / billing endpoint. Containers must be enabled to always communicate billing information with the billing endpoint. Azure AI containers don't send customer data, such as the image or text that's being analyzed, to Microsoft.
-
 ### Connect to Azure
 
 The container needs the billing argument values to run. These values allow the container to connect to the billing endpoint. The container reports usage about every 10 to 15 minutes. If the container doesn't connect to Azure within the allowed time window, the container continues to run, but doesn't serve queries until the billing endpoint is restored. The connection is attempted 10 times at the same time interval of 10 to 15 minutes. If it can't connect to the billing endpoint within the 10 tries, the container stops serving requests. See the [Azure AI container FAQ](../../../ai-services/containers/container-faq.yml#how-does-billing-work) for an example of the information sent to Microsoft for billing.

articles/ai-services/document-intelligence/quickstarts/includes/csharp-sdk.md

@@ -641,7 +641,7 @@ DocumentIntelligenceClient client = new DocumentIntelligenceClient(new Uri(endpo
 
 Uri invoiceUri = new Uri ("https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-invoice.pdf");
 
-AnalyzeDocumentOperation operation = await client.AnalyzeDocumentFromUriAsync(WaitUntil.Completed, "prebuilt-invoice", invoiceUri);
+Operation operation = await client.AnalyzeDocumentAsync(WaitUntil.Completed, "prebuilt-invoice", invoiceUri);
 
 AnalyzeResult result = operation.Value;
 
@@ -744,7 +744,7 @@ DocumentAnalysisClient client = new DocumentAnalysisClient(new Uri(endpoint), cr
 
 Uri invoiceUri = new Uri ("https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-invoice.pdf");
 
-AnalyzeDocumentOperation operation = await client.AnalyzeDocumentFromUriAsync(WaitUntil.Completed, "prebuilt-invoice", invoiceUri);
+Operation operation = await client.AnalyzeDocumentAsync(WaitUntil.Completed, "prebuilt-invoice", invoiceUri);
 
 AnalyzeResult result = operation.Value;
 

articles/ai-services/language-service/summarization/includes/regional-availability.md

@@ -13,9 +13,9 @@ ms.custom:
 ---
 
 > [!IMPORTANT]
-> Our preview region, Sweden Central, showcases our latest and continually evolving LLM fine tuning techniques based on GPT models. You are welcome to try them out with a Langauge resource in the Sweden Central region.
+> Our preview region, Sweden Central, showcases our latest and continually evolving LLM fine tuning techniques based on GPT models. You are welcome to try them out with a Language resource in the Sweden Central region.
 >
 > Conversation summarization is only available using:
 >  - REST API
 >  - Python
->  - C#
+>  - C#