Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/wef-connector

Author: yelevin

.openpublishing.redirection.json

@@ -1460,7 +1460,7 @@
     },
     {
       "source_path_from_root": "/articles/active-directory-b2c/active-directory-b2c-reference-sspr.md",
-      "redirect_url": "/azure/active-directory-b2c/user-flow-self-service-password-reset",
+      "redirect_url": "/azure/active-directory-b2c/add-password-reset-policy",
       "redirect_document_id": true
     },
     {
@@ -6679,8 +6679,23 @@
       "redirect_document_id": false
     },
     {
-      "source_path_from_root": "/articles/azure-maps/quick-ios-app.md",
-      "redirect_url": "/azure/azure-maps/quick-demo-map-app",
+      "source_path_from_root": "/articles/azure-maps/how-to-request-real-time-data.md",
+      "redirect_url": "/azure/azure-maps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-maps/how-to-request-transit-data.md",
+      "redirect_url": "/azure/azure-maps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-maps/mobility-coverage.md ",
+      "redirect_url": "/azure/azure-maps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/azure-maps/mobility-service-data-structure.md ",
+      "redirect_url": "/azure/azure-maps",
       "redirect_document_id": false
     },
     {
@@ -28138,6 +28153,11 @@
       "redirect_url": "/azure/storage/blobs/access-tiers-overview",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/storage/common/storage-auth-aad-msi.md",
+      "redirect_url": "/azure/storage/blobs/authorize-managed-identity",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/storage/storage-c-plus-plus-how-to-use-blobs.md",
       "redirect_url": "/azure/storage/blobs/storage-c-plus-plus-how-to-use-blobs",
@@ -46447,6 +46467,26 @@
       "source_path_from_root": "/articles/applied-ai-services/form-recognizer/concept-invoices.md",
       "redirect_url": "/azure/applied-ai-services/form-recognizer/concept-invoice",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/environment/app-service-app-service-environment-web-application-firewall.md",
+      "redirect_url": "/azure/app-service/environment/integrate-with-application-gateway",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/environment/app-service-environment-with-internal-load-balancer.md",
+      "redirect_url": "/azure/app-service/environment/app-service-app-service-environment-create-ilb-ase-resourcemanager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/environment/app-service-web-how-to-create-an-app-service-environment.md",
+      "redirect_url": "/azure/app-service/environment/app-service-app-service-environment-create-ilb-ase-resourcemanager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/environment/app-service-web-how-to-create-a-web-app-in-an-ase.md",
+      "redirect_url": "/azure/app-service/environment/using",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/TOC.yml

@@ -205,8 +205,6 @@
     - name: Resource owner password credentials policy
       href: add-ropc-policy.md
       displayName: ROPC
-    - name: Set up a self-serve password reset policy (deprecated)
-      href: user-flow-self-service-password-reset.md
     - name: Phone sign-up and sign-in
       href: phone-authentication-user-flows.md
   - name: Identity providers

articles/active-directory-b2c/add-password-reset-policy.md

@@ -144,6 +144,7 @@ A claims transformation technical profile initiates the **isForgotPassword** cla
         <OutputClaims>
           <OutputClaim ClaimTypeReferenceId="isForgotPassword" DefaultValue="true" AlwaysUseDefaultValue="true"/>
         </OutputClaims>
+        <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
       </TechnicalProfile>
       <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
         <Metadata>

articles/active-directory-b2c/azure-sentinel.md

@@ -145,7 +145,7 @@ export const b2cPolicies = {
 export const msalConfig: Configuration = {
      auth: {
          clientId: '<your-MyApp-application-ID>',
-         authority: b2cPolicies.authorities.signUpSignIn.
+         authority: b2cPolicies.authorities.signUpSignIn,
          knownAuthorities: [b2cPolicies.authorityDomain],
          redirectUri: '/', 
      },

articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md

@@ -172,13 +172,13 @@ A pipeline task is a pre-packaged script that performs an action. Add a task tha
 
 
         ```PowerShell
-        -ClientID $(clientId) -ClientSecret $(clientSecret) -TenantId $(tenantId) -Folder $(System.DefaultWorkingDirectory)/policyRepo/B2CAssets/ -Files "TrustFrameworkBase.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml,ProfileEdit.xml,PasswordReset.xml"
+        -ClientID $(clientId) -ClientSecret $(clientSecret) -TenantId $(tenantId) -Folder $(System.DefaultWorkingDirectory)/policyRepo/B2CAssets/ -Files "TrustFrameworkBase.xml,TrustFrameworkLocalization.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml,ProfileEdit.xml,PasswordReset.xml"
         ```
         
         The `-Files` parameter is a comma delimiter list of policy files to deploy. Update the list with your policy files.
         
         > [!IMPORTANT]
-        >  Ensure the policies are uploaded in the correct order. First the base policy, the extensions policy, then the relying party policies. For example,  `TrustFrameworkBase.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml`.
+        >  Ensure the policies are uploaded in the correct order. First the base policy, the extensions policy, then the relying party policies. For example,  `TrustFrameworkBase.xml,TrustFrameworkLocalization.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml`.
         
 1. Select **Save** to save the Agent job.
 

articles/active-directory-b2c/deploy-custom-policies-devops.md

@@ -94,7 +94,7 @@ To create a workflow, follow these steps:
           uses: azure-ad-b2c/deploy-trustframework-policy@v3
           with:
             folder: "./Policies"
-            files: "TrustFrameworkBase.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml"
+            files: "TrustFrameworkBase.xml,TrustFrameworkLocalization.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml"
             tenant: ${{ env.tenant }}
             clientId: ${{ env.clientId }}
             clientSecret: ${{ secrets.clientSecret }}
@@ -107,12 +107,13 @@ To create a workflow, follow these steps:
     | `env` | `clientId` | **Application (client) ID** of the application you registered in the [Register an MS Graph application](#register-a-microsoft-graph-application) step. |
     |`env`| `tenant` | Your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name) (for example, contoso.onmicrosoft.com). |
     | `with`| `folder`| A folder where the custom policies files are stored, for example, `./Policies`.|
-    | `with`| `files` | Comma-delimited list of policy files to deploy, for example, `TrustFrameworkBase.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml`.|
+    | `with`| `files` | Comma-delimited list of policy files to deploy, for example, `TrustFrameworkBase.xml,TrustFrameworkLocalization.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml`.|
 
     > [!IMPORTANT]
     > When running the agents and uploading the policy files, make sure they're uploaded in the correct order:
     >
     > 1. *TrustFrameworkBase.xml*
+    > 1. *TrustFrameworkLocalization.xml*
     > 1. *TrustFrameworkExtensions.xml*
     > 1. *SignUpOrSignin.xml*
     > 1. *ProfileEdit.xml*

articles/active-directory-b2c/deploy-custom-policies-github-action.md

@@ -107,12 +107,12 @@ export const b2cPolicies = {
 export const msalConfig: Configuration = {
      auth: {
          clientId: '<your-MyApp-application-ID>',
-         authority: b2cPolicies.authorities.signUpSignIn.
+         authority: b2cPolicies.authorities.signUpSignIn,
          knownAuthorities: [b2cPolicies.authorityDomain],
          redirectUri: '/', 
      },
      cache: {
-         cacheLocation: BrowserCacheLocation.LocalStorage,.
+         cacheLocation: BrowserCacheLocation.LocalStorage,
          storeAuthStateInCookie: isIE, 
      },
      system: {
@@ -129,7 +129,7 @@ export const msalConfig: Configuration = {
 export const protectedResources = {
   todoListApi: {
     endpoint: "http://localhost:5000/api/todolist",
-    scopes: ["https://your-tenant-namee.onmicrosoft.com/api/tasks.read"],
+    scopes: ["https://your-tenant-name.onmicrosoft.com/api/tasks.read"],
   },
 }
 export const loginRequest = {

articles/active-directory-b2c/enable-authentication-angular-spa-app.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/20/2021
+ms.date: 10/05/2021
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -267,9 +267,9 @@ Error responses look like:
 
 ## Send a sign-out request
 
-When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. Redirect the user to Azure AD B2C to sign out. If you fail to do so, the user might be able to reauthenticate to your application without entering their credentials again. For more information, see [Azure AD B2C session](session-behavior.md).
+When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. Redirect the user to Azure AD B2C to sign out. If you fail to do so, the user might be able to reauthenticate to your application without entering their credentials again. For more information, see [Azure AD B2C session behavior](session-behavior.md).
 
-To sign out the user, redirect the user to the `end_session` endpoint that is listed in the OpenID Connect metadata document described earlier:
+To sign out the user, redirect the user to the `end_session_endpoint` that is listed in the OpenID Connect metadata document described earlier:
 
 ```http
 GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fjwt.ms%2F
@@ -278,11 +278,13 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 | Parameter | Required | Description |
 | --------- | -------- | ----------- |
 | {tenant} | Yes | Name of your Azure AD B2C tenant |
-| {policy} | Yes | The user flow that has been used in authorization request. For example, if user signed-in with the `b2c_1_sign_in` user flow, specify the `b2c_1_sign_in` in the sign-out request. |
+| {policy} | Yes | The user flow that has been used in the authorization request. For example, if the user signed-in with the `b2c_1_sign_in` user flow, specify `b2c_1_sign_in` in the sign-out request. |
 | id_token_hint| No | A previously issued ID token to pass to the logout endpoint as a hint about the end user's current authenticated session with the client. The `id_token_hint` ensures that the `post_logout_redirect_uri` is a registered reply URL in your Azure AD B2C application settings. For more information, see [Secure your logout redirect](#secure-your-logout-redirect). |
 | client_id | No* | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application.<br><br>\**This is required when using `Application` isolation SSO configuration and _Require ID Token_ in logout request is set to `No`.* |
 | post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you should not register this URL as a reply URL in your Azure AD B2C application settings. |
-| state | No | If a `state` parameter is included in the request, the same value should appear in the response. The application should verify that the `state` values in the request and response are identical. |
+| state | No | If a `state` parameter is included in the authorization request, the same value will be returned in the response to the `post_logout_redirect_uri`. The application should verify that the `state` values in the request and response are identical. |
+
+Upon a sign-out request, Azure AD B2C invalidates the Azure AD B2C cookie-based session, and attempts to sign out from federated identity providers. For more information, see [Single sign-out](session-behavior.md?pivots=b2c-custom-policy#single-sign-out).
 
 ### Secure your logout redirect
 
@@ -292,4 +294,4 @@ To set the required ID Token in logout requests, see [Configure session behavior
 
 ## Next steps
 
-- Learn more about [Azure AD B2C session](session-behavior.md).
+- Learn more about [Azure AD B2C session](session-behavior.md).

articles/active-directory-b2c/openid-connect.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/05/2021
+ms.date: 10/05/2021
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -83,7 +83,7 @@ The following example shows metadata for a SAML service provider, with `WantAsse
 
 ```xml
 <EntityDescriptor ID="id123456789" entityID="https://samltestapp2.azurewebsites.net" validUntil="2099-12-31T23:59:59Z" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
-  <SPSSODescriptor  WantAssertionsSigned="true" AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+  <SPSSODescriptor WantAssertionsSigned="true" AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
   ...
   </SPSSODescriptor>
 </EntityDescriptor>
@@ -152,7 +152,7 @@ To configure the encryption method for encrypting the copy of the key that was u
 - `Rsa15` (default): RSA Public Key Cryptography Standard (PKCS) Version 1.5 algorithm.
 - `RsaOaep`: RSA Optimal Asymmetric Encryption Padding (OAEP) encryption algorithm.  
 
-The metadata controls the value of the  `<EncryptedKey>` element in the SAML response.
+The metadata controls the value of the `<EncryptedKey>` element in the SAML response.
 
 The following example shows the `EncryptedAssertion` section of a SAML assertion. The encrypted data method is `Aes128`, and the encrypted key method is `Rsa15`.
 
@@ -222,15 +222,16 @@ To enable IdP-initiated flow, set the `IdpInitiatedProfileEnabled` metadata item
 
 To sign in or sign up a user through IdP-initiated flow, use the following URL:
 
-```
-https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/generic/login?EntityId=app-identifier-uri 
+```http
+https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/generic/login?EntityId=<app-identifier-uri>&RelayState=<relay-state> 
 ```
 
 Replace the following values:
 
 * Replace `<tenant-name>` with your tenant name.
 * Replace `<policy-name>` with the name of your SAML relying party policy.
-* Replace `app-identifier-uri` with the `identifierUris` value in the metadata file, such as `https://contoso.onmicrosoft.com/app-name`.
+* Replace `<app-identifier-uri>` with the `identifierUris` value in the metadata file, such as `https://contoso.onmicrosoft.com/app-name`.
+* [Optional] replace `<relay-state>` with a value included in the authorization request that also is returned in the token response. The `relay-state` parameter is used to encode information about the user's state in the app before the authentication request occurred, such as the page they were on.
 
 ### Sample policy
 
@@ -394,4 +395,4 @@ By using these tools, you can check the integration between your application and
 <!-- LINKS - External -->
 [samltest]: https://aka.ms/samltestapp
 
-::: zone-end
+::: zone-end