Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-marmalade

Author: v-alje

.openpublishing.redirection.json

@@ -1,5 +1,20 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/openshift/howto-azure-monitor-v4.md",
+      "redirect_url": "articles/azure-monitor/insights/container-insights-azure-redhat4-setup.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/openshift/tutorial-scale-cluster.md",
+      "redirect_url": "articles/openshift/tutorial-connect-cluster.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/openshift/howto-using-azure-redhat-openshift.md",
+      "redirect_url": "articles/openshift/tutorial-create-cluster.md",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-network/create-virtual-network-classic.md",
       "redirect_url": "/previous-versions/azure/virtual-network/create-virtual-network-classic",
@@ -592,6 +607,46 @@
       "redirect_url": "/azure/virtual-machines/workloads/oracle/oracle-overview/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/studio/use-case-excel-studio.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/azure-ml-customer-churn-scenario.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/text-analytics-module-tutorial.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/extend-your-experiment-with-r.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/debug-models.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/troubleshooting-creating-ml-workspace.md",
+      "redirect_url": "/azure/machine-learning/studio/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/basics-infographic-with-algorithm-examples.md",
+      "redirect_url": "/azure/machine-learning/how-to-select-algorithms",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/convert-training-experiment-to-scoring-experiment.md",
+      "redirect_url": "/azure/machine-learning/studio/deploy-a-machine-learning-web-service",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/machine-learning/studio/consume-web-service-with-web-app-template.md",
       "redirect_url": "/azure/machine-learning/studio/consume-web-services",
@@ -2817,6 +2872,11 @@
       "redirect_url": "https://github.com/Azure-Samples/active-directory-dotnet-native-uwp-v2",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/develop/quickstart-v2-javascipt-auth-code.md",
+      "redirect_url": "/azure/active-directory/develop/quickstart-v2-javascript-auth-code",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/active-directory/develop/active-directory-v2-devquickstarts-wpf.md",
       "redirect_url": "https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-windesktop",

articles/active-directory/app-provisioning/scim-graph-scenarios.md

@@ -1,29 +1,23 @@
 ---
-title: Using SCIM, the Microsoft Graph, and the Azure AD provisioning service to provision users and enrich your application with the data it needs | Microsoft Docs
+title: Use SCIM, Microsoft Graph, and Azure AD to provision users and enrich apps with data
 description: Using SCIM and the Microsoft Graph together to provision users and enrich your application with the data it needs .
 services: active-directory
-documentationcenter: ''
 author: msmimart
 manager: CelesteDG
-
-ms.assetid: 
 ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
-ms.tgt_pltfrm: na
-ms.devlang: na
 ms.topic: conceptual
-ms.date: 04/23/2020
+ms.date: 04/26/2020
 ms.author: mimart
 ms.reviewer: arvinh
 
-ms.collection: M365-identity-device-management
 ---
 
 
 # Using SCIM and Microsoft Graph together to provision users and enrich your application with the data it needs
 
-**Target audience:** This document is targeted towards developers building applications to be integrated with Azure AD. For others looking to use applications already integrated with Azure AD, such as Zoom, ServiceNow, and DropBox, you can skip this and review the application specific [tutorials](https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list) or review [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/app-provisioning/how-provisioning-works).
+**Target audience:** This article is targeted towards developers building applications to be integrated with Azure Active Directory (Azure AD). If you're looking to use applications already integrated with Azure AD, such as Zoom, ServiceNow, and DropBox, you can skip this article and review the application specific [tutorials](https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list) or review [how the provisioning service works](https://docs.microsoft.com/azure/active-directory/app-provisioning/how-provisioning-works).
 
 **Common scenarios**
 
@@ -45,7 +39,6 @@ Today, IT admins provision users by manually creating user accounts or periodica
 * If your customers use various IdPs and you do not want to maintain a sync engine to integrate with each, support a SCIM compliant [/Users](https://aka.ms/scimreferencecode) endpoint. Your customers will be able to easily use this endpoint to integrate with the Azure AD provisioning service and automatically create user accounts when they need access. You can build the endpoint once and it will be compatible with all IdPs. Check out the example request below for how a user would be created using SCIM.
 * If you require user data found on the user object in Azure AD and other data from across Microsoft, consider building a SCIM endpoint for user provisioning and calling into the Microsoft Graph to get the rest of the data. 
 
-
 ```json
 POST /Users
 {

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -813,7 +813,7 @@ Requests from Azure Active Directory include an OAuth 2.0 bearer token. Any serv
 
 In the token, the issuer is identified by an iss claim, like `"iss":"https://sts.windows.net/cbb1a5ac-f33b-45fa-9bf5-f37db0fed422/"`. In this example, the base address of the claim value, `https://sts.windows.net`, identifies Azure Active Directory as the issuer, while the relative address segment, _cbb1a5ac-f33b-45fa-9bf5-f37db0fed422_, is a unique identifier of the Azure Active Directory tenant for which the token was issued.
 
-The audience for the token will be the application template ID for the application in the gallery, each of the applications registered in a single tenant may receive the same `iss` claim with SCIM requests. The application template ID for each application in the gallery varies, please contact [[email protected]](mailto:[email protected]) for questions around the application template ID for a gallery application. The application template ID for all custom apps is _8adf8e6e-67b2-4cf2-a259-e3dc5476c621_.
+The audience for the token will be the application template ID for the application in the gallery, each of the applications registered in a single tenant may receive the same `iss` claim with SCIM requests. The application template ID for all custom apps is _8adf8e6e-67b2-4cf2-a259-e3dc5476c621_. The token generated by the Azure AD provisioning service should only be used for testing. It should not be used in production environments.
 
 In the sample code, requests are authenticated using the Microsoft.AspNetCore.Authentication.JwtBearer package. The following code enforces that requests to any of the service’s endpoints are authenticated using the bearer token issued by Azure Active Directory for a specified tenant:
 

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -116,7 +116,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | eWBM | [https://www.ewbm.com/support](https://www.ewbm.com/support) |
 | AuthenTrend | [https://authentrend.com/about-us/#pg-35-3](https://authentrend.com/about-us/#pg-35-3) |
 | Gemalto (Thales Group) | [https://safenet.gemalto.com/multi-factor-authentication/authenticators/passwordless-authentication/](https://safenet.gemalto.com/multi-factor-authentication/authenticators/passwordless-authentication/) |
-| OneSpan Inc. | [https://www.onespan.com/sites/default/files/2019-01/OneSpan-FIDO-Authentication.pdf](https://www.onespan.com/sites/default/files/2019-01/OneSpan-FIDO-Authentication.pdf) |
+| OneSpan Inc. | [https://www.onespan.com/products/fido](https://www.onespan.com/products/fido) |
 | IDmelon Technologies Inc. | [https://www.idmelon.com/#idmelon](https://www.idmelon.com/#idmelon) | 
 
 > [!NOTE]

articles/active-directory/authentication/tutorial-enable-sspr.md

@@ -103,7 +103,7 @@ To keep users informed about account activity, you can configure e-mail notifica
 If users need additional help with the SSPR process, you can customize the link for "Contact your administrator". This link is used in the SSPR registration process and when a user unlocks their account or resets their password. To make sure your users get the support needed, it's highly recommended to provide a custom helpdesk email or URL.
 
 1. On the **Customization** page from the menu in the left-hand side, set *Customize helpdesk link* to **Yes**.
-1. In the **Custom helpdesk email or URL** field, provide an email address or web page URL where your users can get additional help from your organization, such as *https://support.contoso.com/*
+1. In the **Custom helpdesk email or URL** field, provide an email address or web page URL where your users can get additional help from your organization, such as *`https://support.contoso.com/`*
 1. To apply the custom link, select **Save**.
 
 ## Test self-service password reset

articles/active-directory/develop/TOC.yml

@@ -448,9 +448,13 @@
   - name: Automatic user provisioning (SCIM)
     items:
     - name: What is automatic user provisioning?
-      href: /azure/active-directory/manage-apps/user-provisioning
-    - name: Building and integrating a SCIM endpoint
-      href: /azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups
+      href: /azure/active-directory/app-provisioning/user-provisioning
+    - name: Develop and integrating a SCIM endpoint
+      href: /azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups
+    - name: Common provisioning scenarios
+      href: /azure/active-directory/app-provisioning/scim-graph-scenarios
+    - name: Automate configuration using MS Graph
+      href: /azure/active-directory/app-provisioning/application-provisioning-configure-api
 - name: How-to guides
   items:
   - name: Authentication

articles/active-directory/develop/quickstart-v2-javascipt-auth-code.md renamed to articles/active-directory/develop/quickstart-v2-javascript-auth-code.md

@@ -46,7 +46,7 @@ public void ConfigureServices(IServiceCollection services)
 {
     // more code here
 
-    services.AddSignIn(Configuration, "AzureAd");
+    services.AddSignIn(Configuration, "AzureAd")
             .AddWebAppCallsProtectedWebApi(Configuration,
                                            initialScopes: new string[] { "user.read" })
             .AddInMemoryTokenCaches();

articles/active-directory/develop/scenario-web-app-call-api-app-configuration.md

@@ -221,7 +221,7 @@ This project has web app and web API projects. To deploy them to Azure websites,
    1. Right-click the project in Solution Explorer, and then select **Publish**.
    1. Select **Import Profile** on the bottom bar, and import the publish profile that you downloaded earlier.
 1. Select **Configure**.
-1. On the **Connection** tab, update the destination URL so that it uses "https." For example, use [https://dotnet-web-daemon-v2-contoso.azurewebsites.net](https://dotnet-web-daemon-v2-contoso.azurewebsites.net). Select **Next**.
+1. On the **Connection** tab, update the destination URL so that it uses "https." For example, use `https://dotnet-web-daemon-v2-contoso.azurewebsites.net`. Select **Next**.
 1. On the **Settings** tab, make sure that **Enable Organizational Authentication** is cleared.
 1. Select **Save**. Select **Publish** on the main screen.
 

articles/active-directory/develop/tutorial-v2-aspnet-daemon-web-app.md

@@ -13,7 +13,6 @@ author: MicrosoftGuyJFlo
 manager: daveba
 ms.reviewer: sandeo
 
-
 #Customer intent: As an IT admin, I want to set up hybrid Azure AD joined devices so that I can automatically bring AD domain-joined devices under control.
 ms.collection: M365-identity-device-management
 ---
@@ -184,7 +183,7 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints
 - `/adfs/services/trust/13/certificatemixed`
 
 > [!WARNING]
-> Both **adfs/services/trust/2005/windowstransport** or **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust Windows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
+> Both **adfs/services/trust/2005/windowstransport** and **adfs/services/trust/13/windowstransport** should be enabled as intranet facing endpoints only and must NOT be exposed as extranet facing endpoints through the Web Application Proxy. To learn more on how to disable WS-Trust Windows endpoints, see [Disable WS-Trust Windows endpoints on the proxy](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#disable-ws-trust-windows-endpoints-on-the-proxy-ie-from-extranet). You can see what endpoints are enabled through the AD FS management console under **Service** > **Endpoints**.
 
 > [!NOTE]
 >If you don’t have AD FS as your on-premises federation service, follow the instructions from your vendor to make sure they support WS-Trust 1.3 or 2005 endpoints and that these are published through the Metadata Exchange file (MEX).