Merge branch 'main' into patch-9

Author: ckittel

.openpublishing.publish.config.json

@@ -34,7 +34,7 @@
   ],
   "branches_to_filter": [],
   "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/azure-docs",
-  "git_repository_branch_open_to_public_contributors": "master",
+  "git_repository_branch_open_to_public_contributors": "main",
   "skip_source_output_uploading": false,
   "need_preview_pull_request": true,
   "contribution_branch_mappings": {},
@@ -381,6 +381,12 @@
       "branch": "main",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "media-services-v3-python",
+      "url": "https://github.com/Azure-Samples/media-services-v3-python",
+      "branch": "main",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-javascript",
       "url": "https://github.com/Microsoft/tsiclient",
@@ -411,12 +417,6 @@
       "branch": "main",
       "branch_mapping": {}
     },
-    {
-      "path_to_root": "media-services-v3-python",
-      "url": "https://github.com/Azure-Samples/media-services-v3-python",
-      "branch": "main",
-      "branch_mapping": {}
-    },
     {
       "path_to_root": "remote-monitoring-webui",
       "url": "https://github.com/Azure/pcs-remote-monitoring-webui.git",
@@ -807,6 +807,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {  
+      "path_to_root": "ms-identity-dotnetcore-b2c-account-management",
+      "url": "https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "msdocs-python-flask-webapp-quickstart",
       "url": "https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart",
@@ -887,11 +893,12 @@
     "articles/purview/.openpublishing.redirection.purview.json",
     "articles/service-bus-messaging/.openpublishing.redirection.service-bus-messaging.json",
     "articles/stream-analytics/.openpublishing.redirection.stream-analytics.json",
+    "articles/spatial-anchors/.openpublishing.redirection.spatial-anchors.json",
     "articles/azure-video-analyzer/.openpublishing.redirection.azure-video-analyzer.json",
     "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json",
     "articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json",
     "articles/mysql/.openpublishing.redirection.mysql.json",
     "articles/container-apps/.openpublishing.redirection.container-apps.json",
     "articles/spring-cloud/.openpublishing.redirection.spring-cloud.json"
   ]
-}
+}

.openpublishing.redirection.active-directory.json

@@ -3483,7 +3483,7 @@
         {
             "source_path_from_root": "/articles/active-directory/active-directory-windows-enterprise-state-roaming-enable.md",
             "redirect_url": "/azure/active-directory/devices/enterprise-state-roaming-enable",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-windows-enterprise-state-roaming-faqs.md",
@@ -3498,7 +3498,7 @@
         {
             "source_path_from_root": "/articles/active-directory/active-directory-windows-enterprise-state-roaming-overview.md",
             "redirect_url": "/azure/active-directory/devices/enterprise-state-roaming-overview",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-windows-enterprise-state-roaming-troubleshooting.md",
@@ -3510,6 +3510,11 @@
             "redirect_url": "/azure/active-directory/devices/enterprise-state-roaming-windows-settings-reference",
             "redirect_document_id": true
         },
+        {
+            "source_path_from_root": "/articles/active-directory/devices/enterprise-state-roaming-overview.md",
+            "redirect_url": "/azure/active-directory/devices/enterprise-state-roaming-enable",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/active-directory/device-management-faq.md",
             "redirect_url": "/azure/active-directory/devices/faq",

.openpublishing.redirection.azure-sql.json

@@ -175,13 +175,23 @@
             "redirect_url": "/sql/machine-learning/tutorials/r-predictive-model-train?context=/azure/azure-sql/managed-instance/context/ml-context&view=azuresqldb-mi-current",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-sql/database/auto-failover-group-overview.md",
+            "redirect_url": "/azure/azure-sql/database/auto-failover-group-sql-db",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/azure-sql/database/auto-failover-group-configure.md",
+            "redirect_url": "/azure/azure-sql/database/auto-failover-group-configure-sql-db",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/azure-sql/database/job-automation-managed-instances.md",
             "redirect_url": "/azure/azure-sql/managed-instance/job-automation-managed-instance",
             "redirect_document_id": true
         },   
         {
-            "source_path": "articles/azure-sql/database/service-tiers-general-purpose-business-critical.md",
+            "source_path_from_root": "/articles/azure-sql/database/service-tiers-general-purpose-business-critical.md",
             "redirect_url": "/azure/azure-sql/database/service-tiers-vcore",
             "redirect_document_id": false
         }                                                                                                                  

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/storage/blobs/storage-ios-how-to-use-blob-storage.md",
+      "redirect_url": "/previous-versions/azure/storage/blobs/storage-ios-how-to-use-blob-storage",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/login-using-aad.md",
       "redirect_url": "/previous-versions/azure/virtual-machines/linux/login-using-aad",
@@ -683,6 +688,16 @@
       "redirect_url": "/azure/frontdoor/troubleshoot-issues",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/frontdoor/concept-rules-set-action.md",
+      "redirect_url": "/azure/frontdoor/front-door-rules-engine-actions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/frontdoor/concept-rules-set.md",
+      "redirect_url": "/azure/frontdoor/front-door-rules-engine",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/app-service-web/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database.md",
       "redirect_url": "/aspnet/core/security/authorization/secure-data",
@@ -19864,6 +19879,11 @@
       "redirect_url": "/azure/machine-learning/how-to-deploy-custom-docker-image",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/machine-learning/service/tutorial-labeling.md",
+      "redirect_url": "/azure/machine-learning/how-to-create-image-labeling-projects",
+      "redirect_document_id": "false"
+    },
     {
       "source_path_from_root": "/articles/machine-learning/service/how-to-deploy-existing-model.md",
       "redirect_url": "/azure/machine-learning/how-to-deploy-and-where",
@@ -32784,6 +32804,11 @@
       "redirect_url": "tutorial-app-containerization-java-kubernetes",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/migrate/migrate-appliance-architecture.md",
+      "redirect_url": "discovered-metadata",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/storage/common/storage-access-blobs-queues-portal.md",
       "redirect_url": "articles/storage/blobs/authorize-blob-access-portal",
@@ -38679,6 +38704,11 @@
       "redirect_url": "/azure/cognitive-services/Speech-Service/language-identification",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/phone-sets.md",
+      "redirect_url": "/azure/cognitive-services/Speech-Service/customize-pronunciation",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/cognitive-services/entitylinking/GettingStarted.md",
       "redirect_url": "/azure/cognitive-services/text-analytics",
@@ -43919,24 +43949,10 @@
         "redirect_url": "/azure/governance/policy/how-to/guest-configuration-create",
         "redirect_document_id": false
       },
-      {   "source_path_from_root": "/articles/azure/marketplace/co-sell-requirements.md",
-          "redirect_url": "/partner-center/co-sell-requirements",
-          "redirect_document_id": false
-      },        
       {
-        "source_path_from_root": "/articles/azure/marketplace/co-sell-status.md",
-        "redirect_url": "/partner-center/co-sell-status",
+        "source_path_from_root": "/articles/virtual-desktop/compare-virtual-desktop-windows-365.md",
+        "redirect_url": "/azure/virtual-desktop/overview",
         "redirect_document_id": false
-      },
-      {
-          "source_path_from_root": "/articles/azure/marketplace/co-sell-configure.md",
-          "redirect_url": "/partner-center/co-sell-configure",
-          "redirect_document_id": false
-      },
-      {
-          "source_path_from_root": "/articles/azure/marketplace/co-sell-overview.md",
-          "redirect_url": "/partner-center/co-sell-overview",
-          "redirect_document_id": false
       }
   ]
 }

.openpublishing.redirection.media-services.json

@@ -634,10 +634,15 @@
             "source_path_from_root": "/articles/media-services/latest/architecture-design-multi-drm-system.md",
             "redirect_url": "/azure/media-services/latest/drm-content-protection-concept",
             "redirect_document_id": true
-          },     
+          },
+          {
+            "source_path_from_root": "/articles/media-services/latest/job-create-cli-how-to.md",
+            "redirect_url": "/azure/media-services/latest/job-create-how-to",
+            "redirect_document_id": false
+          },   
         {
-            "source_path_from_root": "/articles/media-services/latest/latest/questions-collection.md",
-            "redirect_url": "/articles/media-services/latest/frequently-asked-questions.yml",
+            "source_path_from_root": "/articles/media-services/latest/latest/asset-publish-cli-how-to.md",
+            "redirect_url": "/azure/media-services/latest/video-on-demand-simple-portal-quickstart",
             "redirect_document_id": false
       }       
     ]

.vscode/settings.json

@@ -342,3 +342,5 @@ Your application needs to handle certain errors coming from Azure B2C service. L
 ## Next steps
 
 Set up a [force password reset](force-password-reset.md).
+
+[Sign-up and Sign-in with embedded password reset](https://github.com/azure-ad-b2c/samples/tree/master/policies/embedded-password-reset).

articles/active-directory-b2c/add-password-reset-policy.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/18/2021
+ms.date: 03/03/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -40,7 +40,7 @@ The authorization code flow for single page applications requires some additiona
 The `spa` redirect type is backwards compatible with the implicit flow. Apps currently using the implicit flow to get tokens can move to the `spa` redirect URI type without issues and continue using the implicit flow.
 
 ## 1. Get an authorization code
-The authorization code flow begins with the client directing the user to the `/authorize` endpoint. This is the interactive part of the flow, where the user takes action. In this request, the client indicates in the `scope` parameter the permissions that it needs to acquire from the user. The following three examples (with line breaks for readability) each use a different user flow. If you're testing this GET HTTP request, use your browser. 
+The authorization code flow begins with the client directing the user to the `/authorize` endpoint. This is the interactive part of the flow, where the user takes action. In this request, the client indicates in the `scope` parameter the permissions that it needs to acquire from the user. The following examples (with line breaks for readability) shows how to acquire an authorization code. If you're testing this GET HTTP request, use your browser. 
 
 
 ```http
@@ -66,8 +66,8 @@ client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
 | response_mode |Recommended |The method that you use to send the resulting authorization code back to your app. It can be `query`, `form_post`, or `fragment`. |
 | state |Recommended |A value included in the request that can be a string of any content that you want to use. Usually, a randomly generated unique value is  used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the user flow that was being executed. |
 | prompt |Optional |The type of user interaction that is required. Currently, the only valid value is `login`, which forces the user to enter their credentials on that request. Single sign-on will not take effect. |
-| code_challenge  | recommended / required | Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). Required if `code_challenge_method` is included. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is now recommended for all application types - native apps, SPAs, and confidential clients like web apps. | 
-| `code_challenge_method` | recommended / required | The method used to encode the `code_verifier` for the `code_challenge` parameter. This *SHOULD* be `S256`, but the spec allows the use of `plain` if for some reason the client cannot support SHA256. <br/><br/>If excluded, `code_challenge` is assumed to be plaintext if `code_challenge` is included. Microsoft identity platform supports both `plain` and `S256`. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is required for [single page apps using the authorization code flow](tutorial-register-spa.md).|
+| code_challenge  | recommended / required | Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). Required if `code_challenge_method` is included. You need to add logic in your application to generate the `code_verifier` and `code_challenge`. The `code_challenge` is a Base64 URL-encoded SHA256 hash of the `code_verifier`. You store the `code_verifier` in your application for later use, and send the `code_challenge` along with the authorization request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is now recommended for all application types - native apps, SPAs, and confidential clients like web apps. | 
+| `code_challenge_method` | recommended / required | The method used to encode the `code_verifier` for the `code_challenge` parameter. This *SHOULD* be `S256`, but the spec allows the use of `plain` if for some reason the client cannot support SHA256. <br/><br/>If you exclude the `code_challenge_method`, but still include the `code_challenge`, then the  `code_challenge` is assumed to be plaintext. Microsoft identity platform supports both `plain` and `S256`. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is required for [single page apps using the authorization code flow](tutorial-register-spa.md).|
 | login_hint | No| Can be used to pre-fill the sign-in name field of the sign-in page. For more information, see [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name).  |
 | domain_hint | No| Provides a hint to Azure AD B2C about the social identity provider that should be used for sign-in. If a valid value is included, the user goes directly to the identity provider sign-in page.  For more information, see [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider). |
 | Custom parameters | No| Custom parameters that can be used with [custom policies](custom-policy-overview.md). For example, [dynamic custom page content URI](customize-ui-with-html.md?pivots=b2c-custom-policy#configure-dynamic-custom-page-content-uri), or [key-value claim resolvers](claim-resolver-overview.md#oauth2-key-value-parameters). |
@@ -125,9 +125,9 @@ grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&sco
 | client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, and therefore are not used in this call. If you use a client secret, please change it on a periodic basis. |
 | grant_type |Required |The type of grant. For the authorization code flow, the grant type must be `authorization_code`. |
 | scope |Required |A space-separated list of scopes. A single scope value indicates to Azure AD both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources.  You also can use the `openid` scope to request an ID token from Azure AD B2C. |
-| code |Required |The authorization code that you acquired in the first leg of the flow. |
+| code |Required |The authorization code that you acquired in from the `/authorize` endpoint. |
 | redirect_uri |Required |The redirect URI of the application where you received the authorization code. |
-| code_verifier | recommended | The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). |
+| code_verifier | recommended | The same `code_verifier` used to obtain the authorization code. Required if PKCE was used in the authorization code grant request. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). |
 
 If you're testing this POST HTTP request, you can use any HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/).
 

articles/active-directory-b2c/authorization-code-flow.md

@@ -4,7 +4,8 @@ titleSuffix: Azure AD B2C
 description: Microsoft Azure Active Directory B2C Video Series 
 services: active-directory-b2c
 author: gargi-sinha
-manager: martinco
+manager: CelesteDG
+ms.reviewer: kengaderdus
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to

articles/active-directory-b2c/azure-ad-external-identities-videos.md

@@ -4,7 +4,8 @@ titleSuffix: Azure AD B2C
 description: In this tutorial, you use Microsoft Sentinel to perform security analytics for Azure Active Directory B2C data.
 services: active-directory-b2c
 author: gargi-sinha
-manager: martinco
+manager: CelesteDG
+ms.reviewer: kengaderdus
 
 ms.service: active-directory
 ms.workload: identity