Merge pull request #102161 from MicrosoftDocs/master

1/23 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -31018,7 +31018,7 @@
     },
     {
       "source_path": "articles/operations-management-suite/operations-management-suite-service-map-configure.md",
-      "redirect_url": "/azure/monitoring/monitoring-service-map-configure",
+      "redirect_url": "/azure/azure-monitor/insights/service-map#enable-service-map",
       "redirect_document_id": false
     },
     {
@@ -38185,6 +38185,11 @@
       "redirect_url": "/azure/azure-monitor/insights/service-map-scom",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/monitoring/monitoring-service-map-configure.md",
+      "redirect_url": "/azure/azure-monitor/insights/service-map#enable-service-map",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/video-indexer/connect-to-azure.md",
       "redirect_url": "/azure/media-services/video-indexer/connect-to-azure",
@@ -46639,6 +46644,11 @@
       "source_path": "articles/healthcare-apis/overview-open-source-server.md",
       "redirect_url": "/azure/healthcare-apis/overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/mysql/concepts-aad-authentication.md",
+      "redirect_url": "/azure/mysql/concepts-azure-ad-authentication",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/active-directory-b2c-reference-audit-logs.md

@@ -161,7 +161,7 @@ Write-Output "Searching for events starting $7daysago"
 $body       = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
 $oauth      = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
 
-# Parse audit report items, save output to file(s): auditX.json, where X = 0 thru n for number of nextLink pages
+# Parse audit report items, save output to file(s): auditX.json, where X = 0 through n for number of nextLink pages
 if ($oauth.access_token -ne $null) {
     $i=0
     $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -263,7 +263,7 @@ When you want to sign the user out of the application, it isn't enough to clear
 To sign out the user, redirect the user to the `end_session` endpoint that is listed in the OpenID Connect metadata document described earlier:
 
 ```HTTP
-GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
+GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fjwt.ms%2F
 ```
 
 | Parameter | Required | Description |

articles/active-directory-b2c/claimsschema.md

@@ -364,7 +364,7 @@ The **Paragraph** user input type is used to provide a field that shows text onl
   <UserHelpText>A claim responsible for holding response messages to send to the relying party</UserHelpText>
   <UserInputType>Paragraph</UserInputType>
   <Restriction>
-    <Enumeration Text="B2C_V1_90001" Value="You cant sign in because you are a minor" />
+    <Enumeration Text="B2C_V1_90001" Value="You cannot sign in because you are a minor" />
     <Enumeration Text="B2C_V1_90002" Value="This action can only be performed by gold members" />
     <Enumeration Text="B2C_V1_90003" Value="You have not been enabled for this operation" />
   </Restriction>

articles/active-directory-b2c/cookie-definitions.md

@@ -1,5 +1,6 @@
 ---
-title: Cookie definitions - Azure Active Directory B2C | Microsoft Docs
+title: Cookie definitions
+titleSuffix: Azure AD B2C
 description: Provides definitions for the cookies used in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,24 +9,38 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/18/2019
+ms.date: 01/23/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
 
-# Cookies definitions for Azure Active Directory B2C
+# Cookies definitions for Azure AD B2C
 
-The following table lists the cookies used in Azure Active Directory B2C.
+The following sections provide information about the cookies used in Azure Active Directory B2C (Azure AD B2C).
+
+## SameSite
+
+The Microsoft Azure AD B2C service is compatible with SameSite browser configurations, including support for `SameSite=None` with the `Secure` attribute.
+
+To safeguard access to sites, web browsers will introduce a new secure-by-default model that assumes all cookies should be protected from external access unless otherwise specified. The Chrome browser is the first to implement this change, starting with [Chrome 80 in February 2020](https://www.chromium.org/updates/same-site). For more information about preparing for the change in Chrome, see [Developers: Get Ready for New SameSite=None; Secure Cookie Settings](https://blog.chromium.org/2019/10/developers-get-ready-for-new.html) on the Chromium Blog.
+
+Developers must use the new cookie setting, `SameSite=None`, to designate cookies for cross-site access. When the `SameSite=None` attribute is present, an additional `Secure` attribute must be used so cross-site cookies can only be accessed over HTTPS connections. Validate and test all your applications, including those applications that use Azure AD B2C.
+
+For more information, see [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome).
+
+## Cookies
+
+The following table lists the cookies used in Azure AD B2C.
 
 | Name | Domain | Expiration | Purpose |
 | ----------- | ------ | -------------------------- | --------- |
-| x-ms-cpim-admin | main.b2cadmin.ext.azure.com | End of [browser session](session-behavior.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
-| x-ms-cpim-slice | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used to route requests to the appropriate production instance. |
-| x-ms-cpim-trans | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
-| x-ms-cpim-sso:{Id} | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. |
-| x-ms-cpim-cache:{id}_n | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
-| x-ms-cpim-csrf | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
-| x-ms-cpim-dc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
-| x-ms-cpim-ctx | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Context |
-| x-ms-cpim-rp | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
-| x-ms-cpim-rc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |
+| `x-ms-cpim-admin` | main.b2cadmin.ext.azure.com | End of [browser session](session-behavior.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
+| `x-ms-cpim-slice` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used to route requests to the appropriate production instance. |
+| `x-ms-cpim-trans` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
+| `x-ms-cpim-sso:{Id}` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. |
+| `x-ms-cpim-cache:{id}_n` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
+| `x-ms-cpim-csrf` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
+| `x-ms-cpim-dc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
+| `x-ms-cpim-ctx` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Context |
+| `x-ms-cpim-rp` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
+| `x-ms-cpim-rc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |

articles/active-directory-b2c/string-transformations.md

@@ -375,7 +375,7 @@ The following example looks up the error message description based on the error
   <DataType>string</DataType>
   <UserInputType>Paragraph</UserInputType>
   <Restriction>
-    <Enumeration Text="B2C_V1_90001" Value="You cant sign in because you are a minor" />
+    <Enumeration Text="B2C_V1_90001" Value="You cannot sign in because you are a minor" />
     <Enumeration Text="B2C_V1_90002" Value="This action can only be performed by gold members" />
     <Enumeration Text="B2C_V1_90003" Value="You have not been enabled for this operation" />
   </Restriction>
@@ -399,7 +399,7 @@ The claims transformation looks up the text of the item and returns its value. I
 - Input claims:
     - **mapFromClaim**: B2C_V1_90001
 - Output claims:
-    - **restrictionValueClaim**: You cant sign in because you are a minor.
+    - **restrictionValueClaim**: You cannot sign in because you are a minor.
 
 ## LookupValue
 

articles/active-directory-b2c/technicalprofiles.md

@@ -95,6 +95,7 @@ The **TechnicalProfile** contains the following elements:
 | OutputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed after the claims are received from the claims provider. |
 | ValidationTechnicalProfiles | 0:n | A list of references to other technical profiles that the technical profile uses for validation purposes. For more information, see [validation technical profile](validation-technical-profile.md)|
 | SubjectNamingInfo | 0:1 | Controls the production of the subject name in tokens where the subject name is specified separately from claims. For example, OAuth or SAML.  |
+| IncludeInSso | 0:1 |  Whether usage of this technical profile should apply single sign-on (SSO) behavior for the session, or instead require explicit interaction. Possible values: `true` (default), or `false`. |
 | IncludeClaimsFromTechnicalProfile | 0:1 | An identifier of a technical profile from which you want all of the input and output claims to be added to this technical profile. The referenced technical profile must be defined in the same policy file. |
 | IncludeTechnicalProfile |0:1 | An identifier of a technical profile from which you want all data to be added to this technical profile. The referenced technical profile must exist in the same policy file. |
 | UseTechnicalProfileForSessionManagement | 0:1 | A different technical profile to be used for session management. |

articles/active-directory-b2c/tutorial-register-applications.md

@@ -84,7 +84,7 @@ Once the application registration is complete, enable the implicit grant flow:
 
 ## Create a client secret
 
-If your application exchanges a code for a token, you need to create an application secret.
+If your application exchanges an authorization code for an access token, you need to create an application secret.
 
 #### [Applications](#tab/applications/)
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -270,7 +270,7 @@ Valid-From and Valid-Until timestamps, which are in human-readable form, can be
 
 ---
 
-### Why cant I sign in?
+### Why cannot I sign in?
 
 Check that your password hasn't expired. The NPS Extension does not support changing passwords as part of the sign-in workflow. Contact your organization's IT Staff for further assistance.
 

articles/active-directory/cloud-provisioning/what-is-provisioning.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 
 Today, businesses, and corporations are becoming more and more a mixture of on-premises and cloud applications.  Users require access to  applications both on-premises and in the cloud. There is need to have a single identity across these various applications (on-premises as well as cloud).
 
-Provisioning is the process of creating an object based on certain conditions, keeping the object upto date and deleting the object when conditions are no longer met. For example, when a new user joins your organization, that user is entered in to the HR system.  At that point, provisioning can create a corresponding user account in the cloud, in Active Directory, and different applications that the user needs access to.  This allows the user to start work and have access to the applications and systems they need on day one. 
+Provisioning is the process of creating an object based on certain conditions, keeping the object up to date and deleting the object when conditions are no longer met. For example, when a new user joins your organization, that user is entered in to the HR system.  At that point, provisioning can create a corresponding user account in the cloud, in Active Directory, and different applications that the user needs access to.  This allows the user to start work and have access to the applications and systems they need on day one. 
 
 ![cloud provisioning](media/what-is-provisioning/cloud1.png)