Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into us1679050j

Author: TimShererWithAquent

.openpublishing.redirection.json

@@ -9,12 +9,12 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @arob98 @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek
 
 # Configuration
-*.json @SyntaxC4 @snoviking @arob98
-.acrolinx-config.edn @MonicaRush @arob98
-articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @arob98
+*.json @SyntaxC4 @snoviking @martinekuan
+.acrolinx-config.edn @MonicaRush @martinekuan
+articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @martinekuan

CODEOWNERS

@@ -311,13 +311,15 @@
           items:
           - name: About technical profiles
             href: technical-profiles-overview.md
+          - name: About validation technical profiles
+            href: validation-technical-profile.md
+          - name: Application Insights
+            href: application-insights-technical-profile.md
+          - name: Azure Active Directory
+            href: active-directory-technical-profile.md
           - name: Azure Multi-Factor Authentication
             href: multi-factor-auth-technical-profile.md
             displayName: mfa
-          - name: Claim resolvers
-            href: claim-resolver-overview.md
-          - name: Azure Active Directory
-            href: active-directory-technical-profile.md
           - name: Claims transformation
             href: claims-transformation-technical-profile.md
           - name: JWT token issuer
@@ -331,6 +333,8 @@
             displayName: otp
           - name: OpenID Connect
             href: openid-connect-technical-profile.md
+          - name: Phone factor
+            href: phone-factor-technical-profile.md 
           - name: REST
             href: restful-technical-profile.md
           - name: SAML
@@ -342,12 +346,12 @@
           - name: SSO session
             href: custom-policy-reference-sso.md
             displayName: single sign-on
-          - name: Validation
-            href: validation-technical-profile.md
       - name: UserJourneys
         href: userjourneys.md
       - name: RelyingParty
         href: relyingparty.md
+      - name: Claim resolvers
+        href: claim-resolver-overview.md
   - name: Use b2clogin.com
     items:
     - name: b2clogin.com overview
@@ -391,28 +395,28 @@
       href: user-migration.md
 - name: Reference
   items:
-  - name: Identity Experience Framework release notes
-    href: custom-policy-developer-notes.md
+  - name: Billing model
+    href: billing.md
   - name: Code samples
     href: https://azure.microsoft.com/resources/samples/?service=active-directory-b2c
-  - name: Page layout versions
-    href: page-layout.md
   - name: Cookie definitions
     href: cookie-definitions.md
     displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
+  - name: Extensions app
+    href: extensions-app.md
+  - name: Identity Experience Framework release notes
+    href: custom-policy-developer-notes.md
   - name: Microsoft Graph API operations
     href: microsoft-graph-operations.md
+  - name: Page layout versions
+    href: page-layout.md
   - name: Region availability & data residency
     href: data-residency.md
-  - name: Billing model
-    href: billing.md
   - name: Threat management
     href: threat-management.md
     displayName: security
-  - name: Extensions app
-    href: extensions-app.md
   - name: User flow versions
     href: user-flow-versions.md
 - name: Resources

articles/active-directory-b2c/TOC.yml

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/16/2020
+ms.date: 03/24/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -251,7 +251,7 @@ The following technical profile deletes a social user account using **alternativ
 | ClientId | No | The client identifier for accessing the tenant as a third party. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md) |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 
-## Error messages
+### Error messages
 
 The following settings can be used to configure the error message displayed upon failure. The metadata should be configured in the [self-asserted](self-asserted-technical-profile.md) technical profile. The error messages can be [localized](localization.md).
 

articles/active-directory-b2c/active-directory-technical-profile.md

@@ -0,0 +1,84 @@
+---
+title: Define an Application Insights technical profile in a custom policy
+titleSuffix: Azure AD B2C
+description: Define an Application Insights technical profile in a custom policy in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: reference
+ms.date: 03/20/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+
+# Define an Application Insights technical profile in an Azure AD B2C custom policy
+
+[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
+
+Azure Active Directory B2C (Azure AD B2C) supports sending event data directly to [Application Insights](../azure-monitor/app/app-insights-overview.md) by using the instrumentation key provided to Azure AD B2C.  With an Application Insights technical profile, you can get detailed and customized event logs for your user journeys to:
+
+* Gain insights on user behavior.
+* Troubleshoot your own policies in development or in production.
+* Measure performance.
+* Create notifications from Application Insights.
+
+
+## Protocol
+
+The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C for Application Insights:
+`Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null`
+
+The following example shows the common Application Insights technical profile. Other Application Insights technical profiles include the AzureInsights-Common to leverage its configuration.  
+
+```xml
+<TechnicalProfile Id="AzureInsights-Common">
+  <DisplayName>Azure Insights Common</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.Insights.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+</TechnicalProfile>
+```
+
+## Input claims
+
+The **InputClaims** element contains a list of claims to send to Application Insights. You can also map the name of your claim to a name you prefer to appear in Application Insights. The following example shows how to send telemetries to Application Insights. Properties of an event are added through the syntax `{property:NAME}`, where NAME is property being added to the event. DefaultValue can be either a static value or a value that's resolved by one of the supported [claim resolvers](claim-resolver-overview.md).
+
+```XML
+<InputClaims>
+  <InputClaim ClaimTypeReferenceId="PolicyId" PartnerClaimType="{property:Policy}" DefaultValue="{Policy:PolicyId}" />
+  <InputClaim ClaimTypeReferenceId="CorrelationId" PartnerClaimType="{property:JourneyId}" DefaultValue="{Context:CorrelationId}" />
+  <InputClaim ClaimTypeReferenceId="Culture" PartnerClaimType="{property:Culture}" DefaultValue="{Culture:RFC5646}" />
+  <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="{property:objectId}"  />
+</InputClaims>
+```
+
+The **InputClaimsTransformations** element may contain a collection of **InputClaimsTransformation** elements that are used to modify the input claims or generate new ones before sending to Application Insights.
+
+## Persist claims
+
+The PersistedClaims element is not used.
+
+## Output claims
+
+The OutputClaims, and OutputClaimsTransformations elements are not used.
+
+## Cryptographic keys
+
+The CryptographicKeys element is not used.
+
+
+## Metadata
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| InstrumentationKey| Yes | The Application Insights [instrumentation key](../azure-monitor/app/create-new-resource.md#copy-the-instrumentation-key), which will be used for logging the events. | 
+| DeveloperMode| No | A Boolean that indicates whether developer mode is enabled. Possible values: `true` or `false` (default). This metadata controls how events are buffered. In a development environment with minimal event volume, enabling developer mode results in events being sent immediately to Application Insights.|  
+|DisableTelemetry |No |A Boolean that indicates whether telemetry should be enabled or not. Possible values: `true` or `false` (default).| 
+
+
+## Next steps
+
+- [Create an Application Insights resource](../azure-monitor/app/create-new-resource.md)
+- Learn how to [track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md)

articles/active-directory-b2c/application-insights-technical-profile.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/02/2020
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -68,10 +68,12 @@ The following sections list available claim resolvers.
 | {OIDC:LoginHint} |  The `login_hint` query string parameter. | [email protected] |
 | {OIDC:MaxAge} | The `max_age`. | N/A |
 | {OIDC:Nonce} |The `Nonce`  query string parameter. | defaultNonce |
+| {OIDC:Password}| The [resource owner password credentials flow](ropc-custom.md) user's password.| password1| 
 | {OIDC:Prompt} | The `prompt` query string parameter. | login |
+| {OIDC:RedirectUri} |The `redirect_uri`  query string parameter. | https://jwt.ms |
 | {OIDC:Resource} |The `resource`  query string parameter. | N/A |
 | {OIDC:scope} |The `scope`  query string parameter. | openid |
-| {OIDC:RedirectUri} |The `redirect_uri`  query string parameter. | https://jwt.ms |
+| {OIDC:Username}| The [resource owner password credentials flow](ropc-custom.md) user's username.| [email protected]| 
 
 ### Context
 
@@ -90,7 +92,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 
 | Claim | Description | Example |
 | ----- | ----------------------- | --------|
-| {OAUTH-KV:campaignId} | A query string parameter. | hawaii |
+| {OAUTH-KV:campaignId} | A query string parameter. | Hawaii |
 | {OAUTH-KV:app_session} | A query string parameter. | A3C5R |
 | {OAUTH-KV:loyalty_number} | A query string parameter. | 1234 |
 | {OAUTH-KV:any custom query string} | A query string parameter. | N/A |
@@ -108,7 +110,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | ----- | ----------- | --------|
 | {SAML:AuthnContextClassReferences} | The `AuthnContextClassRef` element value, from the SAML request. | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
 | {SAML:NameIdPolicyFormat} | The `Format` attribute, from the `NameIDPolicy` element of the SAML request. | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
-| {SAML:Issuer} |  The SAML `Issuer` element value of the SAML request.| https://contoso.com |
+| {SAML:Issuer} |  The SAML `Issuer` element value of the SAML request.| `https://contoso.com` |
 | {SAML:AllowCreate} | The `AllowCreate` attribute value, from the `NameIDPolicy` element of the SAML request. | True |
 | {SAML:ForceAuthn} | The `ForceAuthN` attribute value, from the `AuthnRequest` element of the SAML request. | True |
 | {SAML:ProviderName} | The `ProviderName` attribute value, from the `AuthnRequest` element of the SAML request.| Contoso.com |
@@ -139,7 +141,7 @@ Settings:
 
 ### RESTful technical profile
 
-In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on these claims the REST API can run custom business logic, and if necessary raise a localized error message.
+In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on the claims the REST API can run custom business logic, and if necessary raise a localized error message.
 
 The following example shows a RESTful technical profile with this scenario:
 
@@ -171,7 +173,7 @@ Using claim resolvers, you can prepopulate the sign-in name or direct sign-in to
 
 Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
 
-The following example passes in the query string parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
+The following example passes in the query string parameter named **campaignId** with a value of `Hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
 
 ```XML
 <UserJourneyBehaviors>

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/27/2020
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -333,7 +333,7 @@ The last step is to enable Azure AD B2C as a SAML IdP in your SAML relying party
 Some or all the following are typically required:
 
 * **Metadata**: `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name/Samlp/metadata`
-* **Issuer**:   `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name`
+* **Issuer**:   Use the entityID in the metadata file
 * **Login Url/SAML endpoint/SAML Url**: Check the value in the metadata file
 * **Certificate**: This is *B2C_1A_SamlIdpCert*, but without the private key. To get the public key of the certificate:
 
@@ -350,7 +350,7 @@ To complete this tutorial using our [SAML Test Application][samltest]:
 * Update policy name, for example *B2C_1A_signup_signin_saml*
 * Specify this issuer URI: `https://contoso.onmicrosoft.com/app-name`
 
-Select **Login** and you should be presented with an end user sign-in screen. Upon sign-in, a SAML assertion is issued back to the sample application.
+Select **Login** and you should be presented with a user sign-in screen. Upon sign-in, a SAML assertion is issued back to the sample application.
 
 ## Sample policy
 
@@ -371,7 +371,8 @@ The following SAML relying party (RP) scenarios are supported via your own metad
 
 ## Next steps
 
-You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
+- You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
+- Get the SAML test web app from [Azure AD B2C GitHub community repo](https://github.com/azure-ad-b2c/saml-sp-tester).
 
 <!-- LINKS - External -->
 [samltest]: https://aka.ms/samltestapp

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/17/2020
+ms.date: 02/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -66,7 +66,7 @@ The **ContentDefinition** element contains the following elements:
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
 | LoadUri | 1:1 | A string that contains the URL of the HTML5 page for the content definition. |
-| RecoveryUri | 1:1 | A string that contains the URL of the HTML page for displaying an error relating to the content definition. |
+| RecoveryUri | 1:1 | A string that contains the URL of the HTML page for displaying an error relating to the content definition. Not currently used, the value must be `~/common/default_page_error.html`. |
 | DataUri | 1:1 | A string that contains the relative URL of an HTML file that provides the user experience to invoke for the step. |
 | Metadata | 0:1 | A collection of key/value pairs that contains the metadata utilized by the content definition. |
 | LocalizedResourcesReferences | 0:1 | A collection of localized resources references. Use this element to customize the localization of a user interface and claims attribute. |

articles/active-directory-b2c/contentdefinitions.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/27/2020
+ms.date: 03/24/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -103,7 +103,15 @@ We recommend that you set the value of SessionExpiryInSeconds to be a short peri
 </RelyingParty>
 ```
 
-4. Save your changes and then upload the file.
-5. To test the custom policy that you uploaded, in the Azure portal, go to the policy page, and then select **Run now**.
+## Test your policy
 
-You can find the sample policy [here](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/keep%20me%20signed%20in).
+1. Save your changes, and then upload the file.
+1. To test the custom policy you uploaded, in the Azure portal, go to the policy page, and then select **Run now**.
+1. Type your **username** and **password**, select **Keep me signed in**, and then click **sign-in**.
+1. Go back to the Azure portal. Go to the policy page, and then select **Copy** to copy the sign-in URL.
+1. In the browser address bar, remove the `&prompt=login` query string parameter, which forces the user to enter their credentials on that request.
+1. In the browser, click **Go**. Now Azure AD B2C will issue an access token without prompting you to sign-in again. 
+
+## Next steps
+
+Find the sample policy [here](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/keep%20me%20signed%20in).

articles/active-directory-b2c/custom-policy-keep-me-signed-in.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/30/2020
+ms.date: 03/19/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -80,6 +80,7 @@ Review the following guidance before using your own HTML and CSS files to custom
   - Limited support for Internet Explorer 9 and 8
   - Google Chrome 42.0 and above
   - Mozilla Firefox 38.0 and above
+  - Safari for iOS and macOS, version 12 and above
 - Don't include **form tags** in your HTML. Form tags interfere with the POST operations generated by the HTML injected by Azure AD B2C.
 
 ### Where do I store UI content?