merge from master

Author: PatrickFarley

.openpublishing.redirection.json

@@ -62,4 +62,4 @@
         "auditd"
     ],
     "git.ignoreLimitWarning": true
-}
+}

.vscode/settings.json

@@ -80,8 +80,8 @@ To onboard your Azure AD tenant (the **Customer**), create an [Azure Resource Ma
 
 Download the Azure Resource Manager template and parameter files:
 
-- [rgDelegatedResourceManagement.json](https://raw.githubusercontent.com/Azure/Azure-Lighthouse-samples/master/Azure-Delegated-Resource-Management/templates/rg-delegated-resource-management/rgDelegatedResourceManagement.json)
-- [rgDelegatedResourceManagement.parameters.json](https://raw.githubusercontent.com/Azure/Azure-Lighthouse-samples/master/Azure-Delegated-Resource-Management/templates/rg-delegated-resource-management/rgDelegatedResourceManagement.parameters.json)
+- [rgDelegatedResourceManagement.json](https://github.com/Azure/Azure-Lighthouse-samples/blob/master/templates/rg-delegated-resource-management/rgDelegatedResourceManagement.json)
+- [rgDelegatedResourceManagement.parameters.json](https://github.com/Azure/Azure-Lighthouse-samples/blob/master/templates/rg-delegated-resource-management/rgDelegatedResourceManagement.parameters.json)
 
 Next, update the parameters file with the values you recorded earlier. The following JSON snippet shows an example of an Azure Resource Manager template parameters file. For `authorizations.value.roleDefinitionId`, use the [built-in role](../role-based-access-control/built-in-roles.md) value for the *Contributor role*, `b24988ac-6180-42a0-ab88-20f7382dd24c`.
 

articles/active-directory-b2c/azure-monitor.md

@@ -112,7 +112,7 @@ Next, expose the API by adding a scope:
 1. In **App registrations (Legacy)**, select **New application registration**.
 1. For **Name**, enter `ProxyIdentityExperienceFramework`.
 1. For **Application type**, choose **Native**.
-1. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
+1. For **Redirect URI**, enter `myapp://auth`.
 1. Select **Create**. After it's created, copy the application ID and save it to use later.
 1. Select **Settings**, then select **Required permissions**, and then select **Add**.
 1. Choose **Select an API**, search for and select **IdentityExperienceFramework**, and then click **Select**.
@@ -125,7 +125,7 @@ Next, expose the API by adding a scope:
 1. For **Name**, enter `ProxyIdentityExperienceFramework`.
 1. Under **Supported account types**, select **Accounts in this organizational directory only**.
 1. Under **Redirect URI**, use the drop-down to select **Public client/native (mobile & desktop)**.
-1. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
+1. For **Redirect URI**, enter `myapp://auth`.
 1. Under **Permissions**, select the *Grant admin consent to openid and offline_access permissions* check box.
 1. Select **Register**.
 1. Record the **Application (client) ID** for use in a later step.

articles/active-directory-b2c/custom-policy-get-started.md

@@ -165,7 +165,7 @@ Now that you have a button in place, you need to link it to an action. The actio
 To use ADFS as an identity provider in Azure AD B2C, you need to create an ADFS Relying Party Trust with the Azure AD B2C SAML metadata. The following example shows a URL address to the SAML metadata of an Azure AD B2C technical profile:
 
 ```
-https://your-tenant-name.b2clogin.com/your-tenant-name/your-policy/samlp/metadata?idptp=your-technical-profile
+https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/your-policy/samlp/metadata?idptp=your-technical-profile
 ```
 
 Replace the following values:

articles/active-directory-b2c/identity-provider-adfs2016-custom.md

@@ -22,44 +22,38 @@
   items:
   - name: Authentication methods
     href: concept-authentication-methods.md
-  - name: Passwordless authentication
-    href: concept-authentication-passwordless.md
-  - name: Security information registration
-    href: concept-registration-mfa-sspr-combined.md
-  - name: Password reset
+  - name: Self-service password reset
     items:
     - name: How password reset works
       href: concept-sspr-howitworks.md
-    - name: Password reset options
-      href: concept-sspr-customization.md
-    - name: Password reset policies
-      href: concept-sspr-policy.md
-    - name: What license do I need?
-      href: concept-sspr-licensing.md
     - name: On-premises integration
       href: concept-sspr-writeback.md
+    - name: Policies
+      href: concept-sspr-policy.md
+    - name: Licenses
+      href: concept-sspr-licensing.md
   - name: Multi-Factor Authentication
     items:
     - name: How MFA works
       href: concept-mfa-howitworks.md
-    - name: License your users
-      href: concept-mfa-licensing.md
-    - name: Manage an Auth Provider
-      href: concept-mfa-authprovider.md
-    - name: Security guidance
-      href: multi-factor-authentication-security-best-practices.md
     - name: Data residency
       href: concept-mfa-data-residency.md
+    - name: Licenses
+      href: concept-mfa-licensing.md
     - name: MFA for Office 365
       href: https://docs.microsoft.com/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
-    - name: MFA FAQ
+    - name: FAQ
       href: multi-factor-authentication-faq.md
-  - name: Azure AD password protection
+  - name: Passwordless authentication
+    href: concept-authentication-passwordless.md
+  - name: Password protection
     items:
     - name: Eliminate weak passwords in the cloud
       href: concept-password-ban-bad.md
     - name: Eliminate weak passwords on-premises
       href: concept-password-ban-bad-on-premises.md
+  - name: Security information registration
+    href: concept-registration-mfa-sspr-combined.md
   - name: Resilient access controls
     href: concept-resilient-controls.md
 - name: How-to guides
@@ -68,20 +62,24 @@
     items:
     - name: Deployment guide
       href: howto-sspr-deployment.md
+    - name: User customization options
+      href: howto-sspr-customization.md
     - name: Pre-register authentication data
       href: howto-sspr-authenticationdata.md
     - name: SSPR for Windows clients
       href: howto-sspr-windows.md
-  - name: Cloud-based MFA
+  - name: Azure Multi-Factor Authentication
     items:
     - name: Deployment guide
       href: howto-mfa-getstarted.md
-    - name: Per user MFA
-      href: howto-mfa-userstates.md
-    - name: User and device settings
-      href: howto-mfa-userdevicesettings.md
     - name: Configure settings
       href: howto-mfa-mfasettings.md
+    - name: Configure users
+      href: howto-mfa-userdevicesettings.md
+    - name: Enable per-user MFA
+      href: howto-mfa-userstates.md
+    - name: Configure authentication providers
+      href: concept-mfa-authprovider.md
     - name: Directory Federation
       items:
       - name: Windows Server 2016 AD FS Adapter
@@ -102,28 +100,6 @@
         href: howto-mfa-nps-extension-rdg.md
       - name: VPN
         href: howto-mfa-nps-extension-vpn.md
-  - name: Security info registration
-    items:
-    - name: Enable combined registration
-      href: howto-registration-mfa-sspr-combined.md
-    - name: Troubleshoot combined registration
-      href: howto-registration-mfa-sspr-combined-troubleshoot.md
-  - name: Azure AD password protection
-    items:
-    - name: Plan and deploy on-premises
-      href: howto-password-ban-bad-on-premises-deploy.md
-    - name: Enable and configure on-premises
-      href: howto-password-ban-bad-on-premises-operations.md
-    - name: Monitor on-premises deployments
-      href: howto-password-ban-bad-on-premises-monitor.md
-    - name: Troubleshoot on-premises deployments
-      href: howto-password-ban-bad-on-premises-troubleshoot.md
-    - name: On-premises FAQs
-      href: howto-password-ban-bad-on-premises-faq.md
-    - name: On-premises agent version history
-      href: howto-password-ban-bad-on-premises-agent-versions.md
-  - name: Azure AD smart lockout
-    href: howto-password-smart-lockout.md
   - name: Passwordless
     items: 
       - name: Deploying passwordless
@@ -140,14 +116,38 @@
         href: howto-authentication-passwordless-phone.md
       - name: Windows Hello for Business
         href: https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification
+  - name: Security info registration
+    items:
+    - name: Enable combined registration
+      href: howto-registration-mfa-sspr-combined.md
+    - name: Troubleshoot combined registration
+      href: howto-registration-mfa-sspr-combined-troubleshoot.md
+  - name: On-premises password protection
+    items:
+    - name: Plan and deploy
+      href: howto-password-ban-bad-on-premises-deploy.md
+    - name: Enable and configure
+      href: howto-password-ban-bad-on-premises-operations.md
+    - name: Monitor
+      href: howto-password-ban-bad-on-premises-monitor.md
+    - name: Troubleshoot
+      href: howto-password-ban-bad-on-premises-troubleshoot.md
+    - name: FAQs
+      href: howto-password-ban-bad-on-premises-faq.md
+    - name: Agent version history
+      href: howto-password-ban-bad-on-premises-agent-versions.md
+  - name: Use SMS-based authentication (preview)
+    href: howto-authentication-sms-signin.md
+  - name: Azure AD smart lockout
+    href: howto-password-smart-lockout.md
   - name: Certificate-based authentication
     items:
     - name: Get started with certificate auth
       href: active-directory-certificate-based-authentication-get-started.md
       items:
-      - name: CBA on Android Devices
+      - name: Use on Android Devices
         href: active-directory-certificate-based-authentication-android.md
-      - name: CBA on iOS Devices
+      - name: Use on iOS Devices
         href: active-directory-certificate-based-authentication-ios.md
   - name: Reporting
     items:

articles/active-directory/authentication/TOC.yml

@@ -24,7 +24,7 @@ iOS devices can use certificate-based authentication (CBA) to authenticate to Az
 
 Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
 
-This topic provides you with the requirements and the supported scenarios for configuring CBA on an iOS(Android) device for users of tenants in Office 365 Enterprise, Business, Education, US Government, China, and Germany plans.
+This topic provides you with the requirements and the supported scenarios for configuring CBA on an iOS device for users of tenants in Office 365 Enterprise, Business, Education, US Government, China, and Germany plans.
 
 This feature is available in preview in Office 365 US Government Defense and Federal plans.
 

articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 07/11/2018
+ms.date: 04/15/2020
 
 ms.author: iainfou
 author: iainfoulds
@@ -232,7 +232,7 @@ This FAQ is split into the following sections:
   >
 * **Q:  Is there an API to access the password reset or registration reporting data?**
 
-  > **A:** Yes. To learn how you can access the password reset reporting data stream, see [Learn how to access password reset reporting events programmatically](https://msdn.microsoft.com/library/azure/mt126081.aspx#BKMK_SsprActivityEvent).
+  > **A:** Yes. To learn how you can access the password reset reporting data, see the [Azure Log Analytics REST API Reference](/rest/api/loganalytics/).
   >
   >
 

articles/active-directory/authentication/active-directory-passwords-faq.md

@@ -17,13 +17,13 @@ ms.collection: M365-identity-device-management
 ---
 # When to use an Azure Multi-Factor Authentication Provider
 
+> [!IMPORTANT]
+> Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multi-factor authentication will continue to be available as a feature in Azure AD Premium licenses.
+
 Two-step verification is available by default for global administrators who have Azure Active Directory, and Office 365 users. However, if you wish to take advantage of [advanced features](howto-mfa-mfasettings.md) then you should purchase the full version of Azure Multi-Factor Authentication (MFA).
 
 An Azure Multi-Factor Auth Provider is used to take advantage of features provided by Azure Multi-Factor Authentication for users who **do not have licenses**.
 
-> [!NOTE]
-> Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated, but migration is no longer possible. Multi-factor authentication will continue to be available as a feature in Azure AD Premium licenses.
-
 ## Caveats related to the Azure MFA SDK
 
 Note the SDK has been deprecated and will only continue to work until November 14, 2018. After that time, calls to the SDK will fail.

articles/active-directory/authentication/concept-mfa-authprovider.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 12/16/2019
+ms.date: 04/13/2020
 
 ms.author: iainfou
 author: iainfoulds