Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into us1604901a

Author: TimShererWithAquent

.openpublishing.redirection.json

@@ -16525,6 +16525,21 @@
       "redirect_url": "/azure/machine-learning/team-data-science-process/walkthroughs",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/team-data-science-process/cortana-analytics-playbook-predictive-maintenance.md",
+      "redirect_url": "/azure/machine-learning/team-data-science-process/predictive-maintenance-playbook",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/machine-learning/team-data-science-process/cortana-analytics-architecture-predictive-maintenance.md",
+      "redirect_url": "/azure/machine-learning/team-data-science-process/predictive-maintenance-architecture",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/machine-learning/team-data-science-process/cortana-analytics-technical-guide-predictive-maintenance.md",
+      "redirect_url": "/azure/machine-learning/team-data-science-process/predictive-maintenance-technical-guide",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/monitoring-and-diagnostics/monitor-alerts-unified-log-template.md",
       "redirect_url": "/azure/monitoring-and-diagnostics/alert-log",
@@ -49251,6 +49266,16 @@
       "redirect_url": "/azure/cognitive-services/Speech-Service/how-to-use-codec-compressed-audio-input-streams?pivots=programming-language-objectivec",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/integrations/index.yml",
+      "redirect_url": "https://azure.microsoft.com/products/developer-tool-integrations/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sdks/index.yml",
+      "redirect_url": "https://azure.microsoft.com/downloads/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/power-bi-embedded/index.md",
       "redirect_url": "https://docs.microsoft.com/power-bi/developer/azure-pbie-what-is-power-bi-embedded",

articles/active-directory-b2c/active-directory-technical-profile.md

@@ -60,13 +60,13 @@ To read, update, or delete an existing user account, the input claim is a key th
 
 To create a new user account, the input claim is a key that uniquely identifies a local or federated account. For example, local account: **signInNames.emailAddress**, or **signInNames.userName**. For a federated account: the **alternativeSecurityId**.
 
-The InputClaimsTransformations element may contain a collection of input claims transformation elements that are used to modify the input claim or generate new one.
+The [InputClaimsTransformations](technicalprofiles.md#inputclaimstransformations) element may contain a collection of input claims transformation elements that are used to modify the input claim or generate new one.
 
 ## OutputClaims
 
 The **OutputClaims** element contains a list of claims returned by the Azure AD technical profile. You may need to map the name of the claim defined in your policy to the name defined in Azure Active Directory. You can also include claims that aren't returned by the Azure Active Directory, as long as you set the `DefaultValue` attribute.
 
-The **OutputClaimsTransformations** element may contain a collection of **OutputClaimsTransformation** elements that are used to modify the output claims or generate new ones.
+The [OutputClaimsTransformations](technicalprofiles.md#outputclaimstransformations) element may contain a collection of **OutputClaimsTransformation** elements that are used to modify the output claims or generate new ones.
 
 For example, the **AAD-UserWriteUsingLogonEmail** technical profile creates a local account and returns the following claims:
 
@@ -88,7 +88,7 @@ For example, the **AAD-UserWriteUsingLogonEmail** technical profile creates a lo
 
 ## PersistedClaims
 
-The **PersistedClaims** element contains all of the values that should be persisted by Azure AD with possible mapping information between a claim type already defined in the ClaimsSchema section in the policy and the Azure AD attribute name.
+The **PersistedClaims** element contains all of the values that should be persisted by Azure AD with possible mapping information between a claim type already defined in the [ClaimsSchema](claimsschema.md) section in the policy and the Azure AD attribute name.
 
 The **AAD-UserWriteUsingLogonEmail** technical profile, which creates new local account, persists following claims:
 
@@ -119,9 +119,7 @@ The name of the claim is the name of the Azure AD attribute unless the **Partner
 
 ### Read
 
-The **Read** operation reads data about a single user account. To read user data, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames** (any type, user name and email-based account) or **alternativeSecurityId**.
-
-The following technical profile reads data about a user account using the user's objectId:
+The **Read** operation reads data about a single user account. The following technical profile reads data about a user account using the user's objectId:
 
 ```XML
 <TechnicalProfile Id="AAD-UserReadUsingObjectId">
@@ -151,9 +149,7 @@ The following technical profile reads data about a user account using the user's
 
 ### Write
 
-The **Write** operation creates or updates a single user account. To write a user account, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress**, or **alternativeSecurityId**.
-
-The following technical profile creates new social account:
+The **Write** operation creates or updates a single user account. The following technical profile creates new social account:
 
 ```XML
 <TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
@@ -193,9 +189,7 @@ The following technical profile creates new social account:
 
 ### DeleteClaims
 
-The **DeleteClaims** operation clears the information from a provided list of claims. To delete information from claims, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress** or **alternativeSecurityId**.
-
-The following technical profile deletes claims:
+The **DeleteClaims** operation clears the information from a provided list of claims. The following technical profile deletes claims:
 
 ```XML
 <TechnicalProfile Id="AAD-DeleteClaimsUsingObjectId">
@@ -216,9 +210,7 @@ The following technical profile deletes claims:
 
 ### DeleteClaimsPrincipal
 
-The **DeleteClaimsPrincipal** operation deletes a single user account from the directory. To delete a user account, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress** or **alternativeSecurityId**.
-
-The following technical profile deletes a user account from the directory using the user principal name:
+The **DeleteClaimsPrincipal** operation deletes a single user account from the directory. The following technical profile deletes a user account from the directory using the user principal name:
 
 ```XML
 <TechnicalProfile Id="AAD-DeleteUserUsingObjectId">
@@ -253,13 +245,27 @@ The following technical profile deletes a social user account using **alternativ
 | --------- | -------- | ----------- |
 | Operation | Yes | The operation to be performed. Possible values: `Read`, `Write`, `DeleteClaims`, or `DeleteClaimsPrincipal`. |
 | RaiseErrorIfClaimsPrincipalDoesNotExist | No | Raise an error if the user object does not exist in the directory. Possible values: `true` or `false`. |
-| UserMessageIfClaimsPrincipalDoesNotExist | No | If an error is to be raised (see the RaiseErrorIfClaimsPrincipalDoesNotExist attribute description), specify the message to show to the user if user object does not exist. The value can be [localized](localization.md).|
 | RaiseErrorIfClaimsPrincipalAlreadyExists | No | Raise an error if the user object already exists. Possible values: `true` or `false`.|
-| UserMessageIfClaimsPrincipalAlreadyExists | No | If an error is to be raised (see RaiseErrorIfClaimsPrincipalAlreadyExists attribute description), specify the message to show to the user if user object already exists. The value can be [localized](localization.md).|
 | ApplicationObjectId | No | The application object identifier for extension attributes. Value: ObjectId of an application. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md). |
 | ClientId | No | The client identifier for accessing the tenant as a third party. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md) |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 
+### Error messages
+ 
+The following settings can be used to configure the error message displayed upon failure. The metadata should be configured in the [self-asserted](self-asserted-technical-profile.md) technical profile. The error messages can be [localized](localization.md).
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| UserMessageIfClaimsPrincipalAlreadyExists | No | If an error is to be raised (see RaiseErrorIfClaimsPrincipalAlreadyExists attribute description), specify the message to show to the user if user object already exists. |
+| UserMessageIfClaimsPrincipalDoesNotExist | No | If an error is to be raised (see the RaiseErrorIfClaimsPrincipalDoesNotExist attribute description), specify the message to show to the user if user object does not exist. |
+
+
+## Next steps
+
+See the following article, for example of using Azure AD technical profile:
+
+- [Add claims and customize user input using custom policies in Azure Active Directory B2C](custom-policy-configure-user-input.md)
+
 
 
 

articles/active-directory-domain-services/tutorial-create-instance.md

@@ -134,7 +134,7 @@ With Azure AD DS successfully deployed, now configure the virtual network to all
 
 1. The **Overview** tab for your managed domain shows some **Required configuration steps**. The first configuration step is to update DNS server settings for your virtual network. Once the DNS settings are correctly configured, this step is no longer shown.
 
-    The addresses listed are the domain controllers for use in the virtual network. In this example, those addresses are *10.1.0.4* and *10.1.0.5*. You can later find these IP addresses on the **Properties** tab.
+    The addresses listed are the domain controllers for use in the virtual network. In this example, those addresses are *10.0.1.4* and *10.0.1.5*. You can later find these IP addresses on the **Properties** tab.
 
     ![Configure DNS settings for your virtual network with the Azure AD Domain Services IP addresses](./media/tutorial-create-instance/configure-dns.png)
 

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -95,7 +95,7 @@ If your users are [Having trouble with two-step verification](../user-help/multi
 
 ### Health check script
 
-The [Azure MFA NPS Extension health check script](https://gallery.technet.microsoft.com/Azure-MFA-NPS-Extension-648de6bb) is available on the TechNet Gallery to perform a basic health check when troubleshooting the NPS extension. Run the script and choose option 3.
+The [Azure MFA NPS Extension health check script](https://docs.microsoft.com/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/) performs a basic health check when troubleshooting the NPS extension. Run the script and choose option 3.
 
 ### Contact Microsoft support
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -26,7 +26,7 @@ When using the NPS extension for Azure MFA, the authentication flow includes the
 1. **NAS/VPN Server** receives requests from VPN clients and converts them into RADIUS requests to NPS servers. 
 2. **NPS Server** connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.  
 3. **NPS Extension** triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.  
-4. **Azure MFA** communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.
+4. **Azure MFA** communicates with Azure Active Directory to retrieve the user's details and performs the secondary authentication using a verification method configured to the user.
 
 The following diagram illustrates this high-level authentication request flow: 
 
@@ -165,7 +165,7 @@ The installer creates a PowerShell script in this location: `C:\Program Files\Mi
 - Create a self-signed certificate.
 - Associate the public key of the certificate to the service principal on Azure AD.
 - Store the cert in the local machine cert store.
-- Grant access to the certificate’s private key to Network User.
+- Grant access to the certificate's private key to Network User.
 - Restart the NPS.
 
 Unless you want to use your own certificates (instead of the self-signed certificates that the PowerShell script generates), run the PowerShell Script to complete the installation. If you install the extension on multiple servers, each one should have its own certificate.
@@ -247,9 +247,9 @@ You can choose to create this key and set it to FALSE while your users are onboa
 
 ### NPS extension health check script
 
-The following script is available on the TechNet Gallery to perform basic health check steps when troubleshooting the NPS extension.
+The following script is available to perform basic health check steps when troubleshooting the NPS extension.
 
-[MFA_NPS_Troubleshooter.ps1](https://gallery.technet.microsoft.com/Azure-MFA-NPS-Extension-648de6bb)
+[MFA_NPS_Troubleshooter.ps1](https://docs.microsoft.com/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/)
 
 ---
 
@@ -332,6 +332,8 @@ Additional troubleshooting guidance and possible solutions can be found in the a
 
 ## Next steps
 
+- [Overview and configuration of Network Policy Server in Windows Server](https://docs.microsoft.com/windows-server/networking/technologies/nps/nps-top)
+
 - Configure alternate IDs for login, or set up an exception list for IPs that shouldn't perform two-step verification in [Advanced configuration options for the NPS extension for Multi-Factor Authentication](howto-mfa-nps-extension-advanced.md)
 
 - Learn how to integrate [Remote Desktop Gateway](howto-mfa-nps-extension-rdg.md) and [VPN servers](howto-mfa-nps-extension-vpn.md) using the NPS extension

articles/active-directory/authentication/howto-password-ban-bad-on-premises-operations.md

@@ -15,7 +15,7 @@ ms.reviewer: jsimmons
 
 ms.collection: M365-identity-device-management
 ---
-# Enable on-premises Azure Active Password Protection
+# Enable on-premises Azure Active Directory Password Protection
 
 Users often create passwords that use common local words such as a school, sports team, or famous person. These passwords are easy to guess, and weak against dictionary-based attacks. To enforce strong passwords in your organization, Azure Active Directory (Azure AD) Password Protection provides a global and custom banned password list. A password change request fails if there's a match in these banned password list.
 

articles/active-directory/conditional-access/terms-of-use.md

@@ -274,7 +274,11 @@ If a user is using Windows 10 and Microsoft Edge, they will receive a message si
 
 If they are using Chrome, they will be prompted to install the [Windows 10 Accounts extension](https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji).
 
-### Join an Android device
+### Register an iOS device
+
+If a user is using an iOS device, they will be prompted to install the [Microsoft Authenticator app](https://apps.apple.com/us/app/microsoft-authenticator/id983156458).
+
+### Register an Android device
 
 If a user is using an Android device, they will be prompted to install the [Microsoft Authenticator app](https://play.google.com/store/apps/details?id=com.azure.authenticator).
 

articles/active-directory/hybrid/how-to-connect-password-hash-synchronization.md

@@ -119,6 +119,7 @@ Caveat: If there are synchronized accounts that need to have non-expiring passwo
 
 > [!NOTE]
 > This feature is in Public Preview right now.
+> The Set-MsolPasswordPolicy PowerShell command will not work on federated domains. 
 
 #### Public Preview of synchronizing temporary passwords and "Force Password Change on Next Logon"