Merge pull request #78500 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/devices/troubleshoot-hybrid-join-windows-legacy.md

@@ -85,7 +85,7 @@ If the device was not hybrid Azure AD joined, you can attempt to do hybrid Azure
 
   - Autoworkplace.exe is unable to silently authenticate with Azure AD or AD FS. This could be caused by missing or misconfigured AD FS (for federated domains) or missing or misconfigured Azure AD Seamless Single Sign-On (for managed domains) or network issues. 
 
-    - It could be that multi-factor authentication (MFA) is enabled/configured for the user and WIAORMUTLIAUTHN is not configured at the AD FS server. 
+    - It could be that multi-factor authentication (MFA) is enabled/configured for the user and WIAORMULTIAUTHN is not configured at the AD FS server. 
 
     - Another possibility is that home realm discovery (HRD) page is waiting for user interaction, which prevents **autoworkplace.exe** from silently requesting a token.
 

articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-ping-access.md

@@ -154,9 +154,9 @@ To collect this information:
 
 ### Update GraphAPI to send custom fields (optional)
 
-For a list of security tokens that Azure AD sends for authentication, see [Microsoft identity platform ID tokens](../develop/id-tokens.md). If you need a custom claim that sends other tokens, set the `acceptMappedClaims` application field to `True`. You can use Graph Explorer or the Azure AD portal's application manifest to make this change.
+If you need a custom claim that sends other tokens within the access_token consumed by PingAccess, set the `acceptMappedClaims` application field to `True`. You can use Graph Explorer or the Azure AD portal's application manifest to make this change.
 
-This example uses Graph Explorer:
+**This example uses Graph Explorer:**
 
 ```
 PATCH https://graph.windows.net/myorganization/applications/<object_id_GUID_of_your_application>
@@ -166,7 +166,7 @@ PATCH https://graph.windows.net/myorganization/applications/<object_id_GUID_of_y
 }
 ```
 
-This example uses the [Azure Active Directory portal](https://aad.portal.azure.com/) to update the `acceptMappedClaims` field:
+**This example uses the [Azure Active Directory portal](https://aad.portal.azure.com/) to update the `acceptMappedClaims` field:**
 
 1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/) as an application administrator.
 2. Select **Azure Active Directory** > **App registrations**. A list of applications appears.
@@ -175,7 +175,29 @@ This example uses the [Azure Active Directory portal](https://aad.portal.azure.c
 5. Search for the `acceptMappedClaims` field, and change the value to `True`.
 6. Select **Save**.
 
-### Use a custom claim (optional)
+
+### Use of optional claims (optional)
+Optional claims allows you to add standard-but-not-included-by-default claims that every user and tenant has. 
+You can configure optional claims for your application by modifying the application manifest. For more info, see the [Understanding the Azure AD application manifest article](https://docs.microsoft.com/azure/active-directory/develop/reference-app-manifest/)
+
+Example to include email address into the access_token that PingAccess will consume:
+```
+    "optionalClaims": {
+        "idToken": [],
+        "accessToken": [
+            {
+                "name": "email",
+                "source": null,
+                "essential": false,
+                "additionalProperties": []
+            }
+        ],
+        "saml2Token": []
+    },
+```
+
+### Use of claims mapping policy (optional)
+[Claims Mapping Policy (preview)](https://docs.microsoft.com/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-properties/) for attributes which do not exist in AzureAD. Claims mapping allows you to migrate old on-prem apps to the cloud by adding additional custom claims that are backed by your ADFS or user objects
 
 To make your application use a custom claim and include additional fields, be sure you've also [created a custom claims mapping policy and assigned it to the application](../develop/active-directory-claims-mapping.md#claims-mapping-policy-assignment).
 
@@ -184,6 +206,16 @@ To make your application use a custom claim and include additional fields, be su
 >
 > You can do policy definition and assignment through PowerShell, Azure AD Graph Explorer, or Microsoft Graph. If you're doing them in PowerShell, you may need to first use `New-AzureADPolicy` and then assign it to the application with `Add-AzureADServicePrincipalPolicy`. For more information, see [Claims mapping policy assignment](../develop/active-directory-claims-mapping.md#claims-mapping-policy-assignment).
 
+Example:
+```powershell
+$pol = New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":"employeeid","JwtClaimType":"employeeid"}]}}') -DisplayName "AdditionalClaims" -Type "ClaimsMappingPolicy"
+
+Add-AzureADServicePrincipalPolicy -Id "<<The object Id of the Enterprise Application you published in the previous step, which requires this claim>>" -RefObjectId $pol.Id 
+```
+
+### Enable PingAccess to use custom claims (optional but required if you expect the application to consume additional claims)
+When you will configure PingAccess in the following step, the Web Session you will create (Settings->Access->Web Sessions) must have **Request Profile** deselected and **Refresh User Attributes** set to **No**
+
 ## Download PingAccess and configure your application
 
 Now that you've completed all the Azure Active Directory setup steps, you can move on to configuring PingAccess.

articles/automation/automation-update-management.md

@@ -486,7 +486,7 @@ Update
 | summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID
 | where UpdateState=~"Needed" and Approved!=false
 | summarize by UpdateID, Classification )
-| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security"
+| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security")
 ```
 
 ##### Computers list

articles/azure-functions/functions-bindings-http-webhook.md

@@ -662,7 +662,7 @@ If your function app is using [App Service Authentication / Authorization](../ap
 
 You can also read this information from binding data. This capability is only available to the Functions 2.x runtime. It is also currently only available for .NET languages.
 
-In .NET languages, this information is available as a [ClaimsPrincipal](https://docs.microsoft.com/dotnet/api/system.security.claims.claimsprincipal?view=netstandard-2.0). The ClaimsPrincipal is available as part of the request context as shown in the following example:
+In .NET languages, this information is available as a [ClaimsPrincipal](https://docs.microsoft.com/dotnet/api/system.security.claims.claimsprincipal). The ClaimsPrincipal is available as part of the request context as shown in the following example:
 
 ```csharp
 using System.Net;

articles/azure-monitor/app/api-custom-events-metrics.md

@@ -148,7 +148,7 @@ telemetry.trackEvent({name: "WinGame"});
 
 The telemetry is available in the `customEvents` table in [Application Insights Analytics](analytics.md). Each row represents a call to `trackEvent(..)` in your app.
 
-If [sampling](../../azure-monitor/app/sampling.md) is in operation, the itemCount property shows a value greater than 1. For example itemCount==10 means that of 10 calls to trackEvent(), the sampling process only transmitted one of them. To get a correct count of custom events, you should use therefore use code such as `customEvents | summarize sum(itemCount)`.
+If [sampling](../../azure-monitor/app/sampling.md) is in operation, the itemCount property shows a value greater than 1. For example itemCount==10 means that of 10 calls to trackEvent(), the sampling process only transmitted one of them. To get a correct count of custom events, you should therefore use code such as `customEvents | summarize sum(itemCount)`.
 
 ## GetMetric
 

articles/azure-monitor/app/cloudservices.md

@@ -189,18 +189,18 @@ For worker roles, you can track exceptions in two ways:
 ## Performance counters
 The following counters are collected by default:
 
-    * \Process(??APP_WIN32_PROC??)\% Processor Time
-    * \Memory\Available Bytes
-    * \.NET CLR Exceptions(??APP_CLR_PROC??)\# of Exceps Thrown / sec
-    * \Process(??APP_WIN32_PROC??)\Private Bytes
-    * \Process(??APP_WIN32_PROC??)\IO Data Bytes/sec
-    * \Processor(_Total)\% Processor Time
+* \Process(??APP_WIN32_PROC??)\% Processor Time
+* \Memory\Available Bytes
+* \.NET CLR Exceptions(??APP_CLR_PROC??)\# of Exceps Thrown / sec
+* \Process(??APP_WIN32_PROC??)\Private Bytes
+* \Process(??APP_WIN32_PROC??)\IO Data Bytes/sec
+* \Processor(_Total)\% Processor Time
 
 For web roles, these counters are also collected:
 
-    * \ASP.NET Applications(??APP_W3SVC_PROC??)\Requests/Sec
-    * \ASP.NET Applications(??APP_W3SVC_PROC??)\Request Execution Time
-    * \ASP.NET Applications(??APP_W3SVC_PROC??)\Requests In Application Queue
+* \ASP.NET Applications(??APP_W3SVC_PROC??)\Requests/Sec
+* \ASP.NET Applications(??APP_W3SVC_PROC??)\Request Execution Time
+* \ASP.NET Applications(??APP_W3SVC_PROC??)\Requests In Application Queue
 
 You can specify additional custom or other Windows performance counters by editing *ApplicationInsights.config* [as shown in this example](https://github.com/Microsoft/ApplicationInsights-Home/blob/master/Samples/AzureEmailService/WorkerRoleA/ApplicationInsights.config#L14).
 

articles/cognitive-services/Translator/language-support.md

@@ -208,6 +208,7 @@ The following languages are available for customization to or from English using
 | Bosnian (Latin)      | `bs`          |
 | Bulgarian      | `bg`          |
 | Chinese Simplified      | `zh-Hans`          |
+|Chinese Traditional|	`zh-Hant`	|
 | Croatian      | `hr`          |
 | Czech      | `cs`          |
 | Danish      | `da`          |

articles/machine-learning/team-data-science-process/sqldw-walkthrough.md

@@ -579,11 +579,11 @@ If you have already set up an AzureML workspace, you can directly upload the sam
 
 In order to run the sample IPython Notebook or the Python script file, the following Python packages are needed. If you are using the AzureML IPython Notebook service, these packages have been pre-installed.
 
-    - pandas
-    - numpy
-    - matplotlib
-    - pyodbc
-    - PyTables
+- pandas
+- numpy
+- matplotlib
+- pyodbc
+- PyTables
 
 The recommended sequence when building advanced analytical solutions on AzureML with large data is the following:
 

articles/notebooks/tutorial-create-run-jupyter-notebook.md

@@ -303,7 +303,7 @@ If you see unexpected results (which you probably will!), check that each cell i
 
     With two independent variables you can imagine a three-dimensional plot with a line fitted to the data. At three or more independent variables, however, it's no longer easy to visualize the fit, but you get the idea. In the end, it's all just mathematics, which a computer can handle easily without having to form a mental picture!
 
-    The regressor's `fit` method here creates the line, which algebraically is of the form `y = x*b1 + b0`, where b1 is the coefficient or slope of the line (which you can get to through `regressor.coef_`), and b0 is the intercept of the line at x=0 (which you can get to through `regressor.intercept`).
+    The regressor's `fit` method here creates the line, which algebraically is of the form `y = x*b1 + b0`, where b1 is the coefficient or slope of the line (which you can get to through `regressor.coef_`), and b0 is the intercept of the line at x=0 (which you can get to through `regressor.intercept_`).
     ```
 
 1. Code cell; when run, this cell shows the output, `LinearRegression(copy_X=True, fit_intercept=True, n_jobs=None,normalize=False)`.
@@ -322,7 +322,7 @@ If you see unexpected results (which you probably will!), check that each cell i
 
     With the regressor in hand, we can predict the test set results using its `predict` method. That method takes a vector of independent variables for which you want predictions.
 
-    Because the regressor is fit to the data by virtue of `coef_` and `intercept_` and `coef_`, a prediction is the result of `coef_ * x + intercept_`. (Indeed, `predict(0)` returns `intercept_` and `predict(1)` returns `intercept_ + coef_`.)
+    Because the regressor is fit to the data by virtue of `coef_` and `intercept_`, a prediction is the result of `coef_ * x + intercept_`. (Indeed, `predict(0)` returns `intercept_` and `predict(1)` returns `intercept_ + coef_`.)
 
     In the code, the `y_test` matrix (from when we split the set) contains the real observations. `y_pred` assigned here contains the predictions for the same `X_test` inputs. It's not expected that the test or training points exactly fit the regression; the regression is trying to find the model that we can use to make predictions with new observations of the independent variables.
     ```

articles/site-recovery/site-recovery-retain-ip-azure-vm-failover.md

@@ -38,7 +38,7 @@ Here's the architecture before failover.
         - East Asia has a VNet (**Source VNet**) with address space 10.1.0.0/16.
         - East Asia has workloads split across three subnets in the VNet:
             - **Subnet 1**: 10.1.1.0/24
-            - **Subnet 2**: 10.1.2.0/24,
+            - **Subnet 2**: 10.1.2.0/24
             - **Subnet 3**: 10.1.3.0/24
     - Secondary (target) region is Azure Southeast Asia
         - Southeast Asia has a recovery VNet (**Recovery VNet**) identical to **Source VNet**.
@@ -128,11 +128,11 @@ Here’s what the network architecture looks like before failover.
 - East Asia has a VNet (**Source VNet**) with address space 10.1.0.0/16.
   - East Asia has workloads split across three subnets in **Source VNet**:
     - **Subnet 1**: 10.1.1.0/24
-    - **Subnet 2**: 10.1.2.0/24,
-    - **Subnet 3**: 10.1.3.0/24utilizing an Azure virtual network with address space 10.1.0.0/16. This virtual network is named **Source VNet**
+    - **Subnet 2**: 10.1.2.0/24
+    - **Subnet 3**: 10.1.3.0/24, utilizing an Azure virtual network with address space 10.1.0.0/16. This virtual network is named **Source VNet**
       - The secondary (target) region is Azure Southeast Asia:
   - Southeast Asia has a recovery VNet (**Recovery VNet**) identical to **Source VNet**.
-- VMs in East Asia are connected to an on-premises datacenter with Azure ExpressRoute or site-to-site-VPN.
+- VMs in East Asia are connected to an on-premises datacenter with Azure ExpressRoute or site-to-site VPN.
 - To reduce RTO, Company B provisions gateways on Recovery VNet in Azure Southeast Asia prior to failover.
 - Company B assigns/verifies target IP addresses for replicated VMs. The target IP address is the same as source IP address for each VM.