Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: MikeDodaro

.openpublishing.redirection.json

@@ -1766,6 +1766,11 @@
       "redirect_url": "/azure/cosmos-db/create-sql-api-dotnet",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cosmos-db/change-feed-hl7-fhir-logic-apps.md",
+      "redirect_url": "/azure/cosmos-db/change-feed",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cosmos-db/spark-api-introduction.md",
       "redirect_url": "/azure/cosmos-db/analytics-usecases",
@@ -3433,7 +3438,12 @@
     },
     {
       "source_path": "articles/azure-resource-manager/extension-resource-types.md",
-      "redirect_url": "/azure/azure-resource-manager/templates/extension-resource-types",
+      "redirect_url": "/azure/azure-resource-manager/management/extension-resource-types",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-resource-manager/templates/extension-resource-types.md",
+      "redirect_url": "/azure/azure-resource-manager/management/extension-resource-types",
       "redirect_document_id": false
     },
     {
@@ -4238,7 +4248,7 @@
     },
     {
       "source_path": "articles/billing-how-to-create-billing-support-ticket.md",
-      "redirect_url": "/azure/azure-supportability/how-to-create-azure-support-request",
+      "redirect_url": "/azure/azure-portal/supportability/how-to-create-azure-support-request",
       "redirect_document_id": false
     },
     {
@@ -4248,7 +4258,7 @@
     },
     {
       "source_path": "articles/billing-how-to-use-file-uploader.md",
-      "redirect_url": "/azure/azure-supportability/how-to-use-file-uploader",
+      "redirect_url": "/azure/azure-portal/supportability/how-to-use-file-uploader",
       "redirect_document_id": false
     },
     {
@@ -14694,9 +14704,14 @@
     },
     {
       "source_path": "articles/machine-learning/machine-learning-algorithm-choice.md",
-      "redirect_url": "/azure/machine-learning/studio/algorithm-choice",
+      "redirect_url": "/azure/machine-learning/how-to-select-algorithms",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/studio/algorithm-choice.md",
+      "redirect_url": "/azure/machine-learning/how-to-select-algorithms",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "articles/machine-learning/machine-learning-algorithm-parameters-optimize.md",
       "redirect_url": "/azure/machine-learning/studio/algorithm-parameters-optimize",
@@ -17334,7 +17349,7 @@
     },
     {
       "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-use-low-priority.md",
-      "redirect_url": "/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-spot",
+      "redirect_url": "/azure/virtual-machine-scale-sets/use-spot",
       "redirect_document_id": true
     },
     {
@@ -46604,6 +46619,16 @@
       "source_path": "articles/load-balancer/load-balancer-arm.md",
       "redirect_url": "/azure/load-balancer/load-balancer-overview",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/healthcare-apis/tutorial-2-setup-environment.md",
+      "redirect_url": "/azure/healthcare-apis/tutorial-web-app-fhir-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/healthcare-apis/tutorial-3-connect-to-endpoint.md",
+      "redirect_url": "/azure/healthcare-apis/tutorial-web-app-fhir-server",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/TOC.yml

@@ -76,7 +76,7 @@
   items:
   - name: App integration
     items:
-    - name: Register an OIDC application
+    - name: Register an application
       href: tutorial-register-applications.md
     - name: Register a SAML service provider
       href: connect-with-saml-service-providers.md
@@ -282,6 +282,11 @@
           items:
           - name: Localization string IDs
             href: localization-string-ids.md
+        - name: DisplayControls
+          href: display-controls.md
+          items:
+          - name: Verification
+            href: display-control-verification.md
       - name: ClaimsProviders
         href: claimsproviders.md
         items:
@@ -320,11 +325,6 @@
             href: active-directory-b2c-reference-sso-custom.md
           - name: Validation
             href: validation-technical-profile.md
-      - name: DisplayControls
-        href: display-controls.md
-        items:
-        - name: Verification
-          href: display-control-verification.md
       - name: UserJourneys
         href: userjourneys.md
       - name: RelyingParty

articles/active-directory-b2c/active-directory-b2c-reference-oauth-code.md

@@ -98,8 +98,8 @@ Now that you've acquired an authorization code, you can redeem the `code` for a
 You can also request an access token for your app's own back-end Web API by convention of using the app's client ID as the requested scope (which will result in an access token with that client ID as the "audience"):
 
 ```HTTP
-POST {tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
-Host: {tenant}.b2clogin.com
+POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
+
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
@@ -165,8 +165,8 @@ Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZn
 Access tokens and ID tokens are short-lived. After they expire, you must refresh them to continue to access resources. To do this, submit another POST request to the `/token` endpoint. This time, provide the `refresh_token` instead of the `code`:
 
 ```HTTP
-POST {tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
-Host: {tenant}.b2clogin.com
+POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
+
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob

articles/active-directory-domain-services/check-health.md

@@ -10,15 +10,15 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/10/2019
+ms.date: 01/21/2020
 ms.author: iainfou
 
 ---
 # Check the health of an Azure Active Directory Domain Services managed domain
 
-Azure Active Directory Domain Services (Azure AD DS) runs some background tasks to keep the managed domain healthy and up-to-date. These tasks include taking backups, applying security updates, and synchronizing data from Azure AD. If there are issues with the Azure AD DS managed domain, these tasks may not successfully run. To review and resolve any issues, you can check the health status of an Azure AD DS managed domain using the Azure portal.
+Azure Active Directory Domain Services (Azure AD DS) runs some background tasks to keep the managed domain healthy and up-to-date. These tasks include taking backups, applying security updates, and synchronizing data from Azure AD. If there are issues with the Azure AD DS managed domain, these tasks may not successfully complete. To review and resolve any issues, you can check the health status of an Azure AD DS managed domain using the Azure portal.
 
-This article shows how to view the Azure AD DS health status and understand the information or alerts shown.
+This article shows you how to view the Azure AD DS health status and understand the information or alerts shown.
 
 ## View the health status
 
@@ -43,11 +43,11 @@ The status in the top right indicates the overall health of the Azure AD DS mana
 
 ## Understand monitors and alerts
 
-The health status for an Azure AD DS managed domain show two types of information - monitors, and alerts. Monitors show the time that core background tasks were completed. Alerts provide information or suggestions to improve the stability of the managed domain.
+The health status for an Azure AD DS managed domain show two types of information - *monitors*, and *alerts*. Monitors show the time that core background tasks were completed. Alerts provide information or suggestions to improve the stability of the managed domain.
 
 ### Monitors
 
-Monitors are areas of an Azure AD DS managed domain that are checked on a regular basis. If there are any active alerts for the Azure AD DS managed domain, it may cause one of the monitors to report an issue. Azure AD Domain Services currently monitors the following areas:
+Monitors are areas of an Azure AD DS managed domain that are checked on a regular basis. If there are any active alerts for the Azure AD DS managed domain, it may cause one of the monitors to report an issue. Azure AD Domain Services currently has monitors for the following areas:
 
 * Backup
 * Synchronization with Azure AD
@@ -64,7 +64,7 @@ The backup monitor checks that automated regular backups of the Azure AD DS mana
 
 #### Synchronization with Azure AD monitor
 
-An Azure AD DS managed domain regularly synchronizes with Azure Active Directory. The number of users and group objects, and the number of changes made in the Azure AD directory since the last sync, affects how long it takes to synchronize. If the Azure AD DS managed domain was last synchronized over three days ago, check for and resolve any active alerts. If the synchronization monitor doesn't then update the status to show a recent sync, [open an Azure support request][azure-support].
+An Azure AD DS managed domain regularly synchronizes with Azure Active Directory. The number of users and group objects, and the number of changes made in the Azure AD directory since the last sync, affects how long it takes to synchronize. If the Azure AD DS managed domain was last synchronized over three days ago, check for and resolve any active alerts. If the synchronization monitor doesn't update the status to show a recent sync after you address any active alerts, [open an Azure support request][azure-support].
 
 ### Alerts
 

articles/active-directory-domain-services/compare-identity-solutions.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: overview
-ms.date: 10/30/2019
+ms.date: 01/22/2020
 ms.author: iainfou
 
 #Customer intent: As an IT administrator or decision maker, I want to understand the differences between Active Directory Domain Services (AD DS), Azure AD, and Azure AD DS so I can choose the most appropriate identity solution for my organization.
@@ -25,8 +25,8 @@ Although the three Active Directory-based identity solutions share a common name
     * AD DS is a central component in many organizations with an on-premises IT environment, and provides core user account authentication and computer management features.
 * **Azure Active Directory (Azure AD)** - Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Office 365, the Azure portal, or SaaS applications.
     * Azure AD can be synchronized with an on-premises AD DS environment to provide a single identity to users that works natively in the cloud.
-* **Azure Active Directory Domain Services (Azure AD DS)** - Provides managed domain services with a subset of fully compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.
-    * Azure AD DS integrates with Azure AD, which itself can synchronize with an on-premises AD DS environment, to extend central identity use cases to traditional web applications that run in Azure as part of a lift-and-shift strategy.
+* **Azure Active Directory Domain Services (Azure AD DS)** - Provides managed domain services with a subset of fully-compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication.
+    * Azure AD DS integrates with Azure AD, which itself can synchronize with an on-premises AD DS environment. This ability extends central identity use cases to traditional web applications that run in Azure as part of a lift-and-shift strategy.
 
 This overview article compares and contrasts how these identity solutions can work together, or would be used independently, depending on the needs of your organization.
 
@@ -45,8 +45,8 @@ When you deploy and run a self-managed AD DS environment, you have to maintain a
 
 Common deployment models for a self-managed AD DS environment that provides identity to applications and services in the cloud include the following:
 
-* **Standalone cloud-only AD DS** - Azure VMs are configured as domain controllers and a separate cloud-only AD DS environment is created. This AD DS environment doesn't integrate with an on-premises AD DS environment. A different set of credentials is used to sign in to and administer VMs in the cloud.
-* **Resource forest deployment** - Azure VMs are configured as domain controllers and an AD DS domain as part of an existing forest is created. A trust relationship is then configured to an on-premises AD DS environment. Other Azure VMs can domain-join to this resource forest in the cloud. User authentication runs over a VPN / ExpressRoute connection to the on-premises AD DS environment.
+* **Standalone cloud-only AD DS** - Azure VMs are configured as domain controllers and a separate, cloud-only AD DS environment is created. This AD DS environment doesn't integrate with an on-premises AD DS environment. A different set of credentials is used to sign in and administer VMs in the cloud.
+* **Resource forest deployment** - Azure VMs are configured as domain controllers and an AD DS domain that's part of an existing forest is created. A trust relationship is then configured to an on-premises AD DS environment. Other Azure VMs can domain-join to this resource forest in the cloud. User authentication runs over a VPN / ExpressRoute connection to the on-premises AD DS environment.
 * **Extend on-premises domain to Azure** - An Azure virtual network connects to an on-premises network using a VPN / ExpressRoute connection. Azure VMs connect to this Azure virtual network, which lets them domain-join to the on-premises AD DS environment.
     * An alternative is to create Azure VMs and promote them as replica domain controllers from the on-premises AD DS domain. These domain controllers replicate over a VPN / ExpressRoute connection to the on-premises AD DS environment. The on-premises AD DS domain is effectively extended into Azure.
 
@@ -64,15 +64,15 @@ The following table outlines some of the features you may need for your organiza
 | **Custom OU structure**                           | **✓** | **✓** |
 | **Group Policy**                                  | **✓** | **✓** |
 | **Schema extensions**                             | **✕** | **✓** |
-| **AD domain / forest trusts**                     | **✕** | **✓** |
+| **AD domain / forest trusts**                     | **✓** (one-way outbound forest trusts only) | **✓** |
 | **Secure LDAP (LDAPS)**                           | **✓** | **✓** |
 | **LDAP read**                                     | **✓** | **✓** |
 | **LDAP write**                                    | **✓** (within the managed domain) | **✓** |
 | **Geo-distributed deployments**                   | **✕** | **✓** |
 
 ## Azure AD DS and Azure AD
 
-Azure AD lets you manage the identity of devices used by the organization and control access to corporate resources from those devices. Users can also register their personal device (a bring-your-own, or BYO, model) with Azure AD, which provides the device with an identity. Azure AD then authenticates the device when a user signs in to Azure AD and uses the device to access secured resources. The device can be managed using Mobile Device Management (MDM) software like Microsoft Intune. This management ability lets you restrict access to sensitive resources to managed and policy-compliant devices.
+Azure AD lets you manage the identity of devices used by the organization and control access to corporate resources from those devices. Users can also register their personal device (a bring-your-own (BYO) model) with Azure AD, which provides the device with an identity. Azure AD then authenticates the device when a user signs in to Azure AD and uses the device to access secured resources. The device can be managed using Mobile Device Management (MDM) software like Microsoft Intune. This management ability lets you restrict access to sensitive resources to managed and policy-compliant devices.
 
 Traditional computers and laptops can also join to Azure AD. This mechanism offers the same benefits of registering a personal device with Azure AD, such as to allow users to sign in to the device using their corporate credentials.
 
@@ -89,8 +89,8 @@ Devices can be joined to Azure AD with or without a hybrid deployment that inclu
 | **Type of device**                                        | **Device platforms**             | **Mechanism**          |
 |:----------------------------------------------------------| -------------------------------- | ---------------------- |
 | Personal devices                                          | Windows 10, iOS, Android, Mac OS | Azure AD registered    |
-| Organization owned device not joined to on-premises AD DS | Windows 10                       | Azure AD joined        |
-| Organization owned device joined to an on-premises AD DS  | Windows 10                       | Hybrid Azure AD joined |
+| Organization-owned device not joined to on-premises AD DS | Windows 10                       | Azure AD joined        |
+| Organization-owned device joined to an on-premises AD DS  | Windows 10                       | Hybrid Azure AD joined |
 
 On an Azure AD-joined or registered device, user authentication happens using modern OAuth / OpenID Connect based protocols. These protocols are designed to work over the internet, so are great for mobile scenarios where users access corporate resources from anywhere.
 

articles/active-directory-domain-services/deploy-sp-profile-sync.md

@@ -10,13 +10,13 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/12/2019
+ms.date: 01/21/2020 
 ms.author: iainfou
 
 ---
 # Configure Azure Active Directory Domain Services to support user profile synchronization for SharePoint Server
 
-SharePoint Server includes a service to synchronize user profiles. This feature lets user profiles be stored in a central location and accessible across multiple SharePoint sites and farms. To configure the SharePoint Server user profile service, the appropriate permissions must be granted in an Azure Active Directory Domain Services (Azure AD DS) managed domain. For more information, see [user profile synchronization in SharePoint Server](https://technet.microsoft.com/library/hh296982.aspx).
+SharePoint Server includes a service to synchronize user profiles. This feature allows user profiles to be stored in a central location and accessible across multiple SharePoint sites and farms. To configure the SharePoint Server user profile service, the appropriate permissions must be granted in an Azure Active Directory Domain Services (Azure AD DS) managed domain. For more information, see [user profile synchronization in SharePoint Server](https://technet.microsoft.com/library/hh296982.aspx).
 
 This article shows you how to configure Azure AD DS to allow the SharePoint Server user profile sync service.