Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-roles-may

Author: rolyon

.openpublishing.redirection.json

@@ -38913,21 +38913,6 @@
       "redirect_url": "/azure/media-services/latest/cli-upload-file-asset",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/aks/rdp.md",
-      "redirect_url": "https://cloudblogs.microsoft.com/opensource/2019/03/25/windows-server-containers-now-supported-kubernetes/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/aks/windows-container-cli.md",
-      "redirect_url": "https://cloudblogs.microsoft.com/opensource/2019/03/25/windows-server-containers-now-supported-kubernetes/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/aks/windows-node-limitations.md",
-      "redirect_url": "https://cloudblogs.microsoft.com/opensource/2019/03/25/windows-server-containers-now-supported-kubernetes/",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/media-services/latest/scripts/cli-samples.md",
       "redirect_url": "/azure/media-services/latest/create-account-cli-how-to",

articles/active-directory-b2c/active-directory-b2c-get-started-custom.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/03/2019
+ms.date: 05/16/2019
 ms.author: davidmu
 ms.subservice: B2C
 ---
@@ -27,7 +27,7 @@ ms.subservice: B2C
 ## Add signing and encryption keys
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant. Click the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant. 
+2. Make sure you're using the directory that contains your Azure AD B2C tenant. Click the **Directory and subscription filter** in the top menu and choose the directory that contains your tenant. 
 3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 4. On the Overview page, select **Identity Experience Framework**.
 
@@ -66,17 +66,23 @@ Azure AD B2C requires you to register two applications that are used to sign up
 
 ### Register the IdentityExperienceFramework application
 
-1. Choose **All services** in the top-left corner of the Azure portal, search for and select **App registrations**.
-2. Select **New application registration**.
-3. For **Name**, enter `IdentityExperienceFramework`.
-4. For **Application type**, choose **Web app/API**.
-5. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name.
-6. Click **Create**. 
-7. After it's created, copy the application ID and save it to use later.
+1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure Active Directory**.
+2. In the menu, select **App registrations (Legacy)**.
+3. Select **New application registration**.
+4. For **Name**, enter `IdentityExperienceFramework`.
+5. For **Application type**, choose **Web app/API**.
+6. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name.
+7. Click **Create**. After it's created, copy the application ID and save it to use later.
+
+    ```
+    https://your--B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com
+    ```
+
+    All URLs should now be using [b2clogin.com](b2clogin.md).
 
 ### Register the ProxyIdentityExperienceFramework application
 
-1. Select **App registrations**, and then select **New application registration**.
+1. In **App registrations (Legacy)**, select **New application registration**.
 2. For **Name**, enter `ProxyIdentityExperienceFramework`.
 3. For **Application type**, choose **Native**.
 4. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `yourtenant` is your Azure AD B2C tenant.

articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md

@@ -17,7 +17,11 @@ ms.subservice: B2C
 
  Every customer-facing application has unique requirements for the information that needs to be collected. Your Azure Active Directory (Azure AD) B2C tenant comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code. With Azure AD B2C, you can extend the set of attributes stored on each customer account. 
 
- You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).
+ You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).  
+
+> [!NOTE]
+> Support for newer [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/overview?view=graph-rest-1.0) for querying Azure AD B2C tenant is still under development.
+>
 
 ## Create a custom attribute
 
@@ -37,7 +41,8 @@ ms.subservice: B2C
 7. Optionally, enter a **Description** for informational purposes. 
 8. Click **Create**.
 
-The custom attribute is now available in the list of **User attributes** and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of **User attributes**.
+The custom attribute is now available in the list of **User attributes** and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of **User attributes**. 
+
 
 ## Use a custom attribute in your user flow
 
@@ -47,5 +52,5 @@ The custom attribute is now available in the list of **User attributes** and for
 5. Select **Application claims** and then select the custom attribute. 
 6. Click **Save**.
 
-You can use the **Run user flow** feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application.
+Once you have created a new user using a user flow which uses the newly created custom attribute, the object can be queried in [Azure AD Graph Explorer](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart). Alternatively you can use the [**Run user flow**](https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows) feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application. 
 

articles/active-directory/authentication/howto-sspr-windows-7-8.md

@@ -58,6 +58,8 @@ You must register for SSPR before you will be able to use the "Forgot password"
 
 Using the Microsoft Authenticator app for notifications and codes to reset your password does not work in this initial release. Users must have alternate methods registered that meet the requirements of your policy.
 
+If more than one 3rd party credential provider is enabled on your machine, users will see more than one user profile on the logon screen.
+
 ## Troubleshooting
 
 Events will be logged both on the machine and in Azure AD.

articles/active-directory/authentication/tutorial-sspr-windows.md

@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 ---
 # Tutorial: Azure AD password reset from the login screen
 
-In this tutorial, you enable users to reset their passwords from the Windows 10 login screen. With the new Windows 10 April 2018 Update, users with **Azure AD joined** or **hybrid Azure AD joined** devices can use a “Reset password” link on their login screen. When users click this link, they are brought to the same self-service password reset (SSPR) experience they are familiar with.
+In this tutorial, you enable users to reset their passwords from the Windows 10 login screen. With the new Windows 10 April 2018 Update, users with **Azure AD joined** or **hybrid Azure AD joined** devices can use a “Reset password” link on their login screen. When users click this link, they are brought to the same self-service password reset (SSPR) experience they are familiar with. If a user is locked out this process does not unlock accounts in on-premises Active Directory.
 
 > [!div class="checklist"]
 > * Configure Reset password link using Intune

articles/active-directory/conditional-access/conditions.md

@@ -15,18 +15,17 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 12/14/2018
+ms.date: 05/17/2019
 ms.author: joflore
 ms.reviewer: calebb
 
 #Customer intent: As an IT admin, I need to understand the conditions in conditional access so that I can set them according to my business needs
 
 ms.collection: M365-identity-device-management
 ---
+# What are conditions in Azure Active Directory conditional access?
 
-# What are conditions in Azure Active Directory conditional access? 
-
-You can control how users access your cloud apps by using [Azure Active Directory (Azure AD) conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-azure-portal). In a conditional access policy, you define the response ("Then do this") to the reason for triggering your policy ("When this happens"). 
+You can control how users access your cloud apps by using [Azure Active Directory (Azure AD) conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-azure-portal). In a conditional access policy, you define the response ("Then do this") to the reason for triggering your policy ("When this happens").
 
 ![Reason and response](./media/conditions/10.png)
 
@@ -36,7 +35,7 @@ In the context of conditional access, **When this happens** is called a **condit
 ![Conditional access policy](./media/conditions/61.png)
 
 
-Conditions you haven't configured in a conditional access policy aren't applied. Some conditions are [mandatory](best-practices.md) to apply a conditional access policy to an environment. 
+Conditions you haven't configured in a conditional access policy aren't applied. Some conditions are [mandatory](best-practices.md) to apply a conditional access policy to an environment.
 
 This article is an overview of the conditions and how they're used in a conditional access policy. 
 
@@ -72,7 +71,7 @@ Organizations can choose from the following:
 > [!NOTE]
 > You can exclude specific apps from a policy. However, these apps are still subject to the policies applied to the services they access.
 
-**User actions** are tasks that can be performed by a user. The only currently supported action is **Register security information (preview)**, which allows conditional access policy to enforce when a user registers their security information.
+**User actions** are tasks that can be performed by a user. The only currently supported action is **Register security information (preview)**, which allows conditional access policy to enforce when users who are enabled for combined registration attempt to register their security information. More information can be found in the article, [Enable combined security information registration (preview)](../authentication/howto-registration-mfa-sspr-combined.md).
 
 ## Sign-in risk
 

articles/active-directory/develop/about-microsoft-identity-platform.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 # Evolution of Microsoft identity platform
 
-Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in users, get tokens to call APIs, such as Microsoft Graph, or APIs that developers have built. It consists of an authentication service, open-source libraries, application registration, and configuration (through a developer portal and application API), full developer documentation, quickstart samples, code samples, tutorials, how-to guides, and other developer content. The Microsoft identity platform supports industry standard protocols such as OAuth 2.0 and OpenID Connect.
+Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in users, get tokens to call APIs, such as Microsoft Graph, or APIs that developers have built. It consists of an authentication service, open-source libraries, application registration, and configuration (through a developer portal and application API), full developer documentation, quickstart samples, code samples, tutorials, how-to guides, and other developer content. The Microsoft identity platform supports industry standard protocols such as OAuth 2.0 and OpenID Connect.
 
 Up until now, most developers have worked with the Azure AD v1.0 platform to authenticate work and school accounts (provisioned by Azure AD) by requesting tokens from the Azure AD v1.0 endpoint, using Azure AD Authentication Library (ADAL), Azure portal for application registration and configuration, and Azure AD Graph API for programmatic application configuration.
 
@@ -70,4 +70,4 @@ Microsoft identity platform (v2.0) endpoint is now OIDC certified. It works with
 Learn more about v1.0 and v2.0.
 
 * [Microsoft identity platform (v2.0) overview](v2-overview.md)
-* [Azure Active Directory for developers (v1.0) overview](v1-overview.md)
+* [Azure Active Directory for developers (v1.0) overview](v1-overview.md)

articles/active-directory/develop/index.yml

@@ -15,7 +15,7 @@ metadata:
   ms.date: 05/07/2019
   ms.author: celested
 abstract:
-  description: Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs such as Microsoft Graph or APIs that developers have built. It’s a full-featured platform that consists of an OAuth 2.0 and OpenID Connect standard-compliant authentication service, open-source libraries, application registration and configuration, robust conceptual and reference documentation, quickstart samples, code samples, tutorials, and how-to guides.
+  description: Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs such as Microsoft Graph or APIs that developers have built. It’s a full-featured platform that consists of an OAuth 2.0 and OpenID Connect standard-compliant authentication service, open-source libraries, application registration and configuration, robust conceptual and reference documentation, quickstart samples, code samples, tutorials, and how-to guides.
   aside:
     image:
       alt: 

articles/active-directory/develop/sample-v2-code.md

@@ -46,7 +46,7 @@ These samples show how to write a single-page application secured with Microsoft
 | Platform | Description | Link |
 | -------- | --------------------- | -------- |
 | ![JavaScript](media/sample-v2-code/logo_js.png) [JavaScript (msal.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-core) | Calls Microsoft Graph |[javascript-graphapi-web-v2](https://github.com/Azure-Samples/active-directory-javascript-graphapi-web-v2) |
-| ![JavaScript](media/sample-v2-code/logo_js.png) [JavaScript (msal.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-core) | Calls Calls B2C |[b2c-javascript-msal-singlepageapp](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp) |
+| ![JavaScript](media/sample-v2-code/logo_js.png) [JavaScript (msal.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-core) | Calls B2C |[b2c-javascript-msal-singlepageapp](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp) |
 | ![JavaScript](media/sample-v2-code/logo_js.png) [JavaScript (msal.js)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-core) | Calls own web API |[javascript-singlepageapp-dotnet-webapi-v2](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2) |
 | ![Angular JS](media/sample-v2-code/logo_angular.png) [JavaScript (MSAL AngularJS)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angularjs)| Calls Microsoft Graph  | [MsalAngularjsDemoApp](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angularjs/samples/MsalAngularjsDemoApp)
 | ![Angular](media/sample-v2-code/logo_angular.png) [JavaScript (MSAL Angular)](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular)| Calls Microsoft Graph  | [MSALAngularDemoApp](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular/samples/MSALAngularDemoApp) |

articles/active-directory/develop/v2-overview.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 # Microsoft identity platform (v2.0) overview
 
-Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
+Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
 
 - **OAuth 2.0 and OpenID Connect standard-compliant authentication service** that enables developers to authenticate any Microsoft identity, including:
   - Work or school accounts (provisioned through Azure AD)
@@ -76,4 +76,4 @@ When you’re ready to launch your app into a **production environment**, review
 
 ## Learn more
 
-If you’d planning to build a customer-facing application that signs in social and local identities, take a look at the [Azure AD B2C overview](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-add-identity-providers).
+If you’re planning to build a customer-facing application that signs in social and local identities, see the [Azure AD B2C overview](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-add-identity-providers).