Merge pull request #177323 from MicrosoftDocs/master

Merge master to live, 4AM

Author: v-ccolin

.openpublishing.redirection.json

@@ -20324,29 +20324,54 @@
       "redirect_document_id": true
     },
     {
-      "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-ask-a-question-you-can-answer-with-data.md",
-      "redirect_url": "/azure/machine-learning/classic/data-science-for-beginners-ask-a-question-you-can-answer-with-data",
+      "source_path_from_root": "/articles/machine-learning/classic/data-science-for-beginners-ask-a-question-you-can-answer-with-data.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/classic/data-science-for-beginners-copy-other-peoples-work-to-do-data-science.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/classic/data-science-for-beginners-is-your-data-ready-for-data-science.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/classic/data-science-for-beginners-predict-an-answer-with-a-simple-model.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/classic/data-science-for-beginners-the-5-questions-data-science-answers.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-ask-a-question-you-can-answer-with-data.md",
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-copy-other-peoples-work-to-do-data-science.md",
-      "redirect_url": "/azure/machine-learning/classic/data-science-for-beginners-copy-other-peoples-work-to-do-data-science",
-      "redirect_document_id": true
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-is-your-data-ready-for-data-science.md",
-      "redirect_url": "/azure/machine-learning/classic/data-science-for-beginners-is-your-data-ready-for-data-science",
-      "redirect_document_id": true
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-predict-an-answer-with-a-simple-model.md",
-      "redirect_url": "/azure/machine-learning/classic/data-science-for-beginners-predict-an-answer-with-a-simple-model",
-      "redirect_document_id": true
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/machine-learning/studio/data-science-for-beginners-the-5-questions-data-science-answers.md",
-      "redirect_url": "/azure/machine-learning/classic/data-science-for-beginners-the-5-questions-data-science-answers",
-      "redirect_document_id": true
+      "redirect_url": "/azure/machine-learning/classic/retired-data-science-for-beginners-videos",
+      "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/machine-learning/studio/convert-training-experiment-to-scoring-experiment.md",

articles/active-directory-b2c/partner-idemia.md

@@ -1,5 +1,5 @@
 ---
-title: Configure IDEMIA with Azure Active Directory B2C 
+title: Configure IDEMIA with Azure Active Directory B2C (Preview) 
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with IDEMIA for relying party to consume IDEMIA or US State issued mobile IDs
 services: active-directory-b2c
@@ -14,7 +14,7 @@ ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 ---
 
-# Tutorial: Configure IDEMIA with Azure Active Directory B2C for relying party to consume IDEMIA or US State issued mobile identity credentials
+# Tutorial: Configure IDEMIA with Azure Active Directory B2C for relying party to consume IDEMIA or US State issued mobile identity credentials (Preview)
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
 ::: zone pivot="b2c-user-flow"
@@ -35,7 +35,7 @@ IDEMIA integration includes the following components:
 
 - **Azure AD B2C** – The authorization server, responsible for verifying the user’s credentials, also known as the Identity Provider (IdP).
 
-- **IDEMIA mID** - OpenID Connect (OIDC) provider configured as [Azure AD B2C external provider](https://docs.microsoft.com/azure/active-directory-b2c/add-identity-provider)
+- **IDEMIA mID** - OpenID Connect (OIDC) provider configured as [Azure AD B2C external provider](add-identity-provider.md)
 
 - **[IDEMIA mID application](https://idemia-mobile-id.com/)** - A trusted, government-issued digital identity. Mobile ID is a digital version of your driver’s license or state-issued ID that lives in an app on your phone. [IDEMIA](https://idemia-mobile-id.com/).
 
@@ -75,7 +75,7 @@ To get started, you'll need:
 
 - An Azure AD subscription. If you don't have one, get a [free account](https://azure.microsoft.com/free/).
 
-- An [Azure AD B2C tenant](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-tenant) that is linked to your Azure subscription.
+- An [Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
 
 - Your business web application registered in Azure AD B2C tenant. For testing purposes you can configure https://jwt.ms, a Microsoft-owned web application that displays the decoded contents of a token.
 
@@ -194,7 +194,7 @@ One of the following values must be selected:
 
 The **/userinfo** endpoint provides the claims for the scope(s) requested in the authorization request. For the **<mt_scope>** this includes such claims as First Name, Last Name, and Driver's License Number, among other items.
 The claims set for any given scope are published in the **scope_to_claims_mapping** section of the discovery API.
-Azure AD B2C requests claims from the claims endpoint and returns those claims in the OutputClaims element. You may need to map the name of the claim defined in your policy to the name defined in the IdP making sure to define the claim type in the [ClaimSchema element](https://docs.microsoft.com/azure/active-directory-b2c/claimsschema):
+Azure AD B2C requests claims from the claims endpoint and returns those claims in the OutputClaims element. You may need to map the name of the claim defined in your policy to the name defined in the IdP making sure to define the claim type in the [ClaimSchema element](claimsschema.md):
 
 ```PowerShell
 <ClaimType Id="documentId">
@@ -292,9 +292,9 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 For additional information, review the following articles:
 
-- [Custom policies in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/custom-policy-overview)
+- [Custom policies in Azure AD B2C](custom-policy-overview.md)
 
-- [Get started with custom policies in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy)
+- [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
 
 - [Learn more about IDEMIA mID](https://www.idemia.com/mobile-id)
 

articles/active-directory-b2c/saml-service-provider.md

@@ -313,7 +313,10 @@ For SAML apps, you need to configure several properties in the application regis
 
 When your SAML application makes a request to Azure AD B2C, the SAML AuthN request includes an `Issuer` attribute. The value of this attribute is typically the same as the application's metadata `entityID` value. Azure AD B2C uses this value to look up the application registration in the directory and read the configuration. For this lookup to succeed, `identifierUri` in the application registration must be populated with a value that matches the `Issuer` attribute.
 
-In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata.
+In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata. You will also need to find the `accessTokenAcceptedVersion` paramater and set the value to `2`.
+
+> [!IMPORTANT]
+> If you do not update the `accessTokenAcceptedVersion` to `2` you will recive an error message requiring a verfied domain.
 
 The following example shows the `entityID` value in the SAML metadata:
 
@@ -434,4 +437,4 @@ The following SAML application scenarios are supported via your own metadata end
 <!-- LINKS - External -->
 [samltest]: https://aka.ms/samltestapp
 
-::: zone-end
+::: zone-end

articles/active-directory/cloud-sync/how-to-prerequisites.md

@@ -85,7 +85,7 @@ New-ADServiceAccount -Name $Name `
 # Install the new service account on Azure AD Cloud Sync server
 Install-ADServiceAccount -Identity $Name
  ```
-For additional information on the cmdlets above, see [Getting Started with Group Managed Service Accounts](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)?redirectedfrom=MSDN).
+For additional information on the cmdlets above, see [Getting Started with Group Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)?redirectedfrom=MSDN).
 
 ### In the Azure Active Directory admin center
 

articles/active-directory/conditional-access/concept-condition-filters-for-devices.md

@@ -1,8 +1,6 @@
 ---
 title: Filter for devices as a condition in Conditional Access policy - Azure Active Directory
 description: Use filter for devices in Conditional Access to enhance security posture
-
-services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
@@ -88,7 +86,7 @@ Policy 2: All users with the directory role of Global administrator, accessing t
 
 ### Filter for devices Graph API
 
-The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint mentioned above by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding device that are not marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/enterprise-users/groups-dynamic-membership). 
+The filter for devices API is available in Microsoft Graph v1.0 endpoint and can be accessed using https://graph.microsoft.com/v1.0/identity/conditionalaccess/policies/. You can configure a filter for devices when creating a new Conditional Access policy or you can update an existing policy to configure the filter for devices condition. To update an existing policy, you can do a patch call on the Microsoft Graph v1.0 endpoint mentioned above by appending the policy ID of an existing policy and executing the following request body. The example here shows configuring a filter for devices condition excluding device that are not marked as SAW devices. The rule syntax can consist of more than one single expression. To learn more about the syntax, see [dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md). 
 
 ```json
 {

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -152,13 +152,9 @@ Organizations have options when it comes to enabling CAE.
 1. Customers who select **Enable preview** immediately benefit from the new functionality and won't have to make any changes at general availability. 
 1. Customers who select **Disable preview** have time to adopt CAE at their organization's own pace. This setting will persist as **Disabled** at general availability.
 
-### Strict enforcement 
-
-Strict enforcement is a feature that allows for enhanced security based on two factors: IP address variation and client capability. This functionality can be enabled while customizing CAE options for a given policy. By turning on strict enforcement, CAE will revoke access upon detecting any instances of either [IP address variation](#ip-address-variation) or a lack of CAE [client capability](#client-capabilities).
-
 #### Migration
 
-Customers who only enabled select users or disabled the continuous access evaluation preview may choose to migrate these decisions to a Conditional Access policy for ease of management and troubleshooting. Use the steps that follow to migrate your settings to a Conditional Access policy.
+CAE setting has been moved to under Conditional Access. Customers who have configured CAE settings under Security before have to migrate these setting to a Conditional Access policy. Use the steps that follow to migrate your settings to a Conditional Access policy.
 
 :::image type="content" source="media/concept-continuous-access-evaluation/migrate-continuous-access-evaluation.png" alt-text="Portal view showing the option to migrate continuous access evaluation to a Conditional Access policy." lightbox="media/concept-continuous-access-evaluation/migrate-continuous-access-evaluation.png":::
 
@@ -169,6 +165,10 @@ Customers who only enabled select users or disabled the continuous access evalua
 
 More information about continuous access evaluation as a session control can be found in the section, [Customize continuous access evaluation](concept-conditional-access-session.md#customize-continuous-access-evaluation).
 
+### Strict enforcement 
+
+With the latest CAE setting under Conditional Access, strict enforcement is a new feature that allows for enhanced security based on two factors: IP address variation and client capability. This functionality can be enabled while customizing CAE options for a given policy. By turning on strict enforcement, CAE will revoke access upon detecting any instances of either [IP address variation](#ip-address-variation) or a lack of CAE [client capability](#client-capabilities).
+
 ## Limitations
 
 ### Group membership and Policy update effective time

articles/active-directory/develop/id-tokens.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft identity platform ID tokens | Azure
 titleSuffix: Microsoft identity platform
-description: Learn how to use id_tokens emitted by the Azure AD v1.0 and Microsoft identity platform (v2.0) endpoints. 
+description: Learn how to use id_tokens emitted by the Azure AD v1.0 and Microsoft identity platform (v2.0) endpoints.
 services: active-directory
 author: hpsin
 manager: CelesteDG
@@ -12,10 +12,7 @@ ms.topic: conceptual
 ms.date: 06/25/2021
 ms.author: hirsin
 ms.reviewer: hirsin
-ms.custom:
-  - aaddev
-  - identityplatformtop40
-  - fasttrack-edit
+ms.custom: aaddev, identityplatformtop40, fasttrack-edit
 ---
 
 # Microsoft identity platform ID tokens

articles/active-directory/enterprise-users/groups-lifecycle.md

@@ -11,9 +11,9 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/02/2021
+ms.date: 10/22/2021
 ms.author: curtand                   
-ms.reviewer: krbain
+ms.reviewer: jodah
 ms.custom: it-pro
 
 ms.collection: M365-identity-device-management
@@ -39,7 +39,9 @@ For information on how to download and install the Azure AD PowerShell cmdlets,
 
 ## Activity-based automatic renewal
 
-With Azure AD intelligence, groups are now automatically renewed based on whether they have been recently used. This feature eliminates the need for manual action by group owners, because it's based on user activity in groups across Microsoft 365 services like Outlook, SharePoint, or Teams. For example, if an owner or a group member does something like upload a document in SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications.
+With Azure AD intelligence, groups are now automatically renewed based on whether they have been recently used. This feature eliminates the need for manual action by group owners, because it's based on user activity in groups across Microsoft 365 services like Outlook, SharePoint, or Teams. For example, if an owner or a group member does something like upload a document to SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications.
+
+For example, consider an expiration policy that is set so that a group expires after 30 days of inactivity. However, to keep from sending an expiration email the day that group expiration is enabled (because there's no record activity yet), Azure AD first waits five days. If there is activity in those five days, the expiration policy works as expected. If there is no activity within five days, we send an expiration/renewal email. Of course, if the group was inactive for five days, an email was sent, and then the group was active, we will autorenew it and start the expiration period again.
 
 ### Activities that automatically renew group expiration
 
@@ -98,6 +100,9 @@ If groups are not automatically renewed, email notifications such as this one ar
 
 From the **Renew group** notification email, group owners can directly access the group details page in the [Access Panel](https://account.activedirectory.windowsazure.com/r#/applications). There, the users can get more information about the group such as its description, when it was last renewed, when it will expire, and also the ability to renew the group. The group details page now also includes links to the Microsoft 365 group resources, so that the group owner can conveniently view the content and activity in their group.
 
+>[!Important]
+> If there is any problem with the notification emails, and they aren't sent out or they are delayed, be assured that Microsoft will never delete a group before the last email is sent.
+
 When a group expires, the group is deleted one day after the expiration date. An email notification such as this one is sent to the Microsoft 365 group owners informing them about the expiration and subsequent deletion of their Microsoft 365 group.
 
 ![Group deletion email notifications](./media/groups-lifecycle/deletion-notification.png)