MicrosoftDocs
diff --git a/‎.openpublishing.publish.config.json
Lines changed: 20 additions & 0 deletions b/‎.openpublishing.publish.config.json
Lines changed: 20 additions & 0 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 17 additions & 7 deletions b/‎.openpublishing.redirection.json
Lines changed: 17 additions & 7 deletions
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/best-practices.md
Lines changed: 91 additions & 0 deletions b/‎articles/active-directory-b2c/best-practices.md
Lines changed: 91 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/boolean-transformations.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/boolean-transformations.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/custom-policy-configure-user-input.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/custom-policy-configure-user-input.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/concept-authentication-passwordless.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/concept-authentication-passwordless.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/concept-mfa-authprovider.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/concept-mfa-authprovider.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md
Lines changed: 2 additions & 1 deletion b/‎articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/active-directory/cloud-provisioning/concept-attributes.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/cloud-provisioning/concept-attributes.md
Lines changed: 1 addition & 1 deletion
@@ -346,6 +346,26 @@
       "url": "https://github.com/Azure-Samples/azure-sdk-for-go-samples",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-sdk-for-java-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-java/",
+      "branch": "master"
+    },
+    {
+      "path_to_root": "azure-sdk-for-java-script-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-js/",
+      "branch": "master"
+    },        
+    {
+      "path_to_root": "azure-sdk-for-net-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-net/",
+      "branch": "master"
+    },
+    {
+      "path_to_root": "azure-sdk-for-python-event-hubs",
+      "url": "https://github.com/Azure/azure-sdk-for-python/",
+      "branch": "master"
+    },      
     {
       "path_to_root": "cosmos-dotnet-getting-started",
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-getting-started",
 
@@ -1745,22 +1745,22 @@
     },
     {
       "source_path": "articles/cognitive-services/Bing-Web-Search/web-search-sdk-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries?pivots=programming-language-csharp",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Web-Search/web-sdk-java-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries?pivots=programming-language-java",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Web-Search/web-search-sdk-node-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries?pivots=programming-language-javascript",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Web-Search/web-sdk-python-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries?pivots=programming-language-python",
       "redirect_document_id": false
     },
     {
@@ -32620,17 +32620,17 @@
     },
     {
       "source_path": "articles/cognitive-services/Bing-Custom-Search/sdk-csharp-quick-start.md",
-      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries?pivots=programming-language-csharp",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Custom-Search/sdk-java-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries?pivots=programming-language-java",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/Bing-Custom-Search/sdk-python-quickstart.md",
-      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries",
+      "redirect_url": "/azure/cognitive-services/bing-custom-search/quickstarts/client-libraries?pivots=programming-language-python",
       "redirect_document_id": false
     },
     {
@@ -49189,10 +49189,20 @@
       "redirect_url": "/azure/aks/aks-migration",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/workloads/sap/sap-hana-backup-storage-snapshots.md",
+      "redirect_url": "sap-hana-backup-guide",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/service-fabric/service-fabric-cicd-your-linux-applications-with-jenkins.md",
       "redirect_url": "/azure/jenkins/service-fabric-cicd-your-linux-applications-with-jenkins",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/jenkins/install-jenkins-solution-template.md",
+      "redirect_url": "/azure/jenkins/install-solution-template-tutorial",
+      "redirect_document_id": true
+    }
   ]
 }
@@ -48,6 +48,8 @@
   href: code-samples.md
 - name: Concepts
   items:
+  - name: Azure AD B2C best practices
+    href: best-practices.md
   - name: Application types
     href: application-types.md
   - name: Authentication protocols
 
@@ -0,0 +1,91 @@
+---
+title: Best practices for Azure AD B2C
+titleSuffix: Azure AD B2C
+description: Recommendations and best practices to consider when working with Azure Active Directory B2C (Azure AD B2C).
+services: active-directory-b2c
+author: vigunase
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 03/03/2020
+ms.author: vigunase
+ms.subservice: B2C
+---
+
+# Recommendations and best practices for Azure Active Directory B2C
+
+The following best practices and recommendations cover some of the primary aspects of integrating Azure Active Directory (Azure AD) B2C into existing or new application environments.
+
+## Fundamentals
+
+|  |  |
+|--|--|
+| Choose user flows for most scenarios | The Identity Experience Framework of Azure AD B2C is the core strength of the service. Policies fully describe identity experiences such as sign-up, sign-in, or profile editing. To help you set up the most common identity tasks, the Azure AD B2C portal includes predefined, configurable policies called user flows. With user flows, you can create great user experiences in minutes, with just a few clicks. [Learn when to use user flows vs. custom policies](custom-policy-overview.md#comparing-user-flows-and-custom-policies).|
+| App registrations | Every application (web, native) and API that is being secured must be registered in Azure AD B2C. If an app has both a web and native version of iOS and Android, you can register them as one application in Azure AD B2C with the same client ID. Learn how to [register OIDC, SAML, web, and native apps](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-register-applications?tabs=applications). Learn more about [application types that can be used in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/application-types). |
+| Move to monthly active users billing | Azure AD B2C has moved from monthly active authentications to monthly active users (MAU) billing. Most customers will find this model cost-effective. [Learn more about monthly active users billing](https://azure.microsoft.com/updates/mau-billing/). |
+
+## Planning and design
+
+Define your application and service architecture, inventory current systems, and plan your migration to Azure AD B2C.
+
+|  |  |
+|--|--|
+| Architect an end-to-end solution | Include all of your applications' dependencies when planning an Azure AD B2C integration. Consider all services and products that are currently in your environment or that might need to be added to the solution, for example, Azure Functions, customer relationship management (CRM) systems, Azure API Management gateway, and storage services. Take into account the security and scalability for all services. |
+| Document your users' experiences | Detail all the user journeys your customers can experience in your application. Include every screen and any branching flows they might encounter when interacting with the identity and profile aspects of your application. Include usability, accessibility, and localization in your planning. |
+| Choose the right authentication protocol |  For a breakdown of the different application scenarios and their recommended authentication flows, see [Scenarios and supported authentication flows](../active-directory/develop/authentication-flows-app-scenarios.md#scenarios-and-supported-authentication-flows). |
+| Pilot a proof-of-concept (POC) end-to-end user experience | Start with our [Microsoft code samples](code-samples.md) and [community samples](https://github.com/azure-ad-b2c/samples). |
+| Create a migration plan |Planning ahead can make migration go more smoothly. Learn more about [user migration](user-migration.md).|
+| Usability vs. security | Your solution must strike the right balance between application usability and your organization's acceptable level of risk. |
+| Move on-premises dependencies to the cloud | To help ensure a resilient solution, consider moving existing application dependencies to the cloud. |
+| Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com went into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
+
+## Implementation
+
+During the implementation phase, consider the following recommendations.
+
+|  |  |
+|--|--|
+| Edit custom policies with the Azure AD B2C extension for Visual Studio Code | Download Visual Studio Code and this community-built [extension from the Visual Studio Code Marketplace]((https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c)). While not an official Microsoft product, the Azure AD B2C extension for Visual Studio Code includes several features that help make working with custom policies easier. |
+| Learn how to troubleshoot Azure AD B2C | Learn how to [troubleshoot custom policies](https://docs.microsoft.com/azure/active-directory-b2c/troubleshoot-custom-policies?tabs=applications) during development. Learn what a normal authentication flow looks like and use tools for discovering anomalies and errors. For example, use [Application Insights](troubleshoot-with-application-insights.md) to review output logs of user journeys. |
+| Leverage our library of proven custom policy patterns | Find [samples](https://github.com/azure-ad-b2c/samples) for several enhanced Azure AD B2C customer identity and access management (CIAM) user journeys. |
+
+
+## Testing
+
+Test and automate your Azure AD B2C implementation.
+
+|  |  |
+|--|--|
+| Account for global traffic | Use traffic sources from different global address to test the performance and localization requirements. Make sure all the HTMLs, CSS, and dependencies can meet your performance needs. |
+| Functional and UI testing | Test the user flows end-to-end. Add synthetic tests every few minutes using Selenium, VS Web Test, etc. |
+| Pen-testing | Before going live with your solution, perform penetration testing exercises to verify all components are secure, including any third-party dependencies. Verify you've secured your APIs with access tokens and used the right authentication protocol for your application scenario. Learn more about [Penetration testing](https://docs.microsoft.com/azure/security/fundamentals/pen-testing) and the [Microsoft Cloud Unified Penetration Testing Rules of Engagement](https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=1). |
+| A/B Testing | Flight your new features with a small, random set of users before rolling out to your entire population. With JavaScript enabled in Azure AD B2C, you can integrate with A/B testing tools like Optimizely, Clarity, and others. |
+| Load testing | Azure AD B2C can scale, but your application can scale only if all of its dependencies can scale. Load-test your APIs and CDN. |
+| Throttling |  Azure AD B2C throttles traffic if too many requests are sent from the same source in a short period of time. Use several traffic sources while load testing, and handle the `AADB2C90229` error code gracefully in your applications. |
+| Automation | Use continuous integration and delivery (CI/CD) pipelines to automate testing and deployments, for example, [Azure DevOps](deploy-custom-policies-devops.md). |
+
+## Operations
+
+Manage your Azure AD B2C environment.
+
+|  |  |
+|--|--|
+| Create multiple environments | For easier operations and deployment roll-out, create separate environments for development, testing, pre-production, and production. Create Azure AD B2C tenants for each. |
+| Use version control for your custom policies | Consider using GitHub, Azure Repos, or another cloud-based version control system for your Azure AD B2C custom policies. |
+| Use the Microsoft Graph API to automate the management of your B2C tenants | Microsoft Graph APIs:<br/>Manage [Identity Experience Framework](https://docs.microsoft.com/graph/api/resources/trustframeworkpolicy?view=graph-rest-beta) (custom policies)<br/>[Keys](https://docs.microsoft.com/graph/api/resources/trustframeworkkeyset?view=graph-rest-beta)<br/>[User Flows](https://docs.microsoft.com/graph/api/resources/identityuserflow?view=graph-rest-beta) |
+| Integrate with Azure DevOps | A [CI/CD pipeline](deploy-custom-policies-devops.md) makes moving code between different environments easy and ensures production readiness at all times.   |
+| Integrate with Azure Monitor | [Audit log events](view-audit-logs.md) are only retained for seven days. [Integrate with Azure Monitor](azure-monitor.md) to retain the logs for long-term use, or integrate with third-party security information and event management (SIEM) tools to gain insights into your environment. |
+| Setup active alerting and monitoring | [Track user behavior](active-directory-b2c-custom-guide-eventlogger-appins.md) in Azure AD B2C using Application Insights. |
+
+
+## Support and Status Updates
+
+Stay up to date with the state of the service and find support options.
+
+|  |  |
+|--|--|
+| [Service updates](https://azure.microsoft.com/updates/?product=active-directory-b2c) |  Stay up to date with Azure AD B2C product updates and announcements. |
+| [Microsoft Support](support-options.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
+| [Azure status](https://status.azure.com/status) | View the current health status of all Azure services. |
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/03/2020
+ms.date: 03/03/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -112,7 +112,7 @@ The self-asserted technical profile calls the validation **login-NonInteractive*
 
 ## CompareBooleanClaimToValue
 
-Checks that boolean value of a claims is equal to `true` or `false`, and return the result of the compression.
+Checks that boolean value of a claim is equal to `true` or `false`, and return the result of the compression.
 
 | Item | TransformationClaimType  | Data Type  | Notes |
 | ---- | ------------------------ | ---------- | ----- |
 
@@ -259,7 +259,7 @@ The following elements are used to define the claim:
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Make sure you're using the directory that contains your Azure AD tenant by selecting the **Directory + subscription** filter in the top menu and choosing the directory that contains your Azure AD tenant.
 3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**.
-4. Select **Identity Experience Framework (Preview)**.
+4. Select **Identity Experience Framework**.
 5. Select **Upload Custom Policy**, and then upload the two policy files that you changed.
 2. Select the sign-up or sign-in policy that you uploaded, and click the **Run now** button.
 3. You should be able to sign up using an email address.
 
@@ -87,7 +87,7 @@ If you're a vendor and want to get your device on this list of supported devices
 - End users can register and manage these passwordless authentication methods in their account portal
 - End users can sign in with these passwordless authentication methods
    - Microsoft Authenticator App: Works in scenarios where Azure AD authentication is used, including across all browsers, during Windows 10 Out Of Box (OOBE) setup, and with integrated mobile apps on any operating system.
-   - Security keys: Work on lock screen for Windows 10 and the web in supported browsers like Microsoft Edge.
+   - Security keys: Work on lock screen for Windows 10 and the web in supported browsers like Microsoft Edge (both legacy and new Edge).
 
 ## Next steps
 
 
@@ -38,7 +38,7 @@ You cannot change the usage model (per enabled user or per authentication) after
 
 If you purchased enough licenses to cover all users that are enabled for MFA, you can delete the MFA provider altogether.
 
-If your MFA provider is not linked to an Azure AD tenant, or you link the new MFA provider to a different Azure AD tenant, user settings and configuration options are not transferred. Also, existing Azure MFA Servers need to be reactivated using activation credentials generated through the MFA Provider. Reactivating the MFA Servers to link them to the MFA Provider doesn't impact phone call and text message authentication, but mobile app notifications stop working for all users until they reactivate the mobile app.
+If your MFA provider is not linked to an Azure AD tenant, or you link the new MFA provider to a different Azure AD tenant, user settings and configuration options are not transferred. Also, existing Azure MFA Servers need to be reactivated using activation credentials generated through the MFA Provider.
 
 ### Removing an authentication provider
 
 
@@ -32,7 +32,7 @@ This document focuses on enabling FIDO2 security key based passwordless authenti
 | [Combined security information registration preview](concept-registration-mfa-sspr-combined.md) | X | X |
 | Compatible [FIDO2 security keys](concept-authentication-passwordless.md#fido2-security-keys) | X | X |
 | WebAuthN requires Windows 10 version 1809 or higher | X | X |
-| [Azure AD joined devices](../devices/concept-azure-ad-join.md) require Windows 10 version 1809 or higher | X |   |
+| [Azure AD joined devices](../devices/concept-azure-ad-join.md) require Windows 10 version 1903 or higher | X |   |
 | [Hybrid Azure AD joined devices](../devices/concept-azure-ad-join-hybrid.md) require Windows 10 Insider Build 18945 or higher |   | X |
 | Fully patched Windows Server 2016/2019 Domain Controllers. |   | X |
 | [Azure AD Connect](../hybrid/how-to-connect-install-roadmap.md#install-azure-ad-connect) version 1.4.32.0 or later |   | X |
@@ -51,6 +51,7 @@ The following scenarios aren't supported:
 - Log in to a server using a security key.
 - If you haven't used your security key to sign in to your device while online, you can't use it to sign in or unlock offline.
 - Signing in or unlocking a Windows 10 device with a security key containing multiple Azure AD accounts. This scenario utilizes the last account added to the security key. WebAuthN allows users to choose the account they wish to use.
+- Unlock a device running Windows 10 version 1809. For the best experience, use Windows 10 version 1903 or higher.
 
 ## Prepare devices for preview
 
 
@@ -72,7 +72,7 @@ To view the schema and verify it, follow these steps.
 1.  Go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
 1.  Sign in with your global administrator account.
 1.  On the left, select **modify permissions** and ensure that **Directory.ReadWrite.All** is *Consented*.
-1.  Run the query https://graph.microsoft.com/beta/serviceprincipals/?$filter=startswith(Displayname,'Active'). This query returns a filtered list of service principals.
+1.  Run the query `https://graph.microsoft.com/beta/serviceprincipals/?$filter=startswith(Displayname,'Active')`. This query returns a filtered list of service principals.
 1.  Locate `"appDisplayName": "Active Directory to Azure Active Directory Provisioning"` and note the value for `"id"`.
     ```
     "value": [