MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 4 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-b2c/custom-policy-developer-notes.md
Lines changed: 64 additions & 47 deletions b/‎articles/active-directory-b2c/custom-policy-developer-notes.md
Lines changed: 64 additions & 47 deletions
diff --git a/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 4 additions & 5 deletions b/‎articles/active-directory-domain-services/network-considerations.md
Lines changed: 4 additions & 5 deletions
diff --git a/‎articles/application-gateway/application-gateway-diagnostics.md
Lines changed: 2 additions & 2 deletions b/‎articles/application-gateway/application-gateway-diagnostics.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/application-gateway/application-gateway-faq.md
Lines changed: 2 additions & 2 deletions b/‎articles/application-gateway/application-gateway-faq.md
Lines changed: 2 additions & 2 deletions
@@ -50470,6 +50470,10 @@
     {
       "source_path": "articles/cognitive-services/speech-service/how-to-custom-speech-test-data.md",
       "redirect_url": "/azure/cognitive-services/speech-service/how-to-custom-speech-test-and-train"
+    },
+    {
+      "source_path": "articles/sql-database/sql-database-paas-index.yml",
+      "redirect_url": "/azure/sql-database/sql-database-technical-overview"
     }
   ]
 }
@@ -404,7 +404,7 @@
     href: error-codes.md
   - name: Extensions app
     href: extensions-app.md
-  - name: Identity Experience Framework release notes
+  - name: IEF release notes
     href: custom-policy-developer-notes.md
   - name: Microsoft Graph API operations
     href: microsoft-graph-operations.md
 
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 03/30/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -55,85 +55,102 @@ Developers consuming the custom policy feature set should adhere to the followin
 
 Custom policy/Identity Experience Framework capabilities are under constant and rapid development. The following table is an index of features and component availability.
 
-### Identity Providers, Tokens, Protocols
+
+### Protocols and authorization flows
 
 | Feature | Development | Preview | GA | Notes |
 |-------- | :-----------: | :-------: | :--: | ----- |
-| IDP-OpenIDConnect |  |  | X | For example, Google+.  |
-| IDP-OAUTH2 |  |  | X | For example, Facebook.  |
-| IDP-OAUTH1 (twitter) |  | X |  | For example, Twitter. |
-| IDP-OAUTH1 (ex-twitter) |  |  |  | Not supported |
-| IDP-SAML |  |   | X | For example, Salesforce, ADFS. |
-| IDP-WSFED | X |  |  |  |
-| Relying Party OAUTH1 |  |  |  | Not supported. |
-| Relying Party OAUTH2 |  |  | X |  |
-| Relying Party OIDC |  |  | X |  |
-| Relying Party SAML |  |X  |  |  |
-| Relying Party WSFED | X |  |  |  |
-| REST API with basic and certificate auth |  |  | X | For example, Azure Logic Apps. |
-
-### Component Support
+| [OAuth2 authorization code](authorization-code-flow.md) |  |  | X |  |
+| OAuth2 authorization code with PKCE |  |  | X | Mobile applications only  |
+| [OAuth2 implicit flow](implicit-flow-single-page-application.md) |  |  | X |  |
+| [OAuth2 resource owner password credentials](ropc-custom.md) |  | X |  |  |
+| [OIDC Connect](openid-connect.md) |  |  | X |  |
+| [SAML2](connect-with-saml-service-providers.md)  |  |X  |  | POST and Redirect bindings. |
+| OAuth1 |  |  |  | Not supported. |
+| WSFED | X |  |  |  |
+
+### Identify providers federation 
+
+| Feature | Development | Preview | GA | Notes |
+|-------- | :-----------: | :-------: | :--: | ----- |
+| [OpenID Connect](openid-connect-technical-profile.md) |  |  | X | For example, Google+.  |
+| [OAuth2](oauth2-technical-profile.md) |  |  | X | For example, Facebook.  |
+| [OAuth1](oauth1-technical-profile.md) |  | X |  | For example, Twitter. |
+| [SAML2](saml-technical-profile.md) |  |   | X | For example, Salesforce, ADFS. |
+| WSFED| X |  |  |  |
+
+
+### REST API integration
+
+| Feature | Development | Preview | GA | Notes |
+|-------- | :-----------: | :-------: | :--: | ----- |
+| [REST API with basic auth](secure-rest-api.md#http-basic-authentication) |  |  | X |  |
+| [REST API with client certificate auth](secure-rest-api.md#https-client-certificate-authentication) |  |  | X |  |
+| [REST API with OAuth2 bearer auth](secure-rest-api.md#oauth2-bearer-authentication) |  | X |  |  |
+
+### Component support
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Azure Multi Factor Authentication |  |  | X |  |
-| Azure Active Directory as local directory |  |  | X |  |
-| Azure Email subsystem for email verification |  |  | X |  |
-| Multi-language support|  |  | X |  |
-| Predicate Validations |  |  | X | For example, password complexity. |
-| Using third party email service providers |  |X  |  |  |
+| [Phone factor authentication](phone-factor-technical-profile.md) |  |  | X |  |
+| [Azure MFA authentication](multi-factor-auth-technical-profile.md) |  | X |  |  |
+| [One-time password](one-time-password-technical-profile.md) |  | X |  |  |
+| [Azure Active Directory](active-directory-technical-profile.md) as local directory |  |  | X |  |
+| Azure email subsystem for email verification |  |  | X |  |
+| [Third party email service providers](custom-email.md) |  |X  |  |  |
+| [Multi-language support](localization.md)|  |  | X |  |
+| [Predicate validations](predicates.md) |  |  | X | For example, password complexity. |
+| [Display controls](display-controls.md) |  |X  |  |  |
 
-### Content Definition
+
+### Page layout versions
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Error page, api.error |  |  | X |  |
-| IDP selection page, api.idpselections |  |  | X |  |
-| IDP selection for signup, api.idpselections.signup |  |  | X |  |
-| Forgot Password, api.localaccountpasswordreset |  |  | X |  |
-| Local Account Sign-in, api.localaccountsignin |  |  | X |  |
-| Local Account Sign-up, api.localaccountsignup |  |  | X |  |
-| MFA page, api.phonefactor |  |  | X |  |
-| Self-asserted social account sign-up, api.selfasserted |  |  | X |  |
-| Self-asserted profile update, api.selfasserted.profileupdate |  |  | X |  |
-| Unified signup or sign-in page, api.signuporsignin, with parameter "disableSignup" |  |  | X |  |
-| JavaScript / Page layout |  | X |  |  |
+| [2.0.0](page-layout.md#200) |  | X |  |  |
+| [1.2.0](page-layout.md#120) |  | X |  |  |
+| [1.1.0](page-layout.md#110) |  |  | X |  |
+| [1.0.0](page-layout.md#100) |  |  | X |  |
+| [JavaScript support](javascript-samples.md) |  | X |  |  |
 
 ### App-IEF integration
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| Query string parameter domain_hint |  |  | X | Available as claim, can be passed to IDP. |
-| Query string parameter login_hint |  |  | X | Available as claim, can be passed to IDP. |
-| Insert JSON into UserJourney via client_assertion | X |  |  | Will be deprecated. |
-| Insert JSON into UserJourney as id_token_hint |  | X |  | Go-forward approach to pass JSON. |
-| Pass IDP TOKEN to the application |  | X |  | For example, from Facebook to app. |
+| Query string parameter `domain_hint` |  |  | X | Available as claim, can be passed to IDP. |
+| Query string parameter `login_hint` |  |  | X | Available as claim, can be passed to IDP. |
+| Insert JSON into user journey via `client_assertion` | X |  |  | Will be deprecated. |
+| Insert JSON into user journey as `id_token_hint` |  | X |  | Go-forward approach to pass JSON. |
+| [Pass identity provider token to the application](idp-pass-through-custom.md) |  | X |  | For example, from Facebook to app. |
 
 ### Session Management
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
-| SSO Session Provider |  |  | X |  |
-| External Login Session Provider |  |  | X |  |
-| SAML SSO  Session Provider |  |  | X |  |
-| Default SSO Session Provider |  |  | X |  |
+| [Default SSO session provider](custom-policy-reference-sso.md#defaultssosessionprovider) |  |  | X |  |
+| [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) |  |  | X |  |
+| [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) |  |  | X |  |
+
 
 ### Security
 
 | Feature | Development | Preview | GA | Notes |
 |-------- | :-----------: | :-------: | :--: | ----- |
 | Policy Keys- Generate, Manual, Upload |  |  | X |  |
 | Policy Keys- RSA/Cert, Secrets |  |  | X |  |
-| Policy upload |  |  | X |  |
+
 
 ### Developer interface
 
 | Feature | Development | Preview | GA | Notes |
 | ------- | :-----------: | :-------: | :--: | ----- |
 | Azure Portal-IEF UX |  |  | X |  |
-| Application Insights UserJourney Logs |  | X |  | Used for troubleshooting during development.  |
-| Application Insights Event Logs (via orchestration steps) |  | X |  | Used to monitor user flows in production. |
+| Policy upload |  |  | X |  |
+| [Application Insights user journey logs](troubleshoot-with-application-insights.md) |  | X |  | Used for troubleshooting during development.  |
+| [Application Insights event logs](application-insights-technical-profile.md) |  | X |  | Used to monitor user flows in production. |
+
 
 ## Next steps
 
-Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).
+- Check the [Microsoft Graph operations available for Azure AD B2C](microsoft-graph-operations.md)
+- Learn more about [custom policies and the differences with user flows](custom-policy-overview.md).
@@ -5,12 +5,11 @@ services: active-directory-ds
 author: iainfoulds
 manager: daveba
 
-ms.assetid: 23a857a5-2720-400a-ab9b-1ba61e7b145a
 ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/21/2020
+ms.date: 03/30/2020
 ms.author: iainfou
 
 ---
@@ -72,7 +71,7 @@ You can connect a virtual network to another virtual network (VNet-to-VNet) in t
 
 ![Virtual network connectivity using a VPN Gateway](./media/active-directory-domain-services-design-guide/vnet-connection-vpn-gateway.jpg)
 
-For more information on using virtual private networking, read [Configure a VNet-to-VNet VPN gateway connection by using the Azure portal](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal).
+For more information on using virtual private networking, read [Configure a VNet-to-VNet VPN gateway connection by using the Azure portal](../vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal.md).
 
 ## Name resolution when connecting virtual networks
 
@@ -93,11 +92,11 @@ An Azure AD DS managed domain creates some networking resources during deploymen
 | Load balancer rules                     | When an Azure AD DS managed domain is configured for secure LDAP on TCP port 636, three rules are created and used on a load balancer to distribute the traffic. |
 
 > [!WARNING]
-> Don't delete any of the network resource created by Azure AD DS. If you delete any of the network resources, an Azure AD DS service outage occurs.
+> Don't delete or modify any of the network resource created by Azure AD DS, such as manually configuring the load balancer or rules. If you delete or modify any of the network resources, an Azure AD DS service outage may occur.
 
 ## Network security groups and required ports
 
-A [network security group (NSG)](https://docs.microsoft.com/azure/virtual-network/virtual-networks-nsg) contains a list of rules that allow or deny network traffic to traffic in an Azure virtual network. A network security group is created when you deploy Azure AD DS that contains a set of rules that let the service provide authentication and management functions. This default network security group is associated with the virtual network subnet your Azure AD DS managed domain is deployed into.
+A [network security group (NSG)](../virtual-network/virtual-networks-nsg.md) contains a list of rules that allow or deny network traffic to traffic in an Azure virtual network. A network security group is created when you deploy Azure AD DS that contains a set of rules that let the service provide authentication and management functions. This default network security group is associated with the virtual network subnet your Azure AD DS managed domain is deployed into.
 
 The following network security group rules are required for Azure AD DS to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet your Azure AD DS managed domain is deployed into.
 
 
@@ -91,9 +91,9 @@ The following snippet shows an example of the response:
 You can use different types of logs in Azure to manage and troubleshoot application gateways. You can access some of these logs through the portal. All logs can be extracted from Azure Blob storage and viewed in different tools, such as [Azure Monitor logs](../azure-monitor/insights/azure-networking-analytics.md), Excel, and Power BI. You can learn more about the different types of logs from the following list:
 
 * **Activity log**: You can use [Azure activity logs](../monitoring-and-diagnostics/insights-debugging-with-events.md) (formerly known as operational logs and audit logs) to view all operations that are submitted to your Azure subscription, and their status. Activity log entries are collected by default, and you can view them in the Azure portal.
-* **Access log**: You can use this log to view Application Gateway access patterns and analyze important information. This includes the caller's IP, requested URL, response latency, return code, and bytes in and out. An access log is collected every 300 seconds. This log contains one record per instance of Application Gateway. The Application Gateway instance is identified by the instanceId property.
+* **Access log**: You can use this log to view Application Gateway access patterns and analyze important information. This includes the caller's IP, requested URL, response latency, return code, and bytes in and out. An access log is collected every 60 seconds. This log contains one record per instance of Application Gateway. The Application Gateway instance is identified by the instanceId property.
 * **Performance log**: You can use this log to view how Application Gateway instances are performing. This log captures performance information for each instance, including total requests served, throughput in bytes, total requests served, failed request count, and healthy and unhealthy back-end instance count. A performance log is collected every 60 seconds. The Performance log is available only for the v1 SKU. For the v2 SKU, use [Metrics](application-gateway-metrics.md) for performance data.
-* **Firewall log**: You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall.
+* **Firewall log**: You can use this log to view the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall. Firewall logs are collected every 60 seconds. 
 
 > [!NOTE]
 > Logs are available only for resources deployed in the Azure Resource Manager deployment model. You cannot use logs for resources in the classic deployment model. For a better understanding of the two models, see the [Understanding Resource Manager deployment and classic deployment](../azure-resource-manager/management/deployment-models.md) article.
 
@@ -348,11 +348,11 @@ Currently, one instance of Ingress Controller can only be associated to one Appl
 
 Application Gateway provides three logs: 
 
-* **ApplicationGatewayAccessLog**: The access log contains each request submitted to the application gateway frontend. The data includes the caller's IP, URL requested, response latency, return code, and bytes in and out. The access log is collected every 300 seconds. It contains one record per application gateway.
+* **ApplicationGatewayAccessLog**: The access log contains each request submitted to the application gateway frontend. The data includes the caller's IP, URL requested, response latency, return code, and bytes in and out. It contains one record per application gateway.
 * **ApplicationGatewayPerformanceLog**: The performance log captures performance information for each application gateway. Information includes the throughput in bytes, total requests served, failed request count, and healthy and unhealthy backend instance count.
 * **ApplicationGatewayFirewallLog**: For application gateways that you configure with WAF, the firewall log contains requests that are logged through either detection mode or prevention mode.
 
-For more information, see [Backend health, diagnostics logs, and metrics for Application Gateway](application-gateway-diagnostics.md).
+All logs are collected every 60 seconds. For more information, see [Backend health, diagnostics logs, and metrics for Application Gateway](application-gateway-diagnostics.md).
 
 ### How do I know if my backend pool members are healthy?
Original file line number	Diff line number	Diff line change
`@@ -50470,6 +50470,10 @@`
`50470`	`50470`	`{`
`50471`	`50471`	`"source_path": "articles/cognitive-services/speech-service/how-to-custom-speech-test-data.md",`
`50472`	`50472`	`"redirect_url": "/azure/cognitive-services/speech-service/how-to-custom-speech-test-and-train"`
	`50473`	`+ },`
	`50474`	`+ {`
	`50475`	`+ "source_path": "articles/sql-database/sql-database-paas-index.yml",`
	`50476`	`+ "redirect_url": "/azure/sql-database/sql-database-technical-overview"`
`50473`	`50477`	`}`
`50474`	`50478`	`]`
`50475`	`50479`	`}`