Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: Ankita Dutta

.openpublishing.redirection.azure-monitor.json

@@ -1,11 +1,6 @@
 {
     "redirections": [
-       {
-            "source_path_from_root": "/articles/azure-monitor/snapshot-debugger/snapshot-debugger-troubleshoot.md",
-            "redirect_url": "https://learn.microsoft.com/troubleshoot/azure/azure-monitor/app-insights/snapshot-debugger-troubleshoot",
-            "redirect_document_id": false
-        },
-        {
+         {
             "source_path_from_root": "/articles/azure-monitor/best-practices.md",
             "redirect_url": "/azure/azure-monitor/getting-started",
             "redirect_document_id": false

.openpublishing.redirection.deployment-environments.json

@@ -14,6 +14,11 @@
       "source_path_from_root": "/articles/deployment-environments/tutorial-create-and-configure-projects.md",
       "redirect_url": "/azure/deployment-environments/quickstart-create-and-configure-projects",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/deployment-environments/how-to-configure-use-cli.md",
+      "redirect_url": "https://aka.ms/CLI-reference",
+      "redirect_document_id": false
     }
   ]
 }

.openpublishing.redirection.dev-box.json

@@ -9,6 +9,11 @@
       "source_path_from_root": "/articles/dev-box/quickstart-configure-dev-box-project.md",
       "redirect_url": "/azure/dev-box/quickstart-configure-dev-box-service",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/dev-box/cli-reference-subset.md",
+      "redirect_url": "https://aka.ms/CLI-reference",
+      "redirect_document_id": false
     }
   ]
 }

.openpublishing.redirection.json

@@ -9,7 +9,7 @@ metadata:
   ms.service: active-directory
   ms.workload: identity
   ms.topic: faq
-  ms.date: 02/09/2023
+  ms.date: 03/15/2023
   ms.author: godonnell
   ms.subservice: B2C
   ms.custom: "b2c-support"
@@ -64,7 +64,12 @@ sections:
           * Microsoft account: openid email profile
           * Amazon: profile
           * LinkedIn: r_emailaddress, r_basicprofile
-          
+
+      - question: |
+          I'm using ADFS as an identity provider in Azure AD B2C. When I try to initiate a sign out request from Azure AD B2C, ADFS shows the error *MSIS7084: SAML logout request and logout response messages must be signed when using SAML HTTP Redirect or HTTP POST binding*. How do I resolve this issue?
+        answer: |
+          On the ADFS server, run: `Set-AdfsProperties -SignedSamlRequestsRequired $true`. This will force Azure AD B2C to sign all requests to ADFS.
+        
       - question: |
           Does my application have to be run on Azure for it work with Azure AD B2C?
         answer: |
@@ -256,6 +261,11 @@ sections:
           
           1. Retrieve the `RefreshToken` again.
           
+      - question: |
+         I use multiple tabs in a web browser to sign in to multiple applications that I registered in the same Azure AD B2C tenant. When I try to perform a single sign out, not all of the applications are signed out. Why does this happen? 
+        answer: |
+          Currently, Azure AD B2C doesn't support single sign out for this specific scenario. It's caused by cookie contention as all the applications operates on the same cookie simultaneously.
+          
       - question: |
           How do I report issues with Azure AD B2C?
         answer: |

articles/active-directory-b2c/faq.yml

@@ -81,6 +81,7 @@ Define the OpenId Connect identity provider by adding it to the **ClaimsProvider
             <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
             <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
             <OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
+            <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid"/>
           </OutputClaims>
           <OutputClaimsTransformations>
             <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>

articles/active-directory-b2c/identity-provider-generic-openid-connect.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/06/2022
+ms.date: 03/20/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -17,7 +17,7 @@ ms.reviewer: arvinh
 
 Microsoft Azure AD provides support for user provisioning to third-party SaaS applications such as Salesforce, G Suite and others. If you enable user provisioning for a third-party SaaS application, the Azure portal controls its attribute values through attribute-mappings.
 
-Before you get started, make sure you are familiar with app management and **single sign-on (SSO)** concepts. Check out the following links:
+Before you get started, make sure you're familiar with app management and **single sign-on (SSO)** concepts. Check out the following links:
 - [Quickstart Series on App Management in Azure AD](../manage-apps/view-applications-portal.md)
 - [What is single sign-on (SSO)?](../manage-apps/what-is-single-sign-on.md)
 
@@ -71,15 +71,15 @@ Along with this property, attribute-mappings also support the following attribut
 
 - **Source attribute** - The user attribute from the source system (example: Azure Active Directory).
 - **Target attribute** – The user attribute in the target system (example: ServiceNow).
-- **Default value if null (optional)** - The value that will be passed to the target system if the source attribute is null. This value will only be provisioned when a user is created. The "default value when null" will not be provisioned when updating an existing user. If for example, you want to provision all existing users in the target system with a particular Job Title (when it is null in the source system), you can use the following [expression](../app-provisioning/functions-for-customizing-application-data.md): Switch(IsPresent([jobTitle]), "DefaultValue", "True", [jobTitle]). Make sure to replace the "Default Value" with what you would like to provision when null in the source system. 
+- **Default value if null (optional)** - The value that will be passed to the target system if the source attribute is null. This value will only be provisioned when a user is created. The "default value when null" won't be provisioned when updating an existing user. If for example, you want to provision all existing users in the target system with a particular Job Title (when it's null in the source system), you can use the following [expression](../app-provisioning/functions-for-customizing-application-data.md): Switch(IsPresent([jobTitle]), "DefaultValue", "True", [jobTitle]). Make sure to replace the "Default Value" with what you would like to provision when null in the source system. 
 - **Match objects using this attribute** – Whether this mapping should be used to uniquely identify users between the source and target systems. It's typically set on the userPrincipalName or mail attribute in Azure AD, which is typically mapped to a username field in a target application.
-- **Matching precedence** – Multiple matching attributes can be set. When there are multiple, they're evaluated in the order defined by this field. As soon as a match is found, no further matching attributes are evaluated. While you can set as many matching attributes as you would like, consider whether the attributes you are using as matching attributes are truly unique and need to be matching attributes. Generally customers have 1 or 2 matching attributes in their configuration. 
+- **Matching precedence** – Multiple matching attributes can be set. When there are multiple, they're evaluated in the order defined by this field. As soon as a match is found, no further matching attributes are evaluated. While you can set as many matching attributes as you would like, consider whether the attributes you're using as matching attributes are truly unique and need to be matching attributes. Generally customers have 1 or 2 matching attributes in their configuration. 
 - **Apply this mapping**
   - **Always** – Apply this mapping on both user creation and update actions.
   - **Only during creation** - Apply this mapping only on user creation actions.
 
 ## Matching users in the source and target  systems
-The Azure AD provisioning service can be deployed in both "green field" scenarios (where users do not exist in the target system) and "brownfield" scenarios (where users already exist in the target system). To support both scenarios, the provisioning service uses the concept of matching attributes. Matching attributes allow you to determine how to uniquely identify a user in the source and match the user in the target. As part of planning your deployment, identify the attribute that can be used to uniquely identify a user in the source and target systems. Things to note:
+The Azure AD provisioning service can be deployed in both "green field" scenarios (where users don't exist in the target system) and "brownfield" scenarios (where users already exist in the target system). To support both scenarios, the provisioning service uses the concept of matching attributes. Matching attributes allow you to determine how to uniquely identify a user in the source and match the user in the target. As part of planning your deployment, identify the attribute that can be used to uniquely identify a user in the source and target systems. Things to note:
 
 - **Matching attributes should be unique:** Customers often use attributes such as userPrincipalName, mail, or object ID as the matching attribute.
 - **Multiple attributes can be used as matching attributes:** You can define multiple attributes to be evaluated when matching users and the order in which they are evaluated (defined as matching precedence in the UI). If for example, you define three attributes as matching attributes, and a user is uniquely matched after evaluating the first two attributes, the service will not evaluate the third attribute. The service will evaluate matching attributes in the order specified and stop evaluating when a match is found.  

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/17/2023
+ms.date: 03/20/2023
 ms.custom: template-tutorial
 ms.reviewer: arvinh
 ---

articles/active-directory/app-provisioning/scim-validator-tutorial.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/17/2023
+ms.date: 03/20/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---

articles/active-directory/app-provisioning/use-scim-to-build-users-and-groups-endpoints.md

@@ -4,7 +4,7 @@ description: Learn how to use system-preferred multifactor authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/16/2023
+ms.date: 03/20/2023
 ms.author: justinha
 author: justinha
 manager: amycolannino
@@ -94,25 +94,17 @@ Content-Type: application/json
 
 ### How does system-preferred MFA determine the most secure method?
 
-When a user signs in, the authentication process checks which authentication methods are registered for the user. The user is prompted to sign-in with the most secure method according to the following order. The order of authentication methods is dynamic. It's updated as the security landscape changes, and as better authentication methods emerge.
-
-1. Temporary Access Pass
-1. Certificate-based authentication
-1. FIDO2 security key
-1. Microsoft Authenticator notification
-1. Companion app notification
-1. Microsoft Authenticator time-based one-time password (TOTP)
-1. Companion app TOTP
-1. Hardware token based TOTP
-1. Software token based TOTP
-1. SMS over mobile
-1. OnewayVoiceMobileOTP
-1. OnewayVoiceAlternateMobileOTP
-1. OnewayVoiceOfficeOTP
-1. TwowayVoiceMobile
-1. TwowayVoiceAlternateMobile
-1. TwowayVoiceOffice
-1. TwowaySMSOverMobile
+When a user signs in, the authentication process checks which authentication methods are registered for the user. The user is prompted to sign-in with the most secure method according to the following order. The order of authentication methods is dynamic. It's updated as the security landscape changes, and as better authentication methods emerge. Click the link for information about each method.
+
+1. [Temporary Access Pass](howto-authentication-temporary-access-pass.md)
+1. [Certificate-based authentication](concept-certificate-based-authentication.md)
+1. [FIDO2 security key](concept-authentication-passwordless.md#fido2-security-keys)
+1. [Time-based one-time password (TOTP)](concept-authentication-oath-tokens.md)<sup>1</sup>
+1. [Telephony](concept-authentication-phone-options.md)<sup>2</sup>
+
+<sup>1</sup> Includes hardware or software TOTP from Microsoft Authenticator, Authenticator Lite, or third-party applications.
+<sup>2</sup> Includes SMS and voice calls.
+
 
 ### How does system-preferred MFA affect AD FS or NPS extension?