Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-preview-vmware

Author: v-alje

.openpublishing.redirection.json

@@ -51485,6 +51485,121 @@
       "redirect_url": "/azure/media-services",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-add-shares.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-add-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-connect-powershell-interface.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-connect-powershell-interface",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-contact-microsoft-support.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-contact-microsoft-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-create-iot-edge-module.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-create-iot-edge-module",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-configure-compute.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-configure-compute",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-configure-compute-advanced.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-configure-compute-advanced",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-connect-setup-activate.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-connect-setup-activate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-install.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-install",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-deploy-prep.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-deploy-prep",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-extend-compute-access-modules.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-extend-compute-access-modules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-limits.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-limits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-manage-access-power-connectivity-mode.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-manage-access-power-connectivity-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-manage-bandwidth-schedules.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-manage-bandwidth-schedules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-manage-compute.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-manage-compute",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-manage-shares.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-manage-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-manage-users.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-manage-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-monitor.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-monitor",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-overview.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-return-device.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-return-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-security.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-system-requirements.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-system-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-technical-specifications-compliance.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-technical-specifications-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/databox-online/data-box-edge-troubleshoot.md",
+      "redirect_url": "/azure/databox-online/azure-stack-edge-troubleshoot", 
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/aks/kubernetes-draft.md",
       "redirect_url": "/azure/aks/quickstart-helm",

articles/active-directory-b2c/userjourneys.md

@@ -60,7 +60,7 @@ The **OrchestrationStep** element contains the following attributes:
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
 | `Order` | Yes | The order of the orchestration steps. |
-| `Type` | Yes | The type of the orchestration step. Possible values: <ul><li>**ClaimsProviderSelection** - Indicates that the orchestration step presents various claims providers to the user to select one.</li><li>**CombinedSignInAndSignUp** - Indicates that the orchestration step presents a combined social provider sign-in and local account sign-up page.</li><li>**ClaimsExchange** - Indicates that the orchestration step exchanges claims with a claims provider.</li><li>**GetClaims** - Indicates that the orchestration step reads the input claims.</li><li>**SendClaims** - Indicates that the orchestration step sends the claims to the relying party with a token issued by a claims issuer.</li></ul> |
+| `Type` | Yes | The type of the orchestration step. Possible values: <ul><li>**ClaimsProviderSelection** - Indicates that the orchestration step presents various claims providers to the user to select one.</li><li>**CombinedSignInAndSignUp** - Indicates that the orchestration step presents a combined social provider sign-in and local account sign-up page.</li><li>**ClaimsExchange** - Indicates that the orchestration step exchanges claims with a claims provider.</li><li>**GetClaims** - Specifies that the orchestration step should process claim data sent to Azure AD B2C from the relying party via its `InputClaims` configuration.</li><li>**SendClaims** - Indicates that the orchestration step sends the claims to the relying party with a token issued by a claims issuer.</li></ul> |
 | ContentDefinitionReferenceId | No | The identifier of the [content definition](contentdefinitions.md) associated with this orchestration step. Usually the content definition reference identifier is defined in the self-asserted technical profile. But, there are some cases when Azure AD B2C needs to display something without a technical profile. There are two examples - if the type of the orchestration step is one of following: `ClaimsProviderSelection` or  `CombinedSignInAndSignUp`, Azure AD B2C needs to display the identity provider selection without having a technical profile. |
 | CpimIssuerTechnicalProfileReferenceId | No | The type of the orchestration step is `SendClaims`. This property defines the technical profile identifier of the claims provider that issues the token for the relying party.  If absent, no relying party token is created. |
 

articles/active-directory/app-provisioning/how-provisioning-works.md

@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 
 Automatic provisioning refers to creating user identities and roles in the cloud applications that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change. Before you start a deployment, you can review this article to learn how Azure AD provision works and get configuration recommendations. 
 
-The **Azure AD Provisioning Service** provisions users to SaaS apps and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create, update, and remove users. For selected applications, the provisioning service can also create, update, and remove additional identity-related objects, such as groups and roles. The channel used for provisioning between Azure AD and the application is encrypted using HTTPS TLS encryption.
+The **Azure AD Provisioning Service** provisions users to SaaS apps and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create, update, and remove users. For selected applications, the provisioning service can also create, update, and remove additional identity-related objects, such as groups and roles. The channel used for provisioning between Azure AD and the application is encrypted using HTTPS TLS 1.2 encryption.
 
 
 ![Azure AD Provisioning Service](./media/how-provisioning-works/provisioning0.PNG)

articles/active-directory/develop/authentication-flows-app-scenarios.md

@@ -41,7 +41,7 @@ Applications can be categorized as in the following list:
 - [Protected resources vs. client applications](#protected-resources-vs-client-applications): Some scenarios are about protecting resources like web apps or web APIs. Other scenarios are about acquiring a security token to call a protected web API.
 - [With users or without users](#with-users-or-without-users): Some scenarios involve a signed-in user, but others, like daemon scenarios, don't involve a user.
 - [Single-page, public client, and confidential client applications](#single-page-public-client-and-confidential-client-applications): These types are three large categories of applications. Each is used with different libraries and objects.
-- [Sign-in audience](v2-supported-account-types.md#certain-authentication-flows-dont-support-all-the-account-types): The available authentication flows differ depending on the sign-in audience. Some flows are available only for work or school accounts. And some are available both for work or school accounts and for personal Microsoft accounts. The allowed audience depends on the authentication flows.
+- [Sign-in audience](v2-supported-account-types.md): The available authentication flows differ depending on the sign-in audience. Some flows are available only for work or school accounts. And some are available both for work or school accounts and for personal Microsoft accounts. The allowed audience depends on the authentication flows.
 - [Supported OAuth 2.0 flows](#scenarios-and-supported-authentication-flows):  Authentication flows are used to implement the application scenarios that are requesting tokens. There isn't a one-to-one mapping between application scenarios and authentication flows.
 - [Supported platforms](#scenarios-and-supported-platforms-and-languages): Not all application scenarios are available for every platform.
 

articles/active-directory/develop/scenario-web-app-call-api-call-api.md

@@ -56,10 +56,9 @@ public async Task<IActionResult> Profile()
    var content = await response.Content.ReadAsStringAsync();
 
    dynamic me = JsonConvert.DeserializeObject(content);
-   return me;
+   ViewData["Me"] = me;
   }
 
-  ViewData["Me"] = me;
   return View();
 }
 ```

articles/active-directory/develop/v2-supported-account-types.md

@@ -1,5 +1,5 @@
 ---
-title: Supported accounts types - Microsoft identity platform | Azure
+title: Supported account types - Microsoft identity platform | Azure
 description: Conceptual documentation about audiences and supported account types in applications
 services: active-directory
 author: jmprieur
@@ -17,39 +17,37 @@ ms.custom: aaddev, identityplatformtop40
 
 # Supported account types
 
-This article explains what accounts types (sometimes named audiences) are supported in applications.
+This article explains what account types (sometimes called *audiences*) are supported in Microsoft identity platform applications.
 
 <!-- This section can be in an include for many of the scenarios (SPA, web app signing-in users, protecting a web API, Desktop (depending on the flows), Mobile -->
 
-## Supported accounts types in Microsoft Identity platform applications
+## Account types in the public cloud
 
-In the Microsoft Azure public Cloud, most types of apps can sign in users with any audience:
+In the Microsoft Azure public cloud, most types of apps can sign in users with any audience:
 
-- If you're writing a Line of Business (LOB) application, you can sign in users in your own organization. Such an application is sometimes named **single tenant**.
-- If you're an ISV, you can write an application which signs-in users:
+- If you're writing a line-of-business (LOB) application, you can sign in users in your own organization. Such an application is sometimes called *single-tenant*.
+- If you're an ISV, you can write an application that signs in users:
 
-  - In any organization. Such an application is named a **multi-tenant** web application. You'll sometimes read that it signs-in users with their work or school accounts.
-  - With their work or school or personal Microsoft account.
-  - With only personal Microsoft account.
-    > [!NOTE]
-    > Currently the Microsoft identity platform supports personal Microsoft accounts only by registering an app for **work or school or Microsoft personal accounts**, and then, restrict sign-in in the code for the application by specifying an Azure AD authority, when building the application, such as `https://login.microsoftonline.com/consumers`.
+  - In any organization. Such an application is called a *multitenant* web application. You'll sometimes read that it signs in users with their work or school accounts.
+  - With their work or school or personal Microsoft accounts.
+  - With only personal Microsoft accounts.
+    
+- If you're writing a business-to-consumer application, you can also sign in users with their social identities, by using Azure Active Directory B2C (Azure AD B2C).
 
-- If you're writing a business to consumers application, you can also sign in users with their social identities, using Azure AD B2C.
+## Account type support in authentication flows
 
-## Certain authentication flows don't support all the account types
+Some account types can't be used with certain authentication flows. For instance, in desktop, UWP, or daemon applications:
 
-Some account types can't be used with certain authentication flows. For instance, in desktop, UWP applications, or daemon applications:
+- Daemon applications can be used only with Azure AD organizations. It doesn't make sense to try to use daemon applications to manipulate Microsoft personal accounts. The admin consent will never be granted.
+- You can use the Integrated Windows Authentication flow only with work or school accounts (in your organization or any organization). Integrated Windows Authentication works with domain accounts, it and requires the machines to be domain joined or Azure AD joined. This flow doesn't make sense for personal Microsoft accounts.
+- The [Resource Owner Password Credentials grant](./v2-oauth-ropc.md) (username/password) can't be used with personal Microsoft accounts. Personal Microsoft accounts require that the user consents to accessing personal resources at each sign-in session. That's why this behavior isn't compatible with non-interactive flows.
+- Device code flow doesn't work with personal Microsoft accounts.
 
-- Daemon applications can only be used with Azure Active Directory organizations. It doesn't make sense to attempt to use daemon applications to manipulate Microsoft personal accounts (the admin consent will never be granted).
-- You can only use the Integrated Windows Authentication flow with work or school accounts (in your organization or any organization). Indeed, Integrated Windows Authentication works with domain accounts, and requires the machines to be domain joined or Azure AD joined. This flow doesn't make sense for personal Microsoft Accounts.
-- The [Resource Owner Password Grant](./v2-oauth-ropc.md) (Username/Password), can't be used with personal Microsoft accounts. Indeed, personal Microsoft accounts require that the user consents to accessing personal resources at each sign-in session. That's why, this behavior isn't compatible with non-interactive flows.
-- Device code flow doesn't yet work with personal Microsoft accounts.
+## Account types in national clouds
 
-## Supported account types in national clouds
-
- Apps can also sign in users in [national clouds](authentication-national-cloud.md). However, Microsoft personal accounts aren't supported in these clouds (by definition of these clouds). That's why the supported account types are reduced, for these clouds, to your organization (single tenant) or any organizations (multi-tenant applications).
+Apps can also sign in users in [national clouds](authentication-national-cloud.md). However, Microsoft personal accounts aren't supported in these clouds. That's why the supported account types are reduced, for these clouds, to your organization (single tenant) or any organizations (multitenant applications).
 
 ## Next steps
 
-- Learn more about [Tenancy in Azure Active Directory](./single-and-multi-tenant-apps.md)
-- Learn more about [National Clouds](./authentication-national-cloud.md)
+- Learn more about [tenancy in Azure Active Directory](./single-and-multi-tenant-apps.md).
+- Learn more about [national clouds](./authentication-national-cloud.md).

articles/active-directory/saas-apps/docusign-tutorial.md

@@ -218,7 +218,7 @@ In this section, you'll grant B.Simon access to DocuSign so that this user can u
 
        1. Copy the **Service Provider Assertion Consumer Service URL**, and then paste it into the **Reply URL** box in **Basic SAML Configuration** section in the Azure portal.
 
-       1. Copy the **Service Provider Login URL**, and then paste it into the **Sign On URL** box in **Basic SAML Configuration** section in the Azure portal.
+       1. Copy the **Service Provider Login URL**, and then paste it into the **Sign On URL** box in **Basic SAML Configuration** section in the Azure portal. At the end of the **Service Provider Login URL** you will get the IDPID value.
 
        1. Select **Close**.
 

articles/active-directory/users-groups-roles/groups-naming-policy.md

@@ -37,7 +37,7 @@ You can enforce naming policy for groups in two different ways:
 
 ### Prefix-suffix naming policy
 
-The general structure of the naming convention is ‘Prefix[GroupName]Suffix’. While you can define multiple prefixes and suffixes, you can only have one instance of the [GroupName] in the setting. The prefixes or suffixes can be either fixed strings or user attributes such as \[Department\] that are substituted based on the user who is creating the group. The total allowable number of characters for your prefix and suffix strings combined is 53 characters. 
+The general structure of the naming convention is ‘Prefix[GroupName]Suffix’. While you can define multiple prefixes and suffixes, you can only have one instance of the [GroupName] in the setting. The prefixes or suffixes can be either fixed strings or user attributes such as \[Department\] that are substituted based on the user who is creating the group. The total allowable number of characters for your prefix and suffix strings including group name is 53 characters. 
 
 Prefixes and suffixes can contain special characters that are supported in group name and group alias. Any characters in the prefix or suffix that are not supported in the group alias are still applied in the group name, but removed from the group alias. Because of this restriction, the prefixes and suffixes applied to the group name might be different from the ones applied to the group alias.