Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: tynevi

.openpublishing.redirection.json

@@ -4769,6 +4769,11 @@
       "source_path": "articles/azure-functions/functions-bindings-external-file.md",
       "redirect_url": "/azure/azure-functions/functions-triggers-bindings#supported-bindings",
       "redirect_document_id": false
+    },    
+    {
+      "source_path": "articles/azure-functions/functions-create-vnet-old.md",
+      "redirect_url": "/azure/azure-functions/functions-create-vnet",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/automation/automation-source-control-integration.md",
@@ -36183,6 +36188,16 @@
       "redirect_url": "/azure/azure-monitor/platform/data-collector-api",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/personalizer/personalizer-container-configuration.md",
+      "redirect_url": "/azure/cognitive-services/personalizer/what-is-personalizer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/personalizer/personalizer-container-howto.md",
+      "redirect_url": "/azure/cognitive-services/personalizer/what-is-personalizer",
+      "redirect_document_id": false
+    },        
     {
       "source_path": "articles/cognitive-services/LUIS/luis-quickstart-intent-and-key-phrase.md",
       "redirect_url": "/azure/cognitive-services/LUIS/luis-reference-prebuilt-keyphrase",

articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md

@@ -17,7 +17,11 @@ ms.subservice: B2C
 
  Every customer-facing application has unique requirements for the information that needs to be collected. Your Azure Active Directory (Azure AD) B2C tenant comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code. With Azure AD B2C, you can extend the set of attributes stored on each customer account. 
 
- You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).
+ You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).  
+
+> [!NOTE]
+> Support for newer [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/overview?view=graph-rest-1.0) for querying Azure AD B2C tenant is still under development.
+>
 
 ## Create a custom attribute
 
@@ -37,7 +41,8 @@ ms.subservice: B2C
 7. Optionally, enter a **Description** for informational purposes. 
 8. Click **Create**.
 
-The custom attribute is now available in the list of **User attributes** and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of **User attributes**.
+The custom attribute is now available in the list of **User attributes** and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of **User attributes**. 
+
 
 ## Use a custom attribute in your user flow
 
@@ -47,5 +52,5 @@ The custom attribute is now available in the list of **User attributes** and for
 5. Select **Application claims** and then select the custom attribute. 
 6. Click **Save**.
 
-You can use the **Run user flow** feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application.
+Once you have created a new user using a user flow which uses the newly created custom attribute, the object can be queried in [Azure AD Graph Explorer](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart). Alternatively you can use the [**Run user flow**](https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows) feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application. 
 

articles/active-directory/conditional-access/baseline-protection.md

@@ -1,5 +1,5 @@
 ---
-title: What is a baseline protection in Azure Active Directory conditional access? - preview | Microsoft Docs
+title: What is a baseline protection in Azure Active Directory conditional access? | Microsoft Docs
 description: Learn how baseline protection ensures that you have at least the baseline level of security enabled in your Azure Active Directory environment. 
 services: active-directory
 keywords: conditional access to apps, conditional access with Azure AD, secure access to company resources, conditional access policies
@@ -21,40 +21,32 @@ ms.reviewer: nigu
 
 ms.collection: M365-identity-device-management
 ---
-# What is baseline protection (preview)?  
+# What is baseline protection?
 
 In the last year, identity attacks have increased by 300%. To protect your environment from the ever-increasing attacks, Azure Active Directory (Azure AD) introduces a new feature called baseline protection. Baseline protection is a set of predefined [conditional access policies](../active-directory-conditional-access-azure-portal.md). The goal of these policies is to ensure that you have at least the baseline level of security enabled in all editions of Azure AD. 
 
 This article provides you with an overview of baseline protection in Azure Active Directory.
-
-
 
 ## Require MFA for admins
 
 Users with access to privileged accounts have unrestricted access to your environment. Due to the power these accounts have, you should treat them with special care. One common method to improve the protection of privileged accounts is to require a stronger form of account verification when they are used to sign-in. In Azure Active Directory, you can get a stronger account verification by requiring multi-factor authentication (MFA).  
 
-**Require MFA for admins** is a baseline policy that requires MFA for the following directory roles: 
-
-- Global administrator  
-
-- SharePoint administrator  
-
-- Exchange administrator  
-
-- Conditional access administrator  
-
-- Security administrator  
+**Require MFA for admins** is a baseline policy that requires MFA for the following directory roles:
 
+* Global administrator
+* SharePoint administrator
+* Exchange administrator
+* Conditional access administrator
+* Security administrator
+* Helpdesk administrator / Password administrator
+* Billing administrator
+* User administrator
 
 ![Azure Active Directory](./media/baseline-protection/01.png)
 
 This baseline policy provides you with the option to exclude users. You might want to exclude one *[emergency-access administrative account](../users-groups-roles/directory-emergency-access.md)* to ensure you are not locked out of the tenant.
 
-
-## Enable a baseline policy 
-
-While baseline policies are in preview, they are by default not activated. You need to manually enable a policy if you want to activate it. If you explicitly enable the baseline policies at the preview stage, they will remain active when this feature reaches general availability. The planned behavior change is the reason why, in addition to activate and deactivate, you have a third option to set the state of a policy: **Automatically enable policy in the future**. By selecting this option, you can leave the policies disabled during preview, but have Microsoft enable them automatically when this feature reaches general availability. If you do not explicitly enable baseline policies now, and do not select the **Automatically enable policy in the future** option, the policies will remain disabled when this feature reaches general availability.
-
+## Enable a baseline policy
 
 **To enable a baseline policy:**  
 
@@ -73,9 +65,6 @@ While baseline policies are in preview, they are by default not activated. You n
 5. To enable the policy, click **Use policy immediately**.
 
 6. Click **Save**. 
- 
-  
- 
 
 ## What you should know 
 
@@ -87,14 +76,10 @@ If you have privileged accounts that are used in your scripts, you should replac
 
 Baseline policies apply to legacy authentication flows like POP, IMAP, older Office desktop client. 
 
-
-
-
 ## Next steps
 
 For more information, see:
 
 - [Five steps to securing your identity infrastructure](https://docs.microsoft.com/azure/security/azure-ad-secure-steps)
 
 - [What is conditional access in Azure Active Directory?](overview.md) 
-

articles/active-directory/conditional-access/media/baseline-protection/01.png

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 # Evolution of Microsoft identity platform
 
-Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in users, get tokens to call APIs, such as Microsoft Graph, or APIs that developers have built. It consists of an authentication service, open-source libraries, application registration, and configuration (through a developer portal and application API), full developer documentation, quickstart samples, code samples, tutorials, how-to guides, and other developer content. The Microsoft identity platform supports industry standard protocols such as OAuth 2.0 and OpenID Connect.
+Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in users, get tokens to call APIs, such as Microsoft Graph, or APIs that developers have built. It consists of an authentication service, open-source libraries, application registration, and configuration (through a developer portal and application API), full developer documentation, quickstart samples, code samples, tutorials, how-to guides, and other developer content. The Microsoft identity platform supports industry standard protocols such as OAuth 2.0 and OpenID Connect.
 
 Up until now, most developers have worked with the Azure AD v1.0 platform to authenticate work and school accounts (provisioned by Azure AD) by requesting tokens from the Azure AD v1.0 endpoint, using Azure AD Authentication Library (ADAL), Azure portal for application registration and configuration, and Azure AD Graph API for programmatic application configuration.
 
@@ -70,4 +70,4 @@ Microsoft identity platform (v2.0) endpoint is now OIDC certified. It works with
 Learn more about v1.0 and v2.0.
 
 * [Microsoft identity platform (v2.0) overview](v2-overview.md)
-* [Azure Active Directory for developers (v1.0) overview](v1-overview.md)
+* [Azure Active Directory for developers (v1.0) overview](v1-overview.md)

articles/active-directory/develop/about-microsoft-identity-platform.md

@@ -15,7 +15,7 @@ metadata:
   ms.date: 05/07/2019
   ms.author: celested
 abstract:
-  description: Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs such as Microsoft Graph or APIs that developers have built. It’s a full-featured platform that consists of an OAuth 2.0 and OpenID Connect standard-compliant authentication service, open-source libraries, application registration and configuration, robust conceptual and reference documentation, quickstart samples, code samples, tutorials, and how-to guides.
+  description: Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs such as Microsoft Graph or APIs that developers have built. It’s a full-featured platform that consists of an OAuth 2.0 and OpenID Connect standard-compliant authentication service, open-source libraries, application registration and configuration, robust conceptual and reference documentation, quickstart samples, code samples, tutorials, and how-to guides.
   aside:
     image:
       alt: 

articles/active-directory/develop/index.yml

@@ -35,7 +35,7 @@ Learn how to call downstream APIs:
 Learn more with tutorials and samples:
 
 > [!div class="nextstepaction"]
-> [ASP.NET Core Web API Tutorial](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2)
+> [ASP.NET Core web API Tutorial](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2)
 
 > [!div class="nextstepaction"]
-> [ASP.NET Web API sample](https://github.com/azureadquickstarts/appmodelv2-nativeclient-dotnet)
+> [ASP.NET web API sample](https://github.com/azureadquickstarts/appmodelv2-nativeclient-dotnet)

articles/active-directory/develop/scenario-protected-web-api-production.md

@@ -37,7 +37,7 @@ If you want to create your first portable (ASP.NET Core) web apps that sign in u
 If you prefer to stay with ASP.NET, try out the following tutorial:
 
 > [!div class="nextstepaction"]
-> [Quickstart: ASP.NET Core web app that signs-in users](quickstart-v2-aspnet-webapp.md)
+> [Quickstart: ASP.NET web app that signs-in users](quickstart-v2-aspnet-webapp.md)
 
 ## Overview
 

articles/active-directory/develop/scenario-web-app-sign-user-overview.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 
 # Microsoft identity platform (v2.0) overview
 
-Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) identity service and developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
+Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
 
 - **OAuth 2.0 and OpenID Connect standard-compliant authentication service** that enables developers to authenticate any Microsoft identity, including:
   - Work or school accounts (provisioned through Azure AD)
@@ -76,4 +76,4 @@ When you’re ready to launch your app into a **production environment**, review
 
 ## Learn more
 
-If you’d planning to build a customer-facing application that signs in social and local identities, take a look at the [Azure AD B2C overview](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-add-identity-providers).
+If you’re planning to build a customer-facing application that signs in social and local identities, see the [Azure AD B2C overview](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-add-identity-providers).

articles/active-directory/develop/v2-overview.md

@@ -21,7 +21,6 @@ For the complete sample script used in this article, see [Azure CLI samples - AK
 The following limitations apply:
 
 - Azure AD can only be enabled when you create a new, RBAC-enabled cluster. You can't enable Azure AD on an existing AKS cluster.
-- *Guest* users in Azure AD, such as if you use a federated sign in from a different directory, are not supported.
 
 ## Before you begin
 
@@ -233,8 +232,9 @@ If you see an authorization error message after you've successfully signed in us
 error: You must be logged in to the server (Unauthorized)
 ```
 
-* The user you are signed in as is not a *Guest* in the Azure AD instance (this is often the case if you use a federated login from a different directory).
+* You defined the appropriate object ID or UPN, depending on if the user account is in the same Azure AD tenant or not.
 * The user is not a member of more than 200 groups.
+* Secret defined in the application registration for server matches the value configured using `--aad-server-app-secret`
 
 ## Next steps