Merge pull request #105641 from MicrosoftDocs/master

2/26 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -831,6 +831,11 @@
       "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/personalizer/how-to-learning-policy.md",
+      "redirect_url": "/azure/cognitive-services/personalizer/how-to-manage-model",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/LUIS/luis-tutorial-bot-csharp-appinsights.md",
       "redirect_url": "/azure/cognitive-services/LUIS/luis-csharp-tutorial-bf-v4",
@@ -45118,7 +45123,7 @@
     },
     {
       "source_path": "articles/iot-central/howto-connect-nodejs.md",
-      "redirect_url": "/azure/iot-central/core/howto-connect-nodejs/",
+      "redirect_url": "/azure/iot-central/core/tutorial-connect-device/",
       "redirect_document_id": true
     },
     {
@@ -45598,7 +45603,7 @@
     },
     {
       "source_path": "articles/iot-central/core/howto-connect-nodejs.md",
-      "redirect_url": "/azure/iot-central/core/",
+      "redirect_url": "/azure/iot-central/core/tutorial-connect-device/",
       "redirect_document_id": false
     },
     {
@@ -48941,6 +48946,11 @@
       "source_path": "articles/storage/common/storage-java-jenkins-continuous-integration-solution.md",
       "redirect_url": "/azure/jenkins/storage-java-jenkins-continuous-integration-solution",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/acs-aks-migration.md",
+      "redirect_url": "/azure/aks/aks-migration",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/code-samples.md

@@ -35,7 +35,6 @@ The following tables provide links to samples for applications including iOS, An
 | [dotnet-webapp-and-webapi](https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi) | A combined sample for a .NET web application that calls a .NET Web API, both secured using Azure AD B2C. |
 | [dotnetcore-webapp](https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp) | An ASP.NET Core web application that can sign in a user using Azure AD B2C, get an access token using MSAL.NET and call an API. |
 | [openidconnect-nodejs](https://github.com/AzureADQuickStarts/B2C-WebApp-OpenIDConnect-NodeJS) | A Node.js app that provides a quick and easy way to set up a Web application with Express using OpenID Connect. |
-| [javascript-nodejs-webapp](https://github.com/AzureADQuickStarts/active-directory-b2c-javascript-nodejs-webapp) | A node.js server that provides a quick and easy way to set up a REST API service using the OAuth2 protocol. |
 | [javascript-nodejs-webapi](https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi) | A small node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using passport.js. |
 | [ms-identity-python-webapp](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/README_B2C.md) | Demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application.  |
 

articles/active-directory-b2c/page-layout.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/10/2020
+ms.date: 02/26/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -29,7 +29,7 @@ Page layout packages are periodically updated to include fixes and improvements
 
 - All pages
   - Accessibility fixes
-  - You can now add the `data-preload="true"` attribute in your HTML tags to control the load order for CSS and JavaScript.
+  - You can now add the `data-preload="true"` attribute [in your HTML tags](custom-policy-ui-customization.md#guidelines-for-using-custom-page-content) to control the load order for CSS and JavaScript.
     - Load linked CSS files at the same time as your HTML template so it doesn't 'flicker' between loading the files.
     - Control the order in which your `script` tags are fetched and executed before the page load.
   - Email field is now `type=email` and mobile keyboards will provide the correct suggestions

articles/active-directory-b2c/phone-number-claims-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/14/2020
+ms.date: 02/26/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -22,9 +22,39 @@ This article provides reference and examples for using the phone number claims t
 
 [!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
 
+## ConvertPhoneNumberClaimToString
+
+Converts a `phoneNumber` data type into a `string` data type.
+
+| Item | TransformationClaimType | Data Type | Notes |
+| ---- | ----------------------- | --------- | ----- |
+| InputClaim | phoneNumber | phoneNumber |  The ClaimType to convert to a string. |
+| OutputClaim | phoneNumberString | string | The ClaimType that is produced after this claims transformation has been invoked. |
+
+In this example, the cellPhoneNumber claim with a value type of `phoneNumber` is converted to a cellPhone claim with a value type of `string`.
+
+```XML
+<ClaimsTransformation Id="PhoneNumberToString" TransformationMethod="ConvertPhoneNumberClaimToString">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="cellPhoneNumber" TransformationClaimType="phoneNumber" />
+  </InputClaims>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="cellPhone" TransformationClaimType="phoneNumberString" />
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+### Example
+
+- Input claims:
+  - **phoneNumber**: +11234567890 (phoneNumber)
+- Output claims:
+  - **phoneNumberString**: +11234567890 (string)
+
+
 ## ConvertStringToPhoneNumberClaim
 
-This claim validates the format of the phone number. If it is in a valid format, change it to a standard format used by Azure AD B2C. If the provided phone number is not in a valid format, an error message is returned.
+This claim transformation validates the format of the phone number. If it is in a valid format, change it to a standard format used by Azure AD B2C. If the provided phone number is not in a valid format, an error message is returned.
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
@@ -64,10 +94,10 @@ The self-asserted technical profile that calls the validation technical profile
 ### Example 1
 
 - Input claims:
-  - **phoneNumberString**: 045 456-7890
+  - **phoneNumberString**: 033 456-7890
   - **country**: DK
 - Output claims:
-  - **outputClaim**: +450546148120
+  - **outputClaim**: +450334567890
 
 ### Example 2
 
@@ -76,6 +106,7 @@ The self-asserted technical profile that calls the validation technical profile
 - Output claims: 
   - **outputClaim**: +11234567890
 
+
 ## GetNationalNumberAndCountryCodeFromPhoneNumberString
 
 This extracts the country code and the national number from the input claim, and optionally throws an exception if the supplied phone number is not valid.

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -968,6 +968,9 @@ To host the service within Internet Information Services, a developer would buil
 
 Requests from Azure Active Directory include an OAuth 2.0 bearer token.   Any service receiving the request should authenticate the issuer as being Azure Active Directory for the expected Azure Active Directory tenant, for access to the Microsoft Graph API service.  In the token, the issuer is identified by an iss claim, like "iss":"https://sts.windows.net/cbb1a5ac-f33b-45fa-9bf5-f37db0fed422/".  In this example, the base address of the claim value, https://sts.windows.net, identifies Azure Active Directory as the issuer, while the relative address segment, cbb1a5ac-f33b-45fa-9bf5-f37db0fed422, is a unique identifier of the Azure Active Directory tenant for which the token was issued. The audience for the token will be the application template ID for the app in the gallery. The application template ID for all custom apps is 8adf8e6e-67b2-4cf2-a259-e3dc5476c621. The application template ID for each app in the gallery varies. Please contact [email protected] for questions on the application template ID for a gallery application. Each of the applications registered in a single tenant may receive the same `iss` claim with SCIM requests.
 
+   > [!NOTE]
+   > It's ***not*** recommended to leave this field blank and rely on a token generated by Azure AD. This option is primarily available for testing purposes.
+
 Developers using the CLI libraries provided by Microsoft for building a SCIM service can authenticate requests from Azure Active Directory using the Microsoft.Owin.Security.ActiveDirectory package by following these steps: 
 
 First, in a provider, implement the Microsoft.SystemForCrossDomainIdentityManagement.IProvider.StartupBehavior property by having it return a method to be called whenever the service is started: 
@@ -1452,6 +1455,8 @@ Follow the checklist below to ensure that your application is onboarded quicky a
 > [!div class="checklist"]
 > * Support a [SCIM 2.0 ](https://docs.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#step-2-understand-the-azure-ad-scim-implementation) user and group endpoint (Only one is required but both are recommended)
 > * Support at least 25 requests per second per tenant (Required)
+> * Establish engineering and support contacts to guide customers post gallery onboarding (Required)
+> * 3 Non-expiring test credentials for your application (Required)
 > * Support the OAuth authorization code grant or a long lived token as described below (Required)
 > * Establish an engineering and support point of contact to support customers post gallery onboarding (Required)
 > * Support updating multiple group memberships with a single PATCH (Recommended) 

articles/active-directory/cloud-provisioning/how-to-configure.md

@@ -7,13 +7,13 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/05/2019
+ms.date: 02/26/2020
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
 ---
 
-# Azure AD Connect cloud provisioning new agent configuration
+# Create a new configuration for Azure AD Connect cloud-based provisioning
 
 After you've installed the agent, you need to sign in to the Azure portal and configure Azure Active Directory (Azure AD) Connect cloud provisioning. Follow these steps to enable the agent.
 
@@ -51,7 +51,8 @@ You can scope the agent to synchronize specific users and groups by using on-pre
 
     ![Selected security groups option](media/how-to-configure/scope3.png)
 
-1.  Or you can change the scope to include only specific organizational units. Select **Done** and **Save**.
+1.  Or you can change the scope to include only specific organizational units. Select **Done** and **Save**.  
+2.  Once you have changed the scope, you should [restart provisioning](#restart-provisioning) to initiate an immediate synchronization of the changes.
 
     ![Selected organizational units option](media/how-to-configure/scope4.png)
 

articles/active-directory/cloud-provisioning/how-to-install.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/02/2019
+ms.date: 02/26/2020
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -91,7 +91,7 @@ To verify that the agent is running, follow these steps.
     ![Services screen](media/how-to-troubleshoot/troubleshoot1.png)
 
 >[!IMPORTANT]
->The agent has been installed but it must be configured and enabled before it will start synchronizing users. To configure a new agent, see [Azure AD Connect cloud provisioning new agent configuration](how-to-configure.md).
+>The agent has been installed but it must be configured and enabled before it will start synchronizing users. To configure a new agent, see [Create a new configuration for Azure AD Connect cloud-based provisioning](how-to-configure.md).
 
 
 

articles/active-directory/cloud-provisioning/index.yml

@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Azure AD Connect cloud provisioning documentation
-summary:  Cloud provisioning helps simplify and automate the management of on-premises users by keeping everything in the cloud.
+summary:  Cloud provisioning helps simplify and automate the management of Azure AD users, through cloud-managed rules for synchronizing those users from existing AD forests.
 
 
 

articles/active-directory/cloud-provisioning/plan-cloud-provisioning-topologies.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/02/2019
+ms.date: 02/26/2020
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -29,12 +29,16 @@ The following is a list of information to keep in mind when selecting a solution
 - The source anchor for objects is chosen automatically.  It uses ms-DS-ConsistencyGuid if present, otherwise ObjectGUID is used.
 - You cannot change the attribute that is used for source anchor.
 
+## Single forest, single Azure AD tenant
+![Topology for a single forest and a single tenant](media/plan-cloud-provisioning-topologies/single-forest.png)
+
+The simplest topology is a single on-premises forest, with one or multiple domains, and a single Azure AD tenant.  For an example of this scenario see [Tutorial: A single forest with a single Azure AD tenant](tutorial-single-forest.md)
 
 
 ## Multi-forest, single Azure AD tenant
 ![Topology for a multi-forest and a single tenant](media/plan-cloud-provisioning-topologies/multi-forest.png)
 
-The most common topology is a multiple AD forests, with one or multiple domains, and a single Azure AD tenant.  
+A common topology is a multiple AD forests, with one or multiple domains, and a single Azure AD tenant.  
 
 ## Existing forest with Azure AD Connect, new forest with cloud Provisioning
 ![Topology for a single forest and a single tenant](media/plan-cloud-provisioning-topologies/existing-forest-new-forest.png)
@@ -47,10 +51,7 @@ The piloting scenario involves the existence of both Azure AD Connect and Azure
 
 For an example of this scenario see [Tutorial: Pilot Azure AD Connect cloud provisioning in an existing synced AD forest](tutorial-pilot-aadc-aadccp.md)
 
-## Single forest, single Azure AD tenant
-![Topology for a single forest and a single tenant](media/plan-cloud-provisioning-topologies/single-forest.png)
 
-The simplest topology is a single on-premises forest, with one or multiple domains, and a single Azure AD tenant.  For an example of this scenario see [Tutorial: A single forest with a single Azure AD tenant](tutorial-single-forest.md)
 
 ## Next steps 
 

articles/active-directory/develop/access-tokens.md

@@ -174,7 +174,7 @@ We provide libraries and code samples that show how to easily handle token valid
 
 A JWT contains three segments, which are separated by the `.` character. The first segment is known as the **header**, the second as the **body**, and the third as the **signature**. The signature segment can be used to validate the authenticity of the token so that it can be trusted by your app.
 
-Tokens issued by Azure AD are signed using industry standard asymmetric encryption algorithms, such as RSA 256. The header of the JWT contains information about the key and encryption method used to sign the token:
+Tokens issued by Azure AD are signed using industry standard asymmetric encryption algorithms, such as RS256. The header of the JWT contains information about the key and encryption method used to sign the token:
 
 ```json
 {