Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into sqldw_move1

Author: julieMSFT

.openpublishing.redirection.json

@@ -2170,6 +2170,11 @@
       "redirect_url": "/azure/cosmos-db/create-sql-api-python",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cosmos-db/cosmos-db-security-controls.md",
+      "redirect_url": "/azure/cosmos-db/security-baseline",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cosmos-db/powershell-samples.md",
       "redirect_url": "/azure/cosmos-db/powershell-samples-sql",
@@ -13604,6 +13609,11 @@
       "redirect_url": "/azure/event-hubs/authorize-access-azure-active-directory",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/event-hubs/event-hubs-tutorial-virtual-networks-firewalls.md",
+      "redirect_url": "/azure/event-hubs/event-hubs-service-endpoints",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "articles/active-directory/active-directory-saml-protocol-reference.md",
       "redirect_url": "/azure/active-directory/develop/active-directory-saml-protocol-reference",
@@ -15786,7 +15796,12 @@
     },
     {
       "source_path": "articles/machine-learning/machine-learning-dedicated-capacity-for-bes-jobs.md",
-      "redirect_url": "/azure/machine-learning/studio/dedicated-capacity-for-bes-jobs",
+      "redirect_url": "/azure/machine-learning/studio/consume-web-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/studio/dedicated-capacity-for-bes-jobs.md",
+      "redirect_url": "/azure/machine-learning/studio/consume-web-services",
       "redirect_document_id": false
     },
     {
@@ -49284,6 +49299,11 @@
       "redirect_url": "/azure/azure-monitor/overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cli/index.yml",
+      "redirect_url": "/cli/azure",
+      "redirect_document_id": false 
+    },
     {
       "source_path": "articles/virtual-machines/linux/tutorial-build-deploy-jenkins.md",
       "redirect_url": "/azure/jenkins/tutorial-build-deploy-jenkins",
@@ -49364,6 +49384,16 @@
       "redirect_url": "/azure/cognitive-services/speech-service",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/media-services/latest/access-api-portal.md",
+      "redirect_url": "/azure/media-services/latest/access-api-howto",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/media-services/latest/access-api-cli-how-to.md",
+      "redirect_url": "/azure/media-services/latest/access-api-howto",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/media-services/latest/create-account-portal.md",
       "redirect_url": "/azure/media-services/latest/create-account-howto",
@@ -49373,6 +49403,21 @@
       "source_path": "articles/media-services/latest/create-account-cli-how-to.md",
       "redirect_url": "/azure/media-services/latest/create-account-howto",
       "redirect_document_id": false
+    },
+    { 
+      "source_path": "articles/mariadb/howto-tls-configurations.md", 
+      "redirect_url": "/azure/mariadb/howto-configure-ssl", 
+      "redirect_document_id": false 
+    },
+    {
+      "source_path": "articles/mysql/howto-tls-configurations.md", 
+      "redirect_url": "/azure/mysql/howto-configure-ssl", 
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/postgresql/howto-tls-configurations.md", 
+      "redirect_url": "/azure/postgresql/concepts-ssl-connection-security", 
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/boolean-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/03/2020
+ms.date: 03/16/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -62,7 +62,7 @@ Checks that boolean values of two claims are equal, and throws an exception if t
 | inputClaim | inputClaim | boolean | The ClaimType to be asserted. |
 | InputParameter |valueToCompareTo | boolean | The value to compare (true or false). |
 
-The **AssertBooleanClaimIsEqualToValue** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **UserMessageIfClaimsTransformationBooleanValueIsNotEqual** self-asserted technical profile metadata controls the error message that the technical profile presents to the user.
+The **AssertBooleanClaimIsEqualToValue** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **UserMessageIfClaimsTransformationBooleanValueIsNotEqual** self-asserted technical profile metadata controls the error message that the technical profile presents to the user. The error messages can be [localized](localization-string-ids.md#claims-transformations-error-messages).
 
 ![AssertStringClaimsAreEqual execution](./media/boolean-transformations/assert-execution.png)
 

articles/active-directory-b2c/date-transformations.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/03/2020
+ms.date: 02/16/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -31,7 +31,7 @@ Checks that one date and time claim (string data type) is later than a second da
 | InputParameter | AssertIfRightOperandIsNotPresent | boolean | Specifies whether this assertion should pass if the right operand is missing. |
 | InputParameter | TreatAsEqualIfWithinMillseconds | int | Specifies the number of milliseconds to allow between the two date times to consider the times equal (for example, to account for clock skew). |
 
-The **AssertDateTimeIsGreaterThan** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **DateTimeGreaterThan** self-asserted technical profile metadata controls the error message that the technical profile presents to the user.
+The **AssertDateTimeIsGreaterThan** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **DateTimeGreaterThan** self-asserted technical profile metadata controls the error message that the technical profile presents to the user. The error messages can be [localized](localization-string-ids.md#claims-transformations-error-messages).
 
 ![AssertStringClaimsAreEqual execution](./media/date-transformations/assert-execution.png)
 
@@ -77,8 +77,8 @@ The self-asserted technical profile calls the validation **login-NonInteractive*
 ### Example
 
 - Input claims:
-    - **leftOperand**: 2018-10-01T15:00:00.0000000Z
-    - **rightOperand**: 2018-10-01T14:00:00.0000000Z
+    - **leftOperand**: 2020-03-01T15:00:00.0000000Z
+    - **rightOperand**: 2020-03-01T14:00:00.0000000Z
 - Result: Error thrown
 
 ## ConvertDateToDateTimeClaim
@@ -106,9 +106,9 @@ The following example demonstrates the conversion of the claim `dateOfBirth` (da
 ### Example
 
 - Input claims:
-    - **inputClaim**: 2019-06-01
+    - **inputClaim**: 2020-15-03
 - Output claims:
-    - **outputClaim**: 1559347200 (June 1, 2019 12:00:00 AM)
+    - **outputClaim**: 2020-15-03T00:00:00.0000000Z
 
 ## ConvertDateTimeToDateClaim
 
@@ -135,9 +135,9 @@ The following example demonstrates the conversion of the claim `systemDateTime`
 ### Example
 
 - Input claims:
-  - **inputClaim**: 1559347200 (June 1, 2019 12:00:00 AM)
+  - **inputClaim**: 2020-15-03T11:34:22.0000000Z
 - Output claims:
-  - **outputClaim**: 2019-06-01
+  - **outputClaim**: 2020-15-03
 
 ## GetCurrentDateTime
 
@@ -158,7 +158,7 @@ Get the current UTC date and time and add the value to a ClaimType.
 ### Example
 
 * Output claims:
-    * **currentDateTime**: 1534418820 (August 16, 2018 11:27:00 AM)
+    * **currentDateTime**: 2020-15-03T11:40:35.0000000Z
 
 ## DateTimeComparison
 
@@ -194,8 +194,8 @@ To run the claim transformation, you first need to get the current dateTime and
 ### Example
 
 - Input claims:
-    - **firstDateTime**: 2018-01-01T00:00:00.100000Z
-    - **secondDateTime**: 2018-04-01T00:00:00.100000Z
+    - **firstDateTime**: 2020-01-01T00:00:00.100000Z
+    - **secondDateTime**: 2020-04-01T00:00:00.100000Z
 - Input parameters:
     - **operator**: later than
     - **timeSpanInSeconds**: 7776000 (90 days)

articles/active-directory-b2c/localization-string-ids.md

@@ -1,14 +1,14 @@
 ---
 title: Localization string IDs - Azure Active Directory B2C | Microsoft Docs
-description: Specify the IDs for a content definition with an Id of api.signuporsignin in a custom policy in Azure Active Directory B2C.
+description: Specify the IDs for a content definition with an ID of api.signuporsignin in a custom policy in Azure Active Directory B2C.
 services: active-directory-b2c
 author: msmimart
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/09/2020
+ms.date: 03/16/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -21,7 +21,7 @@ The **Localization** element enables you to support multiple locales or language
 
 ## Sign-up or sign-in page elements
 
-The following Ids are used for a content definition with an ID of `api.signuporsignin`.
+The following IDs are used for a content definition with an ID of `api.signuporsignin`.
 
 | ID | Default value |
 | -- | ------------- |
@@ -87,7 +87,7 @@ The following example localizes the Facebook identity provider to Arabic:
 | **UserMessageIfUserAccountLocked** | Your account is temporarily locked to prevent unauthorized use. Try again later. |
 | **AADRequestsThrottled** | There are too many requests at this moment. Please wait for some time and try again. |
 
-## Sign-up and self asserted pages user interface elements
+## Sign-up and self-asserted pages user interface elements
 
 The following are the IDs for a content definition with an ID of `api.localaccountsignup` or any content definition that starts with `api.selfasserted`, such as `api.selfasserted.profileupdate` and `api.localaccountpasswordreset`.
 
@@ -128,7 +128,7 @@ The following are the IDs for a content definition with an ID of `api.localaccou
 | **ver_intro_msg** | Verification is necessary. Please click Send button. |
 | **ver_input** | Verification code |
 
-### Sign-up and self asserted pages error messages
+### Sign-up and self-asserted pages error messages
 
 | ID | Default value |
 | -- | ------------- |
@@ -253,6 +253,32 @@ The following are the IDs for a [one time password technical profile](one-time-p
 ```
 
 
+## Claims transformations error messages
+
+The following are the IDs for claims transformations error messages:
+
+| ID | Claims transformation | Default value |
+| -- | ------------- |------------- |
+|UserMessageIfClaimsTransformationBooleanValueIsNotEqual |[AssertBooleanClaimIsEqualToValue](boolean-transformations.md#assertbooleanclaimisequaltovalue) | Boolean claim value comparison failed for claim type "inputClaim".| 
+|DateTimeGreaterThan |[AssertDateTimeIsGreaterThan](date-transformations.md#assertdatetimeisgreaterthan) | Claim value comparison failed: The provided left operand is greater than the right operand.|
+|UserMessageIfClaimsTransformationStringsAreNotEqual |[AssertStringClaimsAreEqual](string-transformations.md#assertstringclaimsareequal) | Claim value comparison failed using StringComparison "OrdinalIgnoreCase".|
+
+### Example
+
+```XML
+<LocalizedResources Id="api.localaccountsignup.en">
+  <LocalizedStrings>
+    <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">Your email address hasn't been verified.</LocalizedString>
+    <LocalizedString ElementType="ErrorMessage" StringId="DateTimeGreaterThan">Expiration date must be greater that the current date.</LocalizedString>
+    <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfClaimsTransformationStringsAreNotEqual">The email entry fields do not match. Please enter the same email address in both fields and try again.</LocalizedString>
+  </LocalizedStrings>
+</LocalizedResources>
+```
+
+
+
+
+
 
 
 

articles/active-directory-b2c/string-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/24/2020
+ms.date: 03/16/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -30,7 +30,7 @@ Compare two claims, and throw an exception if they are not equal according to th
 | InputClaim | inputClaim2 | string | Second claim's type, which is to be compared. |
 | InputParameter | stringComparison | string | string comparison, one of the values: Ordinal, OrdinalIgnoreCase. |
 
-The **AssertStringClaimsAreEqual** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md), or a [DisplayConrtol](display-controls.md). The `UserMessageIfClaimsTransformationStringsAreNotEqual` metadata of a self-asserted technical profile controls the error message that is presented to the user.
+The **AssertStringClaimsAreEqual** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md), or a [DisplayConrtol](display-controls.md). The `UserMessageIfClaimsTransformationStringsAreNotEqual` metadata of a self-asserted technical profile controls the error message that is presented to the user. The error messages can be [localized](localization-string-ids.md#claims-transformations-error-messages).
 
 
 ![AssertStringClaimsAreEqual execution](./media/string-transformations/assert-execution.png)

articles/active-directory/app-provisioning/application-provisioning-configure-api.md

@@ -171,7 +171,7 @@ Content-type: application/json
 
 ### Retrieve the template for the provisioning connector
 
-Applications in the gallery that are enabled for provisioning have templates to streamline configuration. Use the request below to [retrieve the template for the provisioning configuration](https://docs.microsoft.com/graph/api/synchronization-synchronizationtemplate-list?view=graph-rest-beta&tabs=http).
+Applications in the gallery that are enabled for provisioning have templates to streamline configuration. Use the request below to [retrieve the template for the provisioning configuration](https://docs.microsoft.com/graph/api/synchronization-synchronizationtemplate-list?view=graph-rest-beta&tabs=http). Note that you will need to provide the ID. The ID refers to the preceding resource, which in this case is the ServicePrincipal. 
 
 #### *Request*
 
@@ -263,10 +263,10 @@ Content-type: application/json
 
 ### Test the connection to the application
 
-Test the connection with the third-party application. The example below is for an application that requires clientSecret and secretToken. Each application has its on requirements. Review the [API documentation](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-validatecredentials?view=graph-rest-beta&tabs=http) to see the available options. 
+Test the connection with the third-party application. The example below is for an application that requires clientSecret and secretToken. Each application has its on requirements. Applications often use BaseAddress in place of ClientSecret. To determine what credentials your app requires, navigate to the provisioning configuration page for your application and in developer mode click test connection. The network traffic will show the parameters used for credentials. The full list of credentials can be found [here](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-validatecredentials?view=graph-rest-beta&tabs=http). 
 
 #### *Request*
-```http
+```msgraph-interactive
 POST https://graph.microsoft.com/beta/servicePrincipals/{id}/synchronization/jobs/{id}/validateCredentials
 { 
     credentials: [ 
@@ -290,7 +290,7 @@ HTTP/1.1 204 No Content
 Configuring provisioning requires establishing a trust between Azure AD and the application. Authorize access to the third-party application. The example below is for an application that requires clientSecret and secretToken. Each application has its on requirements. Review the [API documentation](https://docs.microsoft.com/graph/api/synchronization-synchronizationjob-validatecredentials?view=graph-rest-beta&tabs=http) to see the available options. 
 
 #### *Request*
-```json
+```msgraph-interactive
 PUT https://graph.microsoft.com/beta/servicePrincipals/{id}/synchronization/secrets 
  
 { 

articles/active-directory/authentication/tutorial-enable-sspr-writeback.md

@@ -50,7 +50,6 @@ Azure AD Connect lets you synchronize users, groups, and credential between an o
 To correctly work with SSPR writeback, the account specified in Azure AD Connect must have the appropriate permissions and options set. If you're not sure which account is currently in use, open Azure AD Connect and select the **View current configuration** option. The account that you need to add permissions to is listed under **Synchronized Directories**. The following permissions and options must be set on the account:
 
 * **Reset password**
-* **Change password**
 * **Write permissions** on `lockoutTime`
 * **Write permissions** on `pwdLastSet`
 * **Extended rights** on either:
@@ -68,7 +67,6 @@ To set up the appropriate permissions for password writeback to occur, complete
 1. For **Principal**, select the account that permissions should be applied to (the account used by Azure AD Connect).
 1. In the **Applies to** drop-down list, select **Descendant User objects**.
 1. Under *Permissions*, select the boxes for the following options:
-    * **Change password**
     * **Reset password**
 1. Under *Properties*, select the boxes for the following options. You need to scroll through the list to find these options, which may already be set by default:
     * **Write lockoutTime**

articles/active-directory/develop/howto-convert-app-to-be-multi-tenant.md

@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 02/19/2020
+ms.date: 03/17/2020
 ms.author: ryanwi
 ms.reviewer: jmprieur, lenalepa, sureshja, kkrishna
 ms.custom: aaddev
@@ -172,7 +172,7 @@ In this article, you learned how to build an application that can sign in a user
 
 ## Related content
 
-* [Multi-tenant application sample](https://github.com/mspnp/multitenant-saas-guidance)
+* [Multi-tenant application sample](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/2-WebApp-graph-user/2-3-Multi-Tenant/README.md)
 * [Branding guidelines for applications][AAD-App-Branding]
 * [Application objects and service principal objects][AAD-App-SP-Objects]
 * [Integrating applications with Azure Active Directory][AAD-Integrating-Apps]