Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into servicenow-api

Author: ElazarK

.github/workflows/stale.yml

@@ -19,8 +19,7 @@ jobs:
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
         operations-per-run: 1200
-        ascending: true
-        start-date: '2021-08-10'
+        ascending: false
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.active-directory.json

@@ -10,6 +10,11 @@
           "redirect_url": "/azure/active-directory/manage-apps/what-is-application-management",
           "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/authentication/how-to-nudge-authenticator-app.md",
+            "redirect_url": "/azure/active-directory/authentication/how-to-mfa-registration-campaign",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/develop/active-directory-v2-limitations.md",
             "redirect_url": "/azure/active-directory/azuread-dev/azure-ad-endpoint-comparison",
@@ -1670,6 +1675,26 @@
             "redirect_url": "/azure/active-directory/authentication/tutorial-enable-azure-mfa",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/require-managed-devices.md",
+            "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-grant",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/untrusted-networks.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/app-based-conditional-access.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/conditional-access/app-protection-based-conditional-access.md",
+            "redirect_url": "/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/active-directory/authentication/quickstart-sspr.md",
             "redirect_url": "/azure/active-directory/authentication/tutorial-enable-sspr",
@@ -9888,7 +9913,7 @@
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-workplacebyfacebook-provisioning-tutorial.md",
             "redirect_url": "/azure/active-directory/saas-apps/workplace-by-facebook-provisioning-tutorial",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-workplacebyfacebook-tutorial.md",

.openpublishing.redirection.azure-web-pubsub.json

@@ -4,16 +4,6 @@
             "source_path_from_root": "/articles/azure-web-pubsub/howto-troubleshoot-diagnostic-logs.md",
             "redirect_url": "/azure/azure-web-pubsub/howto-troubleshoot-resource-logs",
             "redirect_document_id": false
-        },
-        {
-          "source_path_from_root": "/articles/azure-web-pubsub/reference-server-sdk-csharp.md",
-          "redirect_url": "/dotnet/api/overview/azure/webpubsub/client",
-          "redirect_document_id": false
-        },
-        {
-          "source_path_from_root": "/articles/azure-web-pubsub/reference-server-sdk-java.md",
-          "redirect_url": "/java/api/overview/azure/webpubsub/client",
-          "redirect_document_id": false
         }
     ]
 }

.openpublishing.redirection.json

@@ -3450,22 +3450,17 @@
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-app-service-environments-readme.md",
-      "redirect_url": "/azure/app-service/environment/intro",
+      "redirect_url": "/azure/app-service/environment/overview",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-environment/intro.md",
-      "redirect_url": "/azure/app-service/environment/intro",
+      "redirect_url": "/azure/app-service/environment/overview",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/app-service/app-service-environment/readme.md",
-      "redirect_url": "/azure/app-service/environment/intro",
-      "redirect_document_id": false
-    },
-    {
-      "source_path_from_root": "/articles/app-service/environment/index.md",
-      "redirect_url": "/azure/app-service/environment/intro",
+      "redirect_url": "/azure/app-service/environment/overview",
       "redirect_document_id": false
     },
     {
@@ -26376,6 +26371,11 @@
       "redirect_url": "/azure/sentinel/data-connectors-reference#zscaler",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/sentinel/watchlist-with-rest-api.md",
+      "redirect_url": "/rest/api/securityinsights/watchlists",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/service-bus/index.md",
       "redirect_url": "/azure/service-bus-messaging/index",

articles/active-directory-b2c/TOC.yml

@@ -53,6 +53,7 @@
       href: ../active-directory/develop/v2-app-types.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
     - name: Authentication library
       href: ../active-directory/develop/msal-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
+      displayName: MSAL, client library, Microsoft Authentication Library
   - name: Azure AD B2C best practices
     href: best-practices.md
   - name: Application types
@@ -595,6 +596,7 @@
     href: app-registrations-training-guide.md
   - name: Billing model
     href: billing.md
+    displayName: pricing model
   - name: Code samples
     href: /samples/browse/?terms=b2c
   - name: Cookie definitions

articles/active-directory-b2c/billing.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
-ms.date: 11/11/2021
+ms.date: 11/16/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -48,7 +48,7 @@ MAU billing went into effect for Azure AD B2C tenants on **November 1, 2019**. A
 
 Your Azure AD B2C tenant must also be linked to the appropriate Azure pricing tier based on the features you want to use. Premium features require Azure AD B2C [Premium P1 or P2 pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/). You might need to upgrade your pricing tier as you use new features. For example, for risk-based Conditional Access policies, you’ll need to select the Azure AD B2C Premium P2 pricing tier for your tenant.
 > [!NOTE]
->  Your first 50,000 MAUs per month are free for both Premium P1 and Premium P2 features, but **this free tier doesn’t apply to subscriptions with free trial credits**. To determine the total number of MAUs, we combine MAUs from all your tenants (both Azure AD and Azure AD B2C) that are linked to the same subscription.
+>  Your first 50,000 MAUs per month are free for both Premium P1 and Premium P2 features, but the **free tier doesn’t apply to free trial, credit-based, or sponsorship subscriptions**. Once the free trial period or credits expire for these types of subscriptions, you'll begin to be charged for Azure AD B2C MAUs. To determine the total number of MAUs, we combine MAUs from all your tenants (both Azure AD and Azure AD B2C) that are linked to the same subscription.
 ## Link an Azure AD B2C tenant to a subscription
 
 Usage charges for Azure Active Directory B2C (Azure AD B2C) are billed to an Azure subscription. You need to explicitly link an Azure AD B2C tenant to an Azure subscription by creating an Azure AD B2C *resource* within the target Azure subscription. Several Azure AD B2C resources can be created in a single Azure subscription, along with other Azure resources like virtual machines, Storage accounts, and Logic Apps. You can see all of the resources within a subscription by going to the Azure Active Directory (Azure AD) tenant that the subscription is associated with.

articles/active-directory-b2c/saml-service-provider.md

@@ -327,7 +327,7 @@ The following example shows the `entityID` value in the SAML metadata:
 The `identifierUris` property will accept URLs only on the domain `tenant-name.onmicrosoft.com`.
 
 ```json
-"identifierUris":"https://samltestapp2.azurewebsites.net",
+"identifierUris":"https://tenant-name.onmicrosoft.com",
 ```
 
 #### Share the application's metadata with Azure AD B2C

articles/active-directory-b2c/tokens-overview.md

@@ -11,6 +11,7 @@ ms.topic: conceptual
 ms.date: 10/1/2021
 ms.author: kengaderdus
 ms.subservice: B2C
+ms.custom: b2c-support
 ---
 
 # Overview of tokens in Azure Active Directory B2C
@@ -134,6 +135,8 @@ https://contoso.b2clogin.com/contoso.onmicrosoft.com/b2c_1_signupsignin1/v2.0/.w
 
 To determine which policy was used to sign a token (and where to go to request the metadata), you have two options. First, the policy name is included in the `tfp` (default) or `acr` claim (as configured) in the token. You can parse claims out of the body of the JWT by base-64 decoding the body and deserializing the JSON string that results. The `tfp` or `acr` claim is the name of the policy that was used to issue the token. The other option is to encode the policy in the value of the `state` parameter when you issue the request, and then decode it to determine which policy was used. Either method is valid.
 
+Azure AD B2C uses the RS256 algorithm, which is based on the [RFC 3447](https://www.rfc-editor.org/rfc/rfc3447#section-3.1) specification. The public key consists of two components: the RSA modulus (`n`) and the RSA public exponent (`e`). You can programmatically convert `n` and `e` values to a certificate format for token validation.
+
 A description of how to perform signature validation is outside the scope of this document. Many open-source libraries are available to help you validate a token.
 
 ### Validate claims

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/07/2021
+ms.date: 11/15/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -253,6 +253,7 @@ The request format in the PATCH and POST differ. To ensure that POST and PATCH a
   - **Things to consider**
     - All roles will be provisioned as primary = false.
     - The POST contains the role type. The PATCH request does not contain type. We are working on sending the type in both POST and PATCH requests.
+    - AppRoleAssignmentsComplex is not compatible with setting scope to "Sync All users and groups." 
 
   - **Example output** 
 

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: reference
-ms.date: 10/27/2021
+ms.date: 11/16/2021
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -33,7 +33,7 @@ The syntax for Expressions for Attribute Mappings is reminiscent of Visual Basic
 
 ## List of Functions
 
-[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
+[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [Redact](#redact)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
 
 ---
 ### Append
@@ -811,7 +811,32 @@ Generates a random string with 6 characters. The string contains 3 numbers and 3
 Generates a random string with 10 characters. The string contains at least 2 numbers, 2 special characters, 2 capital letters, 1 lower case letter and excludes the characters "?" and "," (1@!2BaRg53).
 
 ---
+### Redact
+**Function:** 
+Redact()
+
+**Description:** 
+The Redact function replaces the attribute value with the string literal "[Redact]" in the provisioning logs. 
+
+**Parameters:** 
+
+| Name | Required/ Repeating | Type | Notes |
+| --- | --- | --- | --- |
+| **attribute/value** |Required |String|Specify the attribute or constant / string to redact from the logs.|
+
+**Example 1:** Redact an attribute:
+`Redact([userPrincipalName])`
+Removes the userPrincipalName from the provisioning logs.
 
+**Example 2:** Redact a string:
+`Redact("StringToBeRedacted")`
+Removes a constant string from the provisioning logs.
+
+**Example 3:** Redact a random string:
+`Redact(RandomString(6,3,0,0,3))`
+Removes the random string from the provisioning logs.
+
+---
 ### RemoveDuplicates
 **Function:** 
 RemoveDuplicates(attribute)