Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: v-sonan

.openpublishing.publish.config.json

@@ -302,11 +302,16 @@
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-todo-app",
       "branch": "master"
     },
-	{
+    {
       "path_to_root": "samples-cosmosdb-dotnet-v3",
       "url": "https://github.com/Azure/azure-cosmos-dotnet-v3",
       "branch": "master"
     },
+    {
+      "path_to_root": "samples-cosmosdb-dotnet-v2",
+      "url": "https://github.com/Azure/azure-cosmos-dotnet-v2",
+      "branch": "master"
+    },
     {
       "path_to_root": "samples-cosmosdb-dotnet-change-feed-processor",
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-change-feed-processor",

.openpublishing.redirection.json

@@ -62,7 +62,7 @@ From the **Choose name identifier format** dropdown, you can select one of the f
 | **EmailAddress** | Azure AD will use EmailAddress as the NameID format. |
 | **Unspecified** | Azure AD will use Unspecified as the NameID format. |
 
-To learn more about the NameIDPolicy attribute, see [Single Sign-On SAML protocol](single-sign-on-saml-protocol.md).
+Transient NameID is also supported, but is not available in the dropdown and cannot be configured on Azure's side. To learn more about the NameIDPolicy attribute, see [Single Sign-On SAML protocol](single-sign-on-saml-protocol.md).
 
 ### Attributes
 

.vscode/extensions.json

@@ -84,7 +84,7 @@ Use the following checklist to ensure that your application is effectively integ
 | ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | [Understand the consent experience](application-consent-experience.md) and configure the pieces of your app’s consent prompt so that end users and admins have enough information to determine if they trust your app. |
 | ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Minimize the number of times a user needs to enter login credentials while using your app by attempting silent authentication (silent token acquisition) before interactive flows. |
 | ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Don't use “prompt=consent” for every sign-in. Only use prompt=consent if you’ve determined that you need to ask for consent for additional permissions (for example, if you’ve changed your app’s required permissions). |
-| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Where applicable, enrich your application with user data. Use the [Microsoft Graph API](https://developer.microsoft.com/graph) is an easy way to do this. The [Graph explorer](https://developer.microsoft.com/graph/graph-explorer) tool that can help you get started. |
+| ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Where applicable, enrich your application with user data. Using the [Microsoft Graph API](https://developer.microsoft.com/graph) is an easy way to do this. The [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) tool that can help you get started. |
 | ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Register the full set of permissions that your app requires so admins can grant consent easily to their tenant. Use [incremental consent](azure-ad-endpoint-comparison.md#incremental-and-dynamic-consent) at run time to help users understand why your app is requesting permissions that may concern or confuse users when requested on first start. |
 | ![checkbox](./media/active-directory-integration-checklist/checkbox-two.svg) | Implement a [clean single sign-out experience](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-6-SignOut). It’s a privacy and a security requirement, and makes for a good user experience. |
 

articles/active-directory/develop/active-directory-saml-claims-customization.md

@@ -35,8 +35,7 @@ To run this sample, you will need:
 
 - [Python 2.7+](https://www.python.org/downloads/release/python-2713) or [Python 3+](https://www.python.org/downloads/release/python-364/)
 - [Flask](http://flask.pocoo.org/), [Flask-Session](https://pythonhosted.org/Flask-Session/), [requests](https://requests.kennethreitz.org//en/master/)
-- [MSAL Python](https://github.com/AzureAD/microsoft-authentication-library-for-python) 
-- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see [how to get an Azure AD tenant.](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+- [MSAL Python](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 
 > [!div renderon="docs"]
 >

articles/active-directory/develop/identity-platform-integration-checklist.md

@@ -133,7 +133,7 @@ New cmdlets were added to the AzureADPreview module, to help define and assign c
 **Service category:** Other  
 **Product capability:** Directory
 
-We've released an updated version of Azure AD Connect for auto-upgrade customers. This new version includes several new features, improvements, and bug fixes. For more information about this new version, see [Azure AD Connect: Version release history](https://docs.microsoft.com/azure/active-directory/hybrid/reference-connect-version-history#14x0).
+We've released an updated version of Azure AD Connect for auto-upgrade customers. This new version includes several new features, improvements, and bug fixes. For more information about this new version, see [Azure AD Connect: Version release history](https://docs.microsoft.com/azure/active-directory/hybrid/reference-connect-version-history#14250).
 
 ---
 

articles/active-directory/develop/quickstart-v2-python-webapp.md

@@ -143,6 +143,7 @@ Pass-through Authentication handles a user sign-in request as follows:
 
    > [!NOTE]
    > If the Authentication Agent fails during the sign-in process, the whole sign-in request is dropped. There is no hand-off of sign-in requests from one Authentication Agent to another Authentication Agent on-premises. These agents only communicate with the cloud, and not with each other.
+   
 13. The Authentication Agent forwards the result back to Azure AD STS over an outbound mutually authenticated HTTPS channel over port 443. Mutual authentication uses the certificate previously issued to the Authentication Agent during registration.
 14. Azure AD STS verifies that this result correlates with the specific sign-in request on your tenant.
 15. Azure AD STS continues with the sign-in procedure as configured. For example, if the password validation was successful, the user might be challenged for Multi-Factor Authentication or redirected back to the application.

articles/active-directory/fundamentals/whats-new.md

@@ -138,6 +138,7 @@ Selecting this option will effectively force a resynchronization of all users wh
 - A recommended best practice is to keep the number of consecutive changes to your attribute-mappings at a minimum.
 - Adding a photo attribute to be provisioned to an app is not supported today as you cannot specify the format to sync the photo. You can request the feature on [User Voice](https://feedback.azure.com/forums/169401-azure-active-directory)
 - The attribute IsSoftDeleted is often part of the default mappings for an application. IsSoftdeleted can be true in one of four scenarios (the user is out of scope due to being unassigned from the application, the user is out of scope due to not meeting a scoping filter, the user has been soft deleted in Azure AD, or the property AccountEnabled is set to false on the user). 
+- The Azure AD provisioning service does not support provisioning null values
 
 ## Next steps
 

articles/active-directory/hybrid/how-to-connect-pta-security-deep-dive.md

@@ -23,7 +23,7 @@ ms.collection: M365-identity-device-management
 ---
 # Audit activity reports in the Azure Active Directory portal 
 
-With Azure Active Directory (Azure AD) reports, you can get the information you need to determine how your environment is doing..
+With Azure Active Directory (Azure AD) reports, you can get the information you need to determine how your environment is doing.
 
 The reporting architecture consists of the following components: