Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into quickstarts6

Author: v-thepet

.openpublishing.redirection.json

@@ -8,6 +8,9 @@ articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
+# Requires Internal Review
+articles/best-practices-availability-paired-regions.md @jpconnock @arob98 @syntaxc4 @tysonn @snoviking
+
 # Governance
 articles/governance/ @DCtheGeek
 

CODEOWNERS

@@ -382,6 +382,7 @@
     href: https://azure.microsoft.com/resources/samples/?service=active-directory-b2c
   - name: Cookie definitions
     href: cookie-definitions.md
+    displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
   - name: Region availability & data residency

articles/active-directory-b2c/TOC.yml

@@ -68,7 +68,7 @@ GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy
 client_id=<application-ID>
 &nonce=anyRandomValue
 &redirect_uri=https://jwt.ms
-&scope=https://tenant-name>.onmicrosoft.com/api/read
+&scope=https://<tenant-name>.onmicrosoft.com/api/read
 &response_type=code
 ```
 

articles/active-directory-b2c/access-tokens.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 01/29/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -48,7 +48,7 @@ The **ClaimsProvider** element contains the following child elements:
 | Element | Occurrences | Description |
 | ------- | ---------- | ----------- |
 | Domain | 0:1 | A string that contains the domain name for the claim provider. For example, if your claims provider includes the Facebook technical profile, the domain name is Facebook.com. This domain name is used for all technical profiles defined in the claims provider unless overridden by the technical profile. The domain name can also be referenced in a **domain_hint**. For more information, see the **Redirect sign-in to a social provider** section of [Set up direct sign-in using Azure Active Directory B2C](direct-signin.md). |
-| DisplayName | 1:1 | A string that contains the name of the claims provider that can be displayed to users. |
+| DisplayName | 1:1 | A string that contains the name of the claims provider. |
 | [TechnicalProfiles](technicalprofiles.md) | 0:1 | A set of technical profiles supported by the claim provider |
 
 **ClaimsProvider** organizes how your technical profiles relate to the claims provider. The following example shows the Azure Active Directory claims provider with the Azure Active Directory technical profiles:

articles/active-directory-b2c/claimsproviders.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 03/02/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -46,8 +46,8 @@ The **ClaimType** element contains the following elements:
 
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
-| DisplayName | 0:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
-| DataType | 0:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection, alternativeSecurityIdCollection can be used. |
+| DisplayName | 1:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
+| DataType | 1:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection can be used. Primitive data type represents the equivalent of C# variable data type. stringCollection represents a collection of strings. For more information see [C# Types and variables](https://docs.microsoft.com/dotnet/csharp/tour-of-csharp/types-and-variables). Date follows ISO 8601 convention. |
 | DefaultPartnerClaimTypes | 0:1 | The partner default claim types to use for a specified protocol. The value can be overwritten in the **PartnerClaimType** specified in the **InputClaim** or **OutputClaim** elements. Use this element to specify the default name for a protocol.  |
 | Mask | 0:1 | An optional string of masking characters that can be applied when displaying the claim. For example, the phone number 324-232-4343 can be masked as XXX-XXX-4343. |
 | UserHelpText | 0:1 | A description of the claim type that can be helpful for users to understand its purpose. The value can be [localized](localization.md). |
@@ -61,7 +61,7 @@ The **DefaultPartnerClaimTypes** may contain the following element:
 
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
-| Protocol | 0:n | List of protocols with their default partner claim type name. |
+| Protocol | 1:n | List of protocols with their default partner claim type name. |
 
 The **Protocol** element contains the following attributes:
 

articles/active-directory-b2c/claimsschema.md

@@ -6,7 +6,7 @@ author: mmacy
 manager: celestedg
 
 ms.author: marsma
-ms.date: 01/23/2018
+ms.date: 01/29/2020
 ms.custom: mvc
 ms.topic: sample
 ms.service: active-directory
@@ -37,6 +37,7 @@ The following tables provide links to samples for applications including iOS, An
 | [openidconnect-nodejs](https://github.com/AzureADQuickStarts/B2C-WebApp-OpenIDConnect-NodeJS) | A Node.js app that provides a quick and easy way to set up a Web application with Express using OpenID Connect. |
 | [javascript-nodejs-webapp](https://github.com/AzureADQuickStarts/active-directory-b2c-javascript-nodejs-webapp) | A node.js server that provides a quick and easy way to set up a REST API service using the OAuth2 protocol. |
 | [javascript-nodejs-webapi](https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi) | A small node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using passport.js. |
+| [ms-identity-python-webapp](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/README_B2C.md) | Demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application.  |
 
 ## Single page apps
 

articles/active-directory-b2c/code-samples.md

@@ -26,7 +26,10 @@ To safeguard access to sites, web browsers will introduce a new secure-by-defaul
 
 Developers must use the new cookie setting, `SameSite=None`, to designate cookies for cross-site access. When the `SameSite=None` attribute is present, an additional `Secure` attribute must be used so cross-site cookies can only be accessed over HTTPS connections. Validate and test all your applications, including those applications that use Azure AD B2C.
 
-For more information, see [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome).
+For more information, see:
+
+* [Handle SameSite cookie changes in Chrome browser](../active-directory/develop/howto-handle-samesite-cookie-changes-chrome-browser.md)
+* [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome)
 
 ## Cookies
 

articles/active-directory-b2c/cookie-definitions.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/25/2019
+ms.date: 01/30/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -28,6 +28,9 @@ If you use [user flows](user-flow-overview.md), you can change the look of your
 
 You use the [Azure portal](tutorial-customize-ui.md) to configure the UI customization for user flows.
 
+> [!TIP]
+> If you want to modify only the banner logo, background image, and background color of your user flow pages, you can try the [Company branding (preview)](#company-branding-preview) feature described later in this article.
+
 ### Custom policies
 
 If you're using [custom policies](custom-policy-overview.md) to provide sign-up or sign-in, password reset, or profile-editing in your application, use [policy files to customize the UI](custom-policy-ui-customization.md).
@@ -146,6 +149,60 @@ The following table lists the HTML fragments that Azure AD B2C merges into the `
 | Multi-factor authentication | Customers can verify their phone numbers (using text or voice) during sign-up or sign-in. |
 | Error | Provides error information to the customer. |
 
+## Company branding (preview)
+
+You can customize your user flow pages with a banner logo, background image, and background color by using Azure Active Directory [Company branding](../active-directory/fundamentals/customize-branding.md).
+
+To customize your user flow pages, you first configure company branding in Azure Active Directory, then you enable it in the page layouts of your user flows in Azure AD B2C.
+
+[!INCLUDE [preview note](../../includes/active-directory-b2c-public-preview.md)]
+
+### Configure company branding
+
+Start by setting the banner logo, background image, and background color within **Company branding**.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + subscription** filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
+1. In the Azure portal, search for and select **Azure AD B2C**.
+1. Under **Manage**, select **Company branding**.
+1. Follow the steps in [Add branding to your organization's Azure Active Directory sign-in page](../active-directory/fundamentals/customize-branding.md).
+
+Keep these things in mind when you configure company branding in Azure AD B2C:
+
+* Company branding in Azure AD B2C is currently limited to **background image**, **banner logo**, and **background color** customization. The other properties in the company branding pane, for example those in **Advanced settings**, are *not supported*.
+* In your user flow pages, the background color is shown before the background image is loaded. We recommended you choose a background color that closely matches the colors in your background image for a smoother loading experience.
+* The banner logo appears in the verification emails sent to your users when they initiate a sign-up user flow.
+
+### Enable branding in user flow pages
+
+Once you've configured company branding, enable it in your user flows.
+
+1. In the left menu of the Azure portal, select **Azure AD B2C**.
+1. Under **Policies**, select **User flows (policies)**.
+1. Select the user flow for which you'd like to enable company branding. Company branding is **not supported** for the *Sign in v1* and *Profile editing v1* user flow types.
+1. Under **Customize**, select **Page layouts**, and then select the layout you'd like to brand. For example, select **Unified sign up or sign in page**.
+1. For the **Page Layout Version (Preview)**, choose version **1.2.0** or above.
+1. Select **Save**.
+
+If you'd like to brand all pages in the user flow, set the page layout version for each page layout in the user flow.
+
+![Page layout selection in Azure AD B2C in the Azure portal](media/customize-ui-overview/portal-02-page-layout-select.png)
+
+This annotated example shows a custom banner logo and background image on a *Sign up and sign in* user flow page that uses the Ocean Blue template:
+
+![Branded sign-up/sign-in page served by Azure AD B2C](media/customize-ui-overview/template-ocean-blue-branded.png)
+
+### Use company branding assets in custom HTML
+
+To use your company branding assets in custom HTML, add the following tags outside the `<div id="api">` tag:
+
+```HTML
+<img data-tenant-branding-background="true" />
+<img data-tenant-branding-logo="true" alt="Company Logo" />
+```
+
+The image source is replaced with that of the background image and banner logo. As described in the [Get started with custom HTML and CSS](#get-started-with-custom-html-and-css) section, use CSS classes to style and position the assets on the page .
+
 ## Localize content
 
 You localize your HTML content by enabling [language customization](user-flow-language-customization.md) in your Azure AD B2C tenant. Enabling this feature allows Azure AD B2C to forward the OpenID Connect parameter `ui-locales` to your endpoint. Your content server can use this parameter to provide language-specific HTML pages.

articles/active-directory-b2c/customize-ui-overview.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 02/03/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -75,7 +75,7 @@ The following example localizes the Facebook identity provider to Arabic:
 <LocalizedString ElementType="ClaimsProvider" StringId="FacebookExchange">فيس بوك</LocalizedString>
 ```
 
-## Sign-up or sign-in error messages
+### Sign-up or sign-in error messages
 
 | ID | Default value |
 | -- | ------------- |
@@ -128,7 +128,7 @@ The following are the IDs for a content definition with an ID of `api.localaccou
 | **ver_intro_msg** | Verification is necessary. Please click Send button. |
 | **ver_input** | Verification code |
 
-## Sign-up and self asserted pages error messages
+### Sign-up and self asserted pages error messages
 
 | ID | Default value |
 | -- | ------------- |
@@ -199,6 +199,30 @@ The following example shows the use of some of the user interface elements in th
 
 ![Sign-up page email verification UX elements](./media/localization-string-ids/localization-mfa2.png)
 
+## Verification display control user interface elements
+
+The following are the IDs for a [Verification display control](display-control-verification.md)
+
+| ID | Default value |
+| -- | ------------- |
+|verification_control_but_change_claims |Change |
+|verification_control_fail_send_code |Failed to send the code, please try again later. |
+|verification_control_fail_verify_code |Failed to verify the code, please try again later. |
+|verification_control_but_send_code |Send Code |
+|verification_control_but_send_new_code |Send New Code |
+|verification_control_but_verify_code |Verify Code |
+
+## One time password error messages
+The following are the IDs for a [one time password technical profile](one-time-password-technical-profile.md) error messages
+
+| ID | Default value |
+| -- | ------------- |
+|UserMessageIfMaxRetryAttempted |One time password provided verification has exceeded maximum number of attempts |
+|UserMessageIfSessionDoesNotExist |One time password verification session has expired |
+|UserMessageIfSessionConflict |One time password verification session has conflict |
+|UserMessageIfInvalidCode |One time password provided for verification is incorrect |
+
+