Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into april3updates

Author: KumudD

.openpublishing.publish.config.json

@@ -163,6 +163,11 @@
       "url": "https://github.com/Azure/azure-functions-templates",
       "branch": "dev"
     },
+    {
+      "path_to_root": "functions-quickstart-java",
+      "url": "https://github.com/Azure-Samples/functions-quickstarts-java",
+      "branch": "master"
+    },
     {
       "path_to_root": "functions-docs-csharp",
       "url": "https://github.com/Azure-Samples/functions-docs-csharp",

.openpublishing.redirection.json

@@ -345,6 +345,17 @@
       "redirect_url": "/azure/machine-learning/data-science-virtual-machine/dsvm-tools-languages",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/machine-learning/data-science-virtual-machine/reference-centos-vm.md",
+      "redirect_url": "/azure/machine-learning/data-science-virtual-machine/reference-deprecation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/data-science-virtual-machine/linux-dsvm-intro.md",
+      "redirect_url": "/azure/machine-learning/data-science-virtual-machine/reference-deprecation",
+      "redirect_document_id": true
+    },
+    
     {
       "source_path": "articles/machine-learning/service/how-to-understand-accuracy-metrics.md",
       "redirect_url": "/azure/machine-learning/service/how-to-understand-automated-ml",
@@ -4055,11 +4066,21 @@
       "redirect_url": "/azure/azure-government/documentation-government-welcome",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-government/documentation-government-k8.md",
+      "redirect_url": "/azure/azure-government",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-portal/resource-group-portal-linked-resources.md",
       "redirect_url": "/azure/azure-portal/azure-portal-dashboards",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-resource-manager/templates/template-tutorial-create-linked-templates.md",
+      "redirect_url": "/azure/azure-resource-manager/templates/deployment-tutorial-linked-template",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-resource-manager/templates/template-tutorial-create-encrypted-storage-accounts.md",
       "redirect_url": "/azure/azure-resource-manager/templates/template-tutorial-use-template-reference",
@@ -7586,7 +7607,7 @@
     },
     {
       "source_path": "articles/azure-functions/functions-add-output-binding-storage-queue-python.md",
-      "redirect_url": "/azure/azure-functions/functions-add-output-binding-storage-queue-cli.md?pivots=programming-language-python",
+      "redirect_url": "/azure/azure-functions/functions-add-output-binding-storage-queue-cli?pivots=programming-language-python",
       "redirect_document_id": false
     },
     {
@@ -7619,6 +7640,11 @@
       "redirect_url": "/azure/python/tutorial-vs-code-serverless-python-01",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-functions/functions-create-first-java-maven.md",
+      "redirect_url": "/azure/azure-functions/functions-create-first-java-gradle",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-functions/scripts/functions-cli-configure-custom-domain.md",
       "redirect_url": "/azure/app-service/scripts/cli-configure-custom-domain?toc=%2fcli%2fazure%2ftoc.json",
@@ -19184,6 +19210,11 @@
       "redirect_url": "/azure/backup/backup-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/backup/tutorial-backup-azure-files.md",
+      "redirect_url": "/azure/backup/backup-afs",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/backup/backup-azure-backup-ibiza-faq.md",
       "redirect_url": "/azure/backup/backup-azure-backup-faq",
@@ -47004,6 +47035,11 @@
       "redirect_url": "/azure/iot-fundamentals/iot-services-and-technologies/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/iot-central/core/tutorial-connect-device.md",
+      "redirect_url": "/azure/iot-central/core/tutorial-connect-device-nodejs/",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/iot-accelerators/iot-accelerators-arduino-iot-devkit-az3166-devkit-remote-monitoringV2.md",
       "redirect_url": "/azure/iot-accelerators/iot-accelerators-arduino-iot-devkit-az3166-devkit-remote-monitoring-v2",

articles/active-directory-b2c/analytics-with-application-insights.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 03/24/2020
+ms.date: 04/05/2020
 ms.author: mimart
 ms.subservice: B2C
 
@@ -128,6 +128,7 @@ Add the profiles to the *TrustFrameworkExtensions.xml* file from the starter pac
         <InputClaim ClaimTypeReferenceId="PolicyId" PartnerClaimType="{property:Policy}" DefaultValue="{Policy:PolicyId}" />
         <InputClaim ClaimTypeReferenceId="CorrelationId" PartnerClaimType="{property:CorrelationId}" DefaultValue="{Context:CorrelationId}" />
         <InputClaim ClaimTypeReferenceId="Culture" PartnerClaimType="{property:Culture}" DefaultValue="{Culture:RFC5646}" />
+      </InputClaims>
     </TechnicalProfile>
 
     <TechnicalProfile Id="AppInsights-SignInRequest">
@@ -236,4 +237,4 @@ Add claim types and events to your user journey to fit your needs. You can use [
 
 ## Next steps
 
-- Learn more about [Application Insights](application-insights-technical-profile.md) technical profile in the IEF reference. 
+- Learn more about [Application Insights](application-insights-technical-profile.md) technical profile in the IEF reference. 

articles/active-directory-b2c/customize-ui-overview.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/19/2020
+ms.date: 04/04/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -87,7 +87,10 @@ Review the following guidance before using your own HTML and CSS files to custom
 
 When using your own HTML and CSS files to customize the UI, you can host your UI content on any publicly available HTTPS endpoint that supports CORS. For example, [Azure Blob storage](../storage/blobs/storage-blobs-introduction.md), web servers, CDNs, AWS S3, or file sharing systems.
 
-The important point is that you host the content on a publicly available HTTPS endpoint with CORS enabled. You must use an absolute URL when you specify it in your content.
+The important point is that you host the content on a publicly available HTTPS endpoint with [CORS enabled](https://enable-cors.org/server.html). You must use an absolute URL when you specify it in your content.
+
+> [!NOTE]
+> For details about creating HTML content, uploading content to Azure Blob storage, and configuring CORS, see the [Custom page content walkthrough](custom-policy-ui-customization.md#custom-page-content-walkthrough) section in the UI customization article.
 
 ## Get started with custom HTML and CSS
 

articles/active-directory-b2c/secure-rest-api.md

@@ -268,7 +268,7 @@ To support bearer token authentication in your custom policy, modify the REST AP
 1. Ensure you add the claim used above as an input claim:
 
     ```xml
-    <InputClaim ClaimTyeReferenceId="bearerToken"/>
+    <InputClaim ClaimTypeReferenceId="bearerToken"/>
     ```    
 
 After you add the above snippets, your technical profile should look like the following XML code:
@@ -288,7 +288,7 @@ After you add the above snippets, your technical profile should look like the fo
         <Item Key="AllowInsecureAuthInProduction">false</Item>
       </Metadata>
       <InputClaims>
-        <InputClaim ClaimTyeReferenceId="bearerToken"/>
+        <InputClaim ClaimTypeReferenceId="bearerToken"/>
       </InputClaims>
       ...
     </TechnicalProfile>

articles/active-directory-domain-services/troubleshoot-account-lockout.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: troubleshooting
-ms.date: 10/02/2019
+ms.date: 04/06/2020
 ms.author: iainfou
 
 #Customer intent: As a directory administrator, I want to troubleshoot why user accounts are locked out in an Azure Active Directory Domain Services managed domain.
@@ -31,11 +31,11 @@ The default account lockout thresholds are configured using fine-grained passwor
 
 ### Fine-grained password policy
 
-Fine-grained password policies (FGPPs) let you apply specific restrictions for password and account lockout policies to different users in a domain. FGPP only affects users created in Azure AD DS. Cloud users and domain users synchronized into the Azure AD DS managed domain from Azure AD aren't affected by the password policies.
+Fine-grained password policies (FGPPs) let you apply specific restrictions for password and account lockout policies to different users in a domain. FGPP only affects users within an Azure AD DS managed domain. Cloud users and domain users synchronized into the Azure AD DS managed domain from Azure AD are only affected by the password policies within Azure AD DS. Their accounts in Azure AD or an on-premises directory aren't impacted.
 
 Policies are distributed through group association in the Azure AD DS managed domain, and any changes you make are applied at the next user sign-in. Changing the policy doesn't unlock a user account that's already locked out.
 
-For more information on fine-grained password policies, see [Configure password and account lockout policies][configure-fgpp].
+For more information on fine-grained password policies, and the differences between users created directly in Azure AD DS versus synchronized in from Azure AD, see [Configure password and account lockout policies][configure-fgpp].
 
 ## Common account lockout reasons
 

articles/active-directory-domain-services/tutorial-configure-password-hash-sync.md

@@ -66,7 +66,7 @@ With Azure AD Connect installed and configured to synchronize with Azure AD, now
 
     In this example screenshot, the following connectors are used:
 
-    * The Azure AD connector is named *aaddscontoso.onmicrosoft.com - AAD*
+    * The Azure AD connector is named *contoso.onmicrosoft.com - AAD*
     * The on-premises AD DS connector is named *onprem.contoso.com*
 
 1. Copy and paste the following PowerShell script to the computer with Azure AD Connect installed. The script triggers a full password sync that includes legacy password hashes. Update the `$azureadConnector` and `$adConnector` variables with the connector names from the previous step.

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -159,7 +159,7 @@ Use the following table to choose which method will support your requirements an
 
 ## Next steps
 
-[Enable FIDO2 security key passwordlesss options in your organization](howto-authentication-passwordless-security-key.md)
+[Enable FIDO2 security key passwordless options in your organization](howto-authentication-passwordless-security-key.md)
 
 [Enable phone-based passwordless options in your organization](howto-authentication-passwordless-phone.md)
 

articles/active-directory/authentication/concept-mfa-howitworks.md

@@ -1,12 +1,12 @@
 ---
-title: How it works Azure MFA - Azure Active Directory
-description: Azure Multi-Factor Authentication helps safeguard access to data and applications while meeting user demand for a simple sign-in process.
+title: Azure Multi-Factor Authentication overview
+description: Learn how Azure Multi-Factor Authentication helps safeguard access to data and applications while meeting user demand for a simple sign-in process.
 
 services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/21/2019
+ms.date: 04/03/2020
 
 ms.author: iainfou
 author: iainfoulds
@@ -17,40 +17,50 @@ ms.collection: M365-identity-device-management
 ---
 # How it works: Azure Multi-Factor Authentication
 
-The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:
+Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
 
-* Something you know (typically a password)
-* Something you have (a trusted device that is not easily duplicated, like a phone)
-* Something you are (biometrics)
+If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.
 
-<center>
+![Conceptual image of the different forms of multi-factor authentication](./media/concept-mfa-howitworks/methods.png)
 
-![Conceptual authentication methods image](./media/concept-mfa-howitworks/methods.png)</center>
+Azure Multi-Factor Authentication works by requiring two or more of the following authentication methods:
 
-Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use [authentication methods](concept-authentication-methods.md). Users may or may not be challenged for MFA based on configuration decisions that an administrator makes.
+* Something you know, typically a password.
+* Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
+* Something you are - biometrics like a fingerprint or face scan.
 
-## How to get Multi-Factor Authentication?
+Users can register themselves for both self-service password reset and Azure Multi-Factor Authentication in one step to simplify the on-boarding experience. Administrators can define what forms of secondary authentication can be used. Azure Multi-Factor Authentication can also be required when users perform a self-service password reset to further secure that process.
 
-Multi-Factor Authentication comes as part of the following offerings:
+![Authentication methods in use at the sign-in screen](media/concept-authentication-methods/overview-login.png)
 
-* **Azure Active Directory Premium** or **Microsoft 365 Business** - Full featured use of Azure Multi-Factor Authentication using Conditional Access policies to require multi-factor authentication.
+Azure Multi-Factor Authentication helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use [authentication methods](concept-authentication-methods.md). Users may or may not be challenged for MFA based on configuration decisions that an administrator makes.
 
-* **Azure AD Free** or standalone **Office 365** licenses - Use [Security Defaults](../fundamentals/concept-fundamentals-security-defaults.md) to require multi-factor authentication for your users and administrators.
+Your applications or services don't need to make any changes to use Azure Multi-Factor Authentication. The verification prompts are part of the Azure AD sign-in event, which automatically requests and processes the MFA challenge when required.
 
-* **Azure Active Directory Global Administrators** - A subset of Azure Multi-Factor Authentication capabilities are available as a means to protect global administrator accounts.
+## Available verification methods
 
-> [!NOTE]
-> New customers may no longer purchase Azure Multi-Factor Authentication as a standalone offering effective September 1st, 2018. Multi-factor authentication will continue to be an available feature in Azure AD Premium licenses.
+When a user signs in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure Multi-Factor Authentication verification methods, or the user can access their own [My Profile](https://myprofile.microsoft.com) to edit or add verification methods.
 
-## Supportability
+The following additional forms of verification can be used with Azure Multi-Factor Authentication:
 
-Since most users are accustomed to using only passwords to authenticate, it is important that your organization communicates to all users regarding this process. Awareness can reduce the likelihood that users call your help desk for minor issues related to MFA. However, there are some scenarios where temporarily disabling MFA is necessary. Use the following guidelines to understand how to handle those scenarios:
+* Microsoft Authenticator app
+* OATH Hardware token
+* SMS
+* Voice call
 
-* Train your support staff to handle scenarios where the user can't sign in because they do not have access to their authentication methods or they are not working correctly.
-   * Using Conditional Access policies for Azure MFA Service, your support staff can add a user to a group that is excluded from a policy requiring MFA.
-* Consider using Conditional Access named locations as a way to minimize two-step verification prompts. With this functionality, administrators can bypass two-step verification for users that are signing in from a secure trusted network location such as a network segment used for new user onboarding.
-* Deploy [Azure AD Identity Protection](../active-directory-identityprotection.md) and trigger two-step verification based on risk detections.
+## How to enable and use Azure Multi-Factor Authentication
+
+Users and groups can be enabled for Azure Multi-Factor Authentication to prompt for additional verification during the sign-in event. [Security defaults](../fundamentals/concept-fundamentals-security-defaults.md) are available for all Azure AD tenants to quickly enable the use of the Microsoft Authenticator app for all users.
+
+For more granular controls, [Conditional Access](../conditional-access/overview.md) policies can be used to define events or applications that require MFA. These policies can allow regular sign-in events when the user is on the corporate network or a registered device, but prompt for additional verification factors when remote or on a personal device.
+
+![Overview diagram of how Conditional Access works to secure the sign-in process](media/tutorial-enable-azure-mfa/conditional-access-overview.png)
 
 ## Next steps
 
-- [Step-by-step Azure Multi-Factor Authentication deployment](howto-mfa-getstarted.md)
+To learn about licensing, see [Features and licenses for Azure Multi-Factor Authentication](concept-mfa-licensing.md).
+
+To see MFA in action, enable Azure Multi-Factor Authentication for a set of test users in the following tutorial:
+
+> [!div class="nextstepaction"]
+> [Enable Azure Multi-Factor Authentication](tutorial-mfa-applications.md)