Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into configure-load-balancer-outbound-powershell

Author: ShannonLeavitt

.openpublishing.redirection.json

@@ -740,6 +740,31 @@
       "redirect_url": "/azure/machine-learning/service",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-get-started-java-get-intent.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-get-intent-from-rest",
+      "redirect_document_id": false
+    },  
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-get-started-cs-get-intent.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-get-intent-from-rest",
+      "redirect_document_id": false
+    },  
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-get-started-go-get-intent.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-get-intent-from-rest",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-get-started-python-get-intent.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-get-intent-from-rest",
+      "redirect_document_id": false
+    },  
+    {
+      "source_path": "articles/cognitive-services/LUIS/luis-get-started-node-get-intent.md",
+      "redirect_url": "/azure/cognitive-services/LUIS/luis-get-started-get-intent-from-rest",
+      "redirect_document_id": false
+    },                
     {
       "source_path": "articles/cognitive-services/LUIS/luis-concept-collaborator.md",
       "redirect_url": "/azure/cognitive-services/LUIS/luis-concept-keys",
@@ -1885,6 +1910,11 @@
       "redirect_url": "/azure/cosmos-db/sql-api-get-started",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/search/knowledge-store-howto.md",
+      "redirect_url": "/azure/search/knowledge-store-create-rest",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/search/search-fiddler.md",
       "redirect_url": "/azure/search/search-get-started-postman",

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -39,16 +39,9 @@ Once you have an Azure AD B2C tenant, you need to register your management appli
 
 ### Register application in Azure Active Directory
 
-To use the Azure AD Graph API with your B2C tenant, you need to register an application by using the Azure Active Directory **App registrations** workflow.
+To use the Azure AD Graph API with your B2C tenant, you need to register an application by using the Azure Active Directory application registration workflow.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and switch to the directory that contains your Azure AD B2C tenant.
-1. Select **Azure Active Directory** (*not* Azure AD B2C) in the left menu. Or, select **All services** and then search for and select **Azure Active Directory**.
-1. Under **Manage** in the left menu, select **App registrations (Legacy)**.
-1. Select **New application registration**
-1. Enter a name for the application. For example, *Management App*.
-1. Enter any valid URL in **Sign-on URL**. For example, *https://localhost*. This endpoint does not need to be reachable, but needs to be a valid URL.
-1. Select **Create**.
-1. Record the **Application ID** that appears on the **Registered app** overview page. You use this value for configuration in a later step.
+[!INCLUDE [active-directory-b2c-appreg-mgmt](../../includes/active-directory-b2c-appreg-mgmt.md)]
 
 ### Assign API access permissions
 
@@ -79,7 +72,7 @@ If you want to give your application the ability to delete users or update passw
 1. Under **Manage**, select **Roles and administrators**.
 1. Select the **User administrator** role.
 1. Select **Add assignment**.
-1. In the **Select** text box, enter the name of the application you registered earlier, for example, *Management App*. Select your application when it appears in the search results.
+1. In the **Select** text box, enter the name of the application you registered earlier, for example, *managementapp1*. Select your application when it appears in the search results.
 1. Select **Add**. It might take a few minutes to for the permissions to fully propagate.
 
 Your Azure AD B2C application now has the additional permissions required to delete users or update their passwords in your B2C tenant.

articles/active-directory-b2c/active-directory-b2c-reference-audit-logs.md

@@ -90,30 +90,28 @@ To allow script- or application-based access to the Azure AD reporting API, you
 
 You can enable these permissions on an existing Azure Active Directory application registration within your B2C tenant, or create a new one specifically for use with audit log automation.
 
-To create a new application, assign the required API permissions, and create a client secret, perform the following steps:
-
-1. Register application in Azure Active Directory
-    1. Sign in to the [Azure portal](https://portal.azure.com) and switch to the directory that contains your Azure AD B2C tenant.
-    1. Select **Azure Active Directory** (*not* Azure AD B2C) from the left menu. Or, select **All services**, then search for and select **Azure Active Directory**.
-    1. Under **Manage** in the left menu, select **App registrations (Legacy)**.
-    1. Select **New application registration**
-    1. Enter a name for the application. For example, *Audit Log App*.
-    1. Enter any valid URL in **Sign-on URL**. For example, *https://localhost*. This endpoint does not need to be reachable, but needs to be a valid URL.
-    1. Select **Create**.
-    1. Record the **Application ID** that appears on the **Registered app** page. You need this value for authentication in automation scripts like the example PowerShell script shown in a later section.
-1. Assign API access permissions
-    1. On the **Registered app** overview page, select **Settings**.
-    1. Under **API ACCESS**, select **Required permissions**.
-    1. Select **Add**, and then **Select an API**.
-    1. Select **Microsoft Graph**, and then **Select**.
-    1. Under **APPLICATION PERMISSIONS**, select **Read all audit log data**.
-    1. Select the **Select** button, and then select **Done**.
-    1. Select **Grant permissions**, and then select **Yes**.
-1. Create client secret
-    1. Under **API ACCESS**, select **Keys**.
-    1. Enter a description for the key in the **Key description** box. For example, *Audit Log Key*.
-    1. Select a validity **Duration**, then select **Save**.
-    1. Record the key's **VALUE**. You need this value for authentication in automation scripts like the example PowerShell script shown in a later section.
+Follow these steps register an application, grant it the required Microsoft Graph API permissions, and then create a client secret.
+
+### Register application in Azure Active Directory
+
+[!INCLUDE [active-directory-b2c-appreg-mgmt](../../includes/active-directory-b2c-appreg-mgmt.md)]
+
+### Assign API access permissions
+
+1. On the **Registered app** overview page, select **Settings**.
+1. Under **API ACCESS**, select **Required permissions**.
+1. Select **Add**, and then **Select an API**.
+1. Select **Microsoft Graph**, and then **Select**.
+1. Under **APPLICATION PERMISSIONS**, select **Read all audit log data**.
+1. Select the **Select** button, and then select **Done**.
+1. Select **Grant permissions**, and then select **Yes**.
+
+### Create client secret
+
+1. Under **API ACCESS**, select **Keys**.
+1. Enter a description for the key in the **Key description** box. For example, *Audit Log Key*.
+1. Select a validity **Duration**, then select **Save**.
+1. Record the key's **VALUE**. You need this value for authentication in automation scripts like the example PowerShell script shown in a later section.
 
 You now have an application with the required API access, an application ID, and a key that you can use in your automation scripts. See the PowerShell script section later in this article for an example of how you can get activity events with a script.
 

articles/active-directory-b2c/active-directory-b2c-tutorials-spa-webapi.md

@@ -50,12 +50,7 @@ To call a protected web API from another application, you need to grant that app
 
 In the prerequisite tutorial, you created a web application named *webapp1*. In this tutorial, you configure that application to call the web API you created in a previous section, *webapi1*.
 
-1. Navigate to your B2C tenant in Azure portal
-1. Select **Applications**, and then select *webapp1*.
-1. Select **API access**, and then select **Add**.
-1. In the **Select API** dropdown, select *webapi1*.
-1. In the **Select Scopes** dropdown, select the scopes that you defined earlier. For example, *demo.read* and *demo.write*.
-1. Select **OK**.
+[!INCLUDE [active-directory-b2c-permissions-api](../../includes/active-directory-b2c-permissions-api.md)]
 
 Your single-page web application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the single-page application. The single-page app obtains an authorization grant from Azure AD B2C to access the protected web API.
 

articles/active-directory-b2c/active-directory-b2c-tutorials-web-api.md

@@ -56,11 +56,7 @@ Scopes provide a way to govern access to protected resources. Scopes are used by
 
 To call a protected web API from an application, you need to grant your application permissions to the API. In the prerequisite tutorial, you created a web application in Azure AD B2C named *webapp1*. You use this application to call the web API.
 
-1. Select **Applications**, and then select *webapp1*.
-1. Select **API access**, and then select **Add**.
-1. In the **Select API** dropdown, select *webapi1*.
-1. In the **Select Scopes** dropdown, select the scopes that you defined earlier. For example, *demo.read* and *demo.write*.
-1. Select **OK**.
+[!INCLUDE [active-directory-b2c-permissions-api](../../includes/active-directory-b2c-permissions-api.md)]
 
 Your application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the application. The application obtains an authorization grant from Azure AD B2C to access the protected web API.
 
@@ -70,8 +66,6 @@ Now that the web API is registered and you have scopes defined, you configure th
 
 There are two projects in the sample solution:
 
-The following two projects are in the sample solution:
-
 * **TaskWebApp** - Create and edit a task list. The sample uses the **sign-up or sign-in** user flow to sign up or sign in users.
 * **TaskService** - Supports the create, read, update, and delete task list functionality. The API is protected by Azure AD B2C and called by TaskWebApp.
 

articles/active-directory-b2c/active-directory-b2c-user-migration.md

@@ -45,51 +45,38 @@ You create the Azure AD B2C user account via Graph API (with the password or wit
 
 ### Step 1.1: Register your application in your tenant
 
-To communicate with the Graph API, you first must have a service account with administrative privileges. In Azure AD, you register an application and authentication to Azure AD. The application credentials are **Application ID** and **Application Secret**. The application acts as itself, not as a user, to call the Graph API.
+To communicate with the Graph API, you first must have a service account with administrative privileges. In Azure AD, you register an application and enable write access to the directory. The application credentials are the **Application ID** and **Application Secret**. The application acts as itself, not as a user, to call the Graph API.
 
-First, register your migration application in Azure AD. Then, create an application key (application secret) and set the application with write privileges.
+First, register an application that you can use for management tasks like user migration.
 
-1. Sign in to the [Azure portal][Portal].
-1. Select the **Directory + subscription** filter in the upper-right section of the portal.
-1. Select the directory containing your Azure AD B2C tenant.
-1. In the left-hand menu, select **Azure Active Directory** (*not* Azure AD B2C). To find it, you might need to select **All services**.
-1. Select **App registrations (Legacy)**.
-1. Select **New application registration**.
+[!INCLUDE [active-directory-b2c-appreg-mgmt](../../includes/active-directory-b2c-appreg-mgmt.md)]
 
-   ![Azure Active Directory and App registrations menu items highlighted](media/active-directory-b2c-user-migration/pre-migration-app-registration.png)
+### Step 1.2: Grant administrative permission to your application
 
-1. Create a new application by doing the following:
+Next, grant the application the Azure AD Graph API permissions required for writing to the directory.
 
-   - For **Name**, use *B2CUserMigration* or any other name you want.
-   - For **Application type**, select **Web app/API**.
-   - For **Sign-on URL**, use `https://localhost` (it's not relevant for this application).
-   - Select **Create**.
+1. In the **Settings** menu, select **Required permissions**.
+1. Select **Windows Azure Active Directory**.
+1. In the **Enable Access** pane, under **Application Permissions**, select **Read and write directory data**, and then select **Save**.
+1. In the **Required permissions** pane, select **Grant Permissions**, then select **Yes**.
 
-    After the application is created, the **Registered app** page is displayed showing its properties.
-1. Copy the application's **Application ID**, and save it for later.
+   ![Read/write directory checkbox, Save, and Grant permissions highlighted](media/active-directory-b2c-user-migration/pre-migration-app-registration-permissions.png)
+
+### Step 1.3: Create the application secret
 
-### Step 1.2: Create the application secret
+Create a client secret (key) for use by the user migration application that you configure in a later step.
 
 1. In the **Registered app** page, select **Settings**.
 1. Select **Keys**.
 1. Under **Passwords**, add a new key (also known as a client secret) named *MyClientSecret* or another name of your choosing, select an expiration window, select **Save**, and then copy the key value for later use.
 
     ![Application ID value and Keys menu item highlighted in Azure portal](media/active-directory-b2c-user-migration/pre-migration-app-id-and-key.png)
 
-### Step 1.3: Grant administrative permission to your application
-
-1. In the **Settings** menu, select **Required permissions**.
-1. Select **Windows Azure Active Directory**.
-1. In the **Enable Access** pane, under **Application Permissions**, select **Read and write directory data**, and then select **Save**.
-1. In the **Required permissions** pane, select **Grant Permissions**, then select **Yes**.
-
-   ![Read/write directory checkbox, Save, and Grant permissions highlighted](media/active-directory-b2c-user-migration/pre-migration-app-registration-permissions.png)
-
-Now you have an application with permissions to create, read, and update users from your Azure AD B2C tenant.
+Now you have an application with permissions to create, read, and update users in your Azure AD B2C tenant.
 
 ### Step 1.4: (Optional) Environment cleanup
 
-Read and write directory data permissions do *not* include the right to delete users. To give your application the ability to delete users (to clean up your environment), you must perform an extra step, which involves running PowerShell to set User Account Administrator permissions. Otherwise, you can skip to the next section.
+The *Read and write directory data* permission does *not* include the right to delete users. To give your application the ability to delete users (to clean up your environment), you must perform an extra step, which involves running PowerShell to set User Account Administrator permissions. Otherwise, you can skip to the next section.
 
 > [!IMPORTANT]
 > You must use a B2C tenant administrator account that is *local* to the B2C tenant. The account name syntax is *admin\@contosob2c.onmicrosoft.com*.

articles/active-directory-b2c/add-web-application.md

@@ -38,10 +38,6 @@ Scopes provide a way to govern access to protected resources. Scopes are used by
 
 To call a protected web API from an application, you need to grant your application permissions to the API. For example, in [Tutorial: Register an application in Azure Active Directory B2C](tutorial-register-applications.md), a web application is created in Azure AD B2C named *webapp1*. You can use this application to call the web API.
 
-1. Select **Applications**, and then select your web application.
-1. Select **API access**, and then select **Add**.
-1. In the **Select API** dropdown, select *webapi1*.
-1. In the **Select Scopes** dropdown, select the scopes that you defined earlier. For example, *demo.read* and *demo.write*.
-1. Select **OK**.
+[!INCLUDE [active-directory-b2c-permissions-api](../../includes/active-directory-b2c-permissions-api.md)]
 
 Your application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the application. The application obtains an authorization grant from Azure AD B2C to access the protected web API.