Merge branch 'main' into release-cogsvcs-orchestration

Author: v-alje

.openpublishing.publish.config.json

@@ -830,6 +830,18 @@
       "url": "https://github.com/Azure-Samples/msdocs-nodejs-mongodb-azure-sample-app",
       "branch": "main",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "msdocs-django-postgresql-sample-app",
+      "url": "https://github.com/Azure-Samples/msdocs-django-postgresql-sample-app",
+      "branch": "main",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "msdocs-flask-postgresql-sample-app",
+      "url": "https://github.com/Azure-Samples/msdocs-flask-postgresql-sample-app",
+      "branch": "main",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.defender-for-cloud.json

@@ -62,7 +62,7 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds.md",
-            "redirect_url": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
+            "redirect_url": "/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
             "redirect_document_id": false
         },
         {

articles/active-directory-b2c/configure-authentication-sample-web-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/15/2021
+ms.date: 03/11/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -134,13 +134,13 @@ Your final configuration file should look like the following JSON:
 1. Go to `https://localhost:44316`. 
 1. Select **Sign Up/In**.
 
-    ![Screenshot of the "Sign Up/In" button on the project Welcome page.](./media/configure-authentication-sample-web-app/web-app-sign-in.png)
+    :::image type="content" source="./media/configure-authentication-sample-web-app/web-app-sign-in.png" alt-text="Screenshot of the  sign in and sign up button on the project Welcome page.":::
 
 1. Complete the sign-up or sign-in process.
 
 After successful authentication, you'll see your display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, select **Claims**.
 
-![Screenshot of the web app token claims.](./media/configure-authentication-sample-web-app/web-app-token-claims.png)
+  :::image type="content" source="./media/configure-authentication-sample-web-app/web-app-token-claims.png" alt-text="Screenshot of the web app token claims.":::
 
 ## Deploy your application 
 

articles/active-directory-b2c/media/configure-authentication-sample-web-app/web-app-sign-in.png

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/30/2020
+ms.date: 03/13/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -67,7 +67,7 @@ The **Parameter** element contains the following attributes:
 
 #### IsLengthRange
 
-The IsLengthRange method checks whether the length of a string claim value is within the range of minimum and maximum parameters specified. The predicate element supports the following parameters:
+The IsLengthRange method checks whether the length of a string claim value is within the range of minimum and maximum parameters specified. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/predicates#islengthrange-method) of this predicate method. The predicate element supports the following parameters:
 
 | Parameter | Required | Description |
 | ------- | ----------- | ----------- |
@@ -87,7 +87,7 @@ The following example shows a IsLengthRange method with the parameters `Minimum`
 
 #### MatchesRegex
 
-The MatchesRegex method checks whether a string claim value matches a regular expression. The predicate element supports the following parameters:
+The MatchesRegex method checks whether a string claim value matches a regular expression. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/predicates#matchesregex-method) of this predicate method. The predicate element supports the following parameters:
 
 | Parameter | Required | Description |
 | ------- | ----------- | ----------- |
@@ -105,7 +105,7 @@ The following example shows a `MatchesRegex` method with the parameter `RegularE
 
 #### IncludesCharacters
 
-The IncludesCharacters method checks whether a string claim value contains a character set. The predicate element supports the following parameters:
+The IncludesCharacters method checks whether a string claim value contains a character set. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/predicates#includescharacters-method) of this predicate method. The predicate element supports the following parameters:
 
 | Parameter | Required | Description |
 | ------- | ----------- | ----------- |
@@ -123,7 +123,7 @@ The following example shows a `IncludesCharacters` method with the parameter `Ch
 
 #### IsDateRange
 
-The IsDateRange method checks whether a date claim value is between a range of minimum and maximum parameters specified. The predicate element supports the following parameters:
+The IsDateRange method checks whether a date claim value is between a range of minimum and maximum parameters specified. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/predicates#isdaterange-method) of this predicate method. The predicate element supports the following parameters:
 
 | Parameter | Required | Description |
 | ------- | ----------- | ----------- |

articles/active-directory-b2c/media/configure-authentication-sample-web-app/web-app-token-claims.png

@@ -31,7 +31,7 @@ In this quickstart, you use an ASP.NET application to sign in using a social ide
     git clone https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi.git
     ```
 
-    There are two projects are in the sample solution:
+    There are two projects in the sample solution:
 
     - **TaskWebApp** - A web application that creates and edits a task list. The web application uses the **sign-up or sign-in** user flow to sign up or sign in users.
     - **TaskService** - A web API that supports the create, read, update, and delete task list functionality. The web API is protected by Azure AD B2C and called by the web application.

articles/active-directory-b2c/predicates.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/25/2022
+ms.date: 03/13/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -147,7 +147,7 @@ To configure the session behavior in your custom policy, follow these steps:
 
 ## Enable Keep me signed in (KMSI)
 
-You can enable the KMSI feature for users of your web and native applications who have local accounts in your Azure AD B2C directory. When you enable the feature, users can opt to stay signed in so the session remains active after they close the browser. The session is maintained by setting a [persistent cookie](cookie-definitions.md). Users who select KMSI, can reopen the browser without being prompted to reenter their username and password. This access (persistent cookie) is revoked when a user signs out. 
+You can enable the KMSI feature for users of your web and native applications who have local accounts in your Azure AD B2C directory. When you enable the feature, users can opt to stay signed in so the session remains active after they close the browser. The session is maintained by setting a [persistent cookie](cookie-definitions.md). Users who select KMSI, can reopen the browser without being prompted to reenter their username and password. This access (persistent cookie) is revoked when a user signs out. For more information, check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/session#enable-keep-me-signed-in-kmsi).
 
 ![Example sign-up sign-in page showing a Keep me signed in checkbox](./media/session-behavior/keep-me-signed-in.png)
 
@@ -401,7 +401,7 @@ To require an ID Token in logout requests:
 
 ::: zone pivot="b2c-custom-policy"
 
-To require an ID Token in logout requests, add a **UserJourneyBehaviors** element inside of the [RelyingParty](relyingparty.md) element. Then set the **EnforceIdTokenHintOnLogout** of the **SingleSignOn** element to `true`. Your **UserJourneyBehaviors** element should look like this example:
+To require an ID Token in logout requests, add a **UserJourneyBehaviors** element inside of the [RelyingParty](relyingparty.md) element. Then set the **EnforceIdTokenHintOnLogout** of the **SingleSignOn** element to `true`. For more information, check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/session#enforce-id-token-hint-on-logout). Your **UserJourneyBehaviors** element should look like this example:
 
 ```xml
 <UserJourneyBehaviors>

articles/active-directory-b2c/quickstart-web-app-dotnet.md

@@ -42,7 +42,7 @@ As you design the virtual network for Azure AD DS, the following considerations
 
 A managed domain connects to a subnet in an Azure virtual network. Design this subnet for Azure AD DS with the following considerations:
 
-* A managed domain must be deployed in its own subnet. Don't use an existing subnet or a gateway subnet.
+* A managed domain must be deployed in its own subnet. Don't use an existing subnet or a gateway subnet. This includes the usage of remote gateways settings in the virtual network peering which puts the managed domain in an unsupported state.
 * A network security group is created during the deployment of a managed domain. This network security group contains the required rules for correct service communication.
     * Don't create or use an existing network security group with your own custom rules.
 * A managed domain requires 3-5 IP addresses. Make sure that your subnet IP address range can provide this number of addresses.
@@ -188,4 +188,4 @@ For more information about some of the network resources and connection options
 
 * [Azure virtual network peering](../virtual-network/virtual-network-peering-overview.md)
 * [Azure VPN gateways](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md)
-* [Azure network security groups](../virtual-network/network-security-groups-overview.md)
+* [Azure network security groups](../virtual-network/network-security-groups-overview.md)

articles/active-directory-b2c/session-behavior.md

@@ -54,6 +54,8 @@ The authorization code flow begins with the client directing the user to the `/a
 
 Some permissions are admin-restricted, for example, writing data to an organization's directory by using `Directory.ReadWrite.All`. If your application requests access to one of these permissions from an organizational user, the user receives an error message that says they're not authorized to consent to your app's permissions. To request access to admin-restricted scopes, you should request them directly from a Global Administrator. For more information, see [Admin-restricted permissions](v2-permissions-and-consent.md#admin-restricted-permissions).
 
+Unless specified otherwise, there are no default values for optional parameters. There is, however, default behavior for a request omitting optional parameters. The default behavior is to either sign in the sole current user, show the account picker if there are multiple users, or show the login page if there are no users signed in. 
+
 ```http
 // Line breaks for legibility only