Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: LauraBrenner

.openpublishing.redirection.json

@@ -15275,6 +15275,41 @@
       "redirect_url": "/azure/machine-learning/how-to-designer-sample-classification-flight-delay",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-classification-churn.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-classification-credit-risk-cost-sensitive.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-classification-flight-delay.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-classification-predict-income.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-regression-automobile-price-basic.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-regression-automobile-price-compare-algorithms.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/machine-learning/how-to-designer-sample-text-classification.md",
+      "redirect_url": "/azure/machine-learning/samples-designer",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/log-analytics/log-analytics-add-solutions.md",
       "redirect_url": "/azure/monitoring/monitoring-solutions",
@@ -49215,6 +49250,11 @@
       "source_path": "articles/cognitive-services/Speech-Service/how-to-use-codec-compressed-audio-input-streams-ios.md",
       "redirect_url": "/azure/cognitive-services/Speech-Service/how-to-use-codec-compressed-audio-input-streams?pivots=programming-language-objectivec",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/power-bi-embedded/index.md",
+      "redirect_url": "https://docs.microsoft.com/power-bi/developer/azure-pbie-what-is-power-bi-embedded",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/active-directory-technical-profile.md

@@ -52,7 +52,7 @@ The following example shows the **AAD-Common** technical profile:
 </TechnicalProfile>
 ```
 
-## Input claims
+## InputClaims
 
 The InputClaims element contains a claim, which is used to look up an account in the directory, or create a new one. There must be exactly one InputClaim element in the input claims collection for all Azure AD technical profiles. You may need to map the name of the claim defined in your policy to the name defined in Azure Active Directory.
 
@@ -62,7 +62,7 @@ To create a new user account, the input claim is a key that uniquely identifies
 
 The InputClaimsTransformations element may contain a collection of input claims transformation elements that are used to modify the input claim or generate new one.
 
-## Output claims
+## OutputClaims
 
 The **OutputClaims** element contains a list of claims returned by the Azure AD technical profile. You may need to map the name of the claim defined in your policy to the name defined in Azure Active Directory. You can also include claims that aren't returned by the Azure Active Directory, as long as you set the `DefaultValue` attribute.
 

articles/active-directory-b2c/custom-policy-configure-user-input.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/09/2020
+ms.date: 03/10/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -67,6 +67,12 @@ The CryptographicKeys element contains the following attributes:
 
 To configure the Azure AD B2C SAML sessions between a relying party application, the attribute of the `UseTechnicalProfileForSessionManagement` element, reference to [SamlSSOSessionProvider](custom-policy-reference-sso.md#samlssosessionprovider) SSO session.
 
+## Next steps
+
+See the following article for example of using a SAML issuer technical profile:
+
+- [Register a SAML application in Azure AD B2C](connect-with-saml-service-providers.md)
+
 
 
 

articles/active-directory-b2c/saml-issuer-technical-profile.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 08/16/2019
+ms.date: 03/09/2020
 
 ms.author: iainfou
 author: iainfoulds
@@ -153,25 +153,25 @@ Users may have a combination of up to five OATH hardware tokens or authenticator
 
 ## OATH hardware tokens (public preview)
 
-OATH is an open standard that specifies how one-time password (OTP) codes are generated. Azure AD will support the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety. Customers can procure these tokens from the vendor of their choice. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret keys need to be encoded in Base32.
+OATH is an open standard that specifies how one-time password (OTP) codes are generated. Azure AD will support the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety. Customers can procure these tokens from the vendor of their choice. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret key can only contain the characters *a-z* or *A-Z* and digits *1-7*, and must be encoded in Base32.
 
-![Uploading OATH tokens to the MFA Server OATH tokens blade](media/concept-authentication-methods/mfa-server-oath-tokens-azure-ad.png)
+![Uploading OATH tokens to the MFA OATH tokens blade](media/concept-authentication-methods/mfa-server-oath-tokens-azure-ad.png)
 
-OATH hardware tokens are being supported as part of a public preview. For more information about previews, see  [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)
+OATH hardware tokens are supported as part of a public preview. For more information about previews, see  [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)
 
-Once tokens are acquired they must be uploaded in a comma-separated values (CSV) file format including the UPN, serial number, secret key, time interval, manufacturer, and model as the example below shows.
+Once tokens are acquired they must be uploaded in a comma-separated values (CSV) file format including the UPN, serial number, secret key, time interval, manufacturer, and model as shown in the following example:
 
 ```csv
 upn,serial number,secret key,time interval,manufacturer,model
-[email protected],1234567,1234567890abcdef1234567890abcdef,60,Contoso,HardwareKey
+[email protected],1234567,1234567abcdef1234567abcdef,60,Contoso,HardwareKey
 ```
 
 > [!NOTE]
-> Make sure you include the header row in your CSV file as shown above.
+> Make sure you include the header row in your CSV file.
 
-Once properly formatted as a CSV file, an administrator can then sign in to the Azure portal and navigate to **Azure Active Directory**, **MFA Server**, **OATH tokens**, and upload the resulting CSV file.
+Once properly formatted as a CSV file, an administrator can then sign in to the Azure portal, navigate to **Azure Active Directory** > **Security** > **MFA** > **OATH tokens**, and upload the resulting CSV file.
 
-Depending on the size of the CSV file, it may take a few minutes to process. Click the **Refresh** button to get the current status. If there are any errors in the file, you will have the option to download a CSV file listing any errors for you to resolve.
+Depending on the size of the CSV file, it may take a few minutes to process. Click the **Refresh** button to get the current status. If there are any errors in the file, you will have the option to download a CSV file listing any errors for you to resolve. The field names in the downloaded CSV file are different than the uploaded version.
 
 Once any errors have been addressed, the administrator then can activate each key by clicking **Activate** for the token to be activated and entering the OTP displayed on the token.
 

articles/active-directory/authentication/concept-authentication-methods.md

@@ -41,6 +41,7 @@ To complete this tutorial, you need the following resources and privileges:
     * If needed, [complete the previous tutorial to enable Azure AD SSPR](tutorial-enable-sspr.md).
 * An existing on-premises AD DS environment configured with a current version of Azure AD Connect.
     * If needed, configure Azure AD Connect using the [Express](../hybrid/how-to-connect-install-express.md) or [Custom](../hybrid/how-to-connect-install-custom.md) settings.
+    * To use Password Writeback, your Domain Controllers must be Windows Server 2008 R2 or later.
 
 ## Configure account permissions for Azure AD Connect
 

articles/active-directory/authentication/tutorial-enable-sspr-writeback.md

@@ -28,6 +28,9 @@ In the Conditional Access, these client apps are known to be protected with an a
 
 For a list of eligible client apps, see [App protection policy requirement](concept-conditional-access-grant.md).
 
+> [!NOTE]
+>    The or clause is used within the policy to enable users to utilize apps that support either the **Require app protection policy** or **Require approved client app** grant controls. For more information on which apps support the **Require app protection policy** grant control, see [App protection policy requirement](concept-conditional-access-grant.md).
+
 ## Scenario 1: Office 365 apps require approved apps with app protection policies
 
 In this scenario, Contoso has decided that all mobile access to Office 365 resources must use approved client apps, like Outlook mobile, OneDrive, and Microsoft Teams protected by an app protection policy prior to receiving access. All of their users already sign in with Azure AD credentials and have licenses assigned to them that include Azure AD Premium P1 or P2 and Microsoft Intune.
@@ -53,7 +56,7 @@ Organizations must complete the following steps in order to require the use of a
 1. Under **Access controls** > **Grant**, select the following options:
    - **Require approved client app**
    - **Require app protection policy (preview)**
-   - **Require all of the selected controls**
+   - **Require one of the selected controls**
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create and enable your policy.
 
@@ -72,7 +75,7 @@ For the Conditional Access policy in this step, configure the following componen
    1. **Client apps (preview)**:
       1. Set **Configure** to **Yes**.
       1. Select **Mobile apps and desktop clients** and **Exchange ActiveSync clients**.
-1. Under **Access controls** > **Grant**, select **Grant access**, **Require approved client app**, and select **Select**.
+1. Under **Access controls** > **Grant**, select **Grant access**, **Require app protection policy**, and select **Select**.
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create and enable your policy.
 
@@ -105,7 +108,7 @@ Organizations must complete the following three steps in order to require the us
 1. Under **Access controls** > **Grant**, select the following options:
    - **Require approved client app**
    - **Require app protection policy (preview)**
-   - **Require all of the selected controls**
+   - **Require one of the selected controls**
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create and enable your policy.
 
@@ -122,7 +125,7 @@ Organizations must complete the following three steps in order to require the us
    1. **Client apps (preview)**:
       1. Set **Configure** to **Yes**.
       1. Select **Mobile apps and desktop clients** and **Exchange ActiveSync clients**.
-1. Under **Access controls** > **Grant**, select **Grant access**, **Require approved client app**, and select **Select**.
+1. Under **Access controls** > **Grant**, select **Grant access**, **Require app protection policy**, and select **Select**.
 1. Confirm your settings and set **Enable policy** to **On**.
 1. Select **Create** to create and enable your policy.
 

articles/active-directory/conditional-access/app-protection-based-conditional-access.md

@@ -64,7 +64,7 @@ Organizations can choose to use the device identity as part of their Conditional
 
 Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution.
 
-This setting applies to the following client apps:
+This setting applies to the following iOS and Android apps:
 
 - Microsoft Azure Information Protection
 - Microsoft Bookings
@@ -77,6 +77,7 @@ This setting applies to the following client apps:
 - Microsoft Invoicing
 - Microsoft Kaizala
 - Microsoft Launcher
+- Microsoft Office
 - Microsoft OneDrive
 - Microsoft OneNote
 - Microsoft Outlook