Merge branch 'main' into release-functions-bindings-refactor

Author: v-alje

.openpublishing.redirection.json

@@ -43938,6 +43938,11 @@
         "source_path_from_root": "/articles/governance/policy/how-to/guest-configuration-create-group-policy.md",
         "redirect_url": "/azure/governance/policy/how-to/guest-configuration-create",
         "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/articles/virtual-desktop/compare-virtual-desktop-windows-365.md",
+        "redirect_url": "/azure/virtual-desktop/overview",
+        "redirect_document_id": false
       }
   ]
 }

articles/active-directory-b2c/claimsschema.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/16/2022
+ms.date: 03/06/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -127,7 +127,7 @@ The **Mask** element contains the following attributes:
 | `Type` | Yes | The type of the claim mask. Possible values: `Simple` or `Regex`. The `Simple` value indicates that a simple text mask is applied to the leading portion of a string claim. The `Regex` value indicates that a regular expression is applied to the string claim as whole.  If the `Regex` value is specified, an optional attribute must also be defined with the regular expression to use. |
 | `Regex` | No | If **`Type`** is set to `Regex`, specify the regular expression to use.
 
-The following example configures a **PhoneNumber** claim with the `Simple` mask:
+The following example configures a **PhoneNumber** claim with the `Simple` mask. For more samples, check out the [Claim simple mask live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims#simple-mask).
 
 ```xml
 <ClaimType Id="PhoneNumber">
@@ -142,7 +142,7 @@ The Identity Experience Framework renders the phone number while hiding the firs
 
 ![Phone number claim shown in browser with first six digits masked by Xs](./media/claimsschema/mask.png)
 
-The following example configures a **AlternateEmail** claim with the `Regex` mask:
+The following example configures a **AlternateEmail** claim with the `Regex` mask. For more samples, check out the [Regex mask live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims#regex-mask).
 
 ```xml
 <ClaimType Id="AlternateEmail">
@@ -157,7 +157,6 @@ The Identity Experience Framework renders only the first letter of the email add
 
 ![Email claim shown in browser with characters masked by asterisks](./media/claimsschema/mask-regex.png)
 
-
 ### Restriction
 
 The **Restriction** element may contain the following attribute:
@@ -185,7 +184,7 @@ The **Enumeration** element contains the following attributes:
 |Value | Yes | The claim value that is associated with selecting this option. |
 | SelectByDefault | No | Indicates whether or not this option should be selected by default in the UI. Possible values: True or False. |
 
-The following example configures a **city** dropdown list claim with a default value set to `New York`:
+The following example configures a **city** dropdown list claim with a default value set to `New York`. For more samples, check out the [Claim restriction enumeration live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims#restriction-enumeration).
 
 ```xml
 <ClaimType Id="city">
@@ -390,7 +389,6 @@ The **Readonly** user input type is used to provide a readonly field to display
 </ClaimType>
 ```
 
-
 #### Paragraph
 
 The **Paragraph** user input type is used to provide a field that shows text only in a paragraph tag.  For example, &lt;p&gt;text&lt;/p&gt;. A **Paragraph** user input type `OutputClaim` of self-asserted technical profile, must set the `Required` attribute `false` (default).
@@ -404,10 +402,5 @@ The **Paragraph** user input type is used to provide a field that shows text onl
   <AdminHelpText>A claim responsible for holding response messages to send to the relying party</AdminHelpText>
   <UserHelpText>A claim responsible for holding response messages to send to the relying party</UserHelpText>
   <UserInputType>Paragraph</UserInputType>
-  <Restriction>
-    <Enumeration Text="B2C_V1_90001" Value="You cannot sign in because you are a minor" />
-    <Enumeration Text="B2C_V1_90002" Value="This action can only be performed by gold members" />
-    <Enumeration Text="B2C_V1_90003" Value="You have not been enabled for this operation" />
-  </Restriction>
 </ClaimType>
 ```

articles/active-directory-b2c/configure-authentication-sample-web-app.md

@@ -113,7 +113,7 @@ Under the project root folder, open the *appsettings.json* file. This file conta
 |---------|---------|---------|
 |AzureAdB2C|Instance| The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name) (for example, `https://contoso.b2clogin.com`).|
 |AzureAdB2C|Domain| Your Azure AD B2C tenant full [tenant name](tenant-management.md#get-your-tenant-name) (for example, `contoso.onmicrosoft.com`).|
-|AzureAdB2C|ClientId| The web API application ID from [step 2](#step-2-register-a-web-application).|
+|AzureAdB2C|ClientId| The Web App Application (client) ID from [step 2](#step-2-register-a-web-application).|
 |AzureAdB2C|SignUpSignInPolicyId|The user flows or custom policy you created in [step 1](#step-1-configure-your-user-flow).|
 
 Your final configuration file should look like the following JSON:

articles/active-directory-b2c/localization.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 01/21/2022
+ms.date: 03/06/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -110,24 +110,26 @@ The **Item** element contains the following attributes:
 | Value | Yes | The string claim value associated with selecting this option. |
 | SelectByDefault | No | Indicates whether or not this option should be selected by default in the UI. Possible values: True or False. |
 
-The following example shows the use of the **LocalizedCollections** element. It contains two **LocalizedCollection** elements, one for English and another one for Spanish. Both set the **Restriction** collection of the claim `Gender` with a list of items for English and Spanish.
+The following example shows the use of the **LocalizedCollections** element. It contains two **LocalizedCollection** elements, one for English and another one for Spanish. Both set the **Restriction** collection of the claim `Gender` with a list of items for English and Spanish. For more samples, check out the [Claim restriction enumeration live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims#restriction-enumeration).
 
 ```xml
 <LocalizedResources Id="api.selfasserted.en">
- <LocalizedCollections>
-   <LocalizedCollection ElementType="ClaimType" ElementId="Gender" TargetCollection="Restriction">
+  <LocalizedCollections>
+    <LocalizedCollection ElementType="ClaimType" ElementId="Gender" TargetCollection="Restriction">
       <Item Text="Female" Value="F" />
       <Item Text="Male" Value="M" />
     </LocalizedCollection>
-</LocalizedCollections>
+  </LocalizedCollections>
+</LocalizedResources>
 
 <LocalizedResources Id="api.selfasserted.es">
  <LocalizedCollections>
    <LocalizedCollection ElementType="ClaimType" ElementId="Gender" TargetCollection="Restriction">
       <Item Text="Femenino" Value="F" />
       <Item Text="Masculino" Value="M" />
     </LocalizedCollection>
-</LocalizedCollections>
+  </LocalizedCollections>
+</LocalizedResources>
 ```
 
 ### LocalizedStrings

articles/active-directory-b2c/protocols-overview.md

@@ -34,6 +34,8 @@ https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/authorize
 https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/token
 ```
 
+If you're using a [custom domain](custom-domain.md), replace `{tenant}.b2clogin.com` with the custom domain, such as `contoso.com`, in the endpoints.  
+
 In nearly all OAuth and OpenID Connect flows, four parties are involved in the exchange:
 
 

articles/active-directory/develop/includes/web-app/quickstart-aspnet-core.md

@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: ASP.NET Core web app that signs in users and calls Microsoft Graph | Azure"
 titleSuffix: Microsoft identity platform
-description: In this quickstart, you learn how an app leverages Microsoft.Identity.Web to implement Microsoft sign-in in an ASP.NET Core web app using OpenID Connect and calls Microsoft Graph
+description: Learn how an ASP.NET Core web app leverages Microsoft.Identity.Web to implement Microsoft sign-in using OpenID Connect and call Microsoft Graph
 services: active-directory
 author: jmprieur
 manager: CelesteDG
@@ -22,7 +22,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
 
 ## Prerequisites
 
-* [Visual Studio 2019](https://visualstudio.microsoft.com/vs/) or [Visual Studio Code](https://code.visualstudio.com/)
+* [Visual Studio](https://visualstudio.microsoft.com/vs/) or [Visual Studio Code](https://code.visualstudio.com/)
 * [.NET Core SDK 3.1+](https://dotnet.microsoft.com/download)
 
 ## Register and download your quickstart application
@@ -46,7 +46,7 @@ See [How the sample works](#how-the-sample-works) for an illustration.
 
 #### Step 2: Download the ASP.NET Core project
 
-[Download the ASP.NET Core solution](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore3-1.zip)
+[Download the ASP.NET Core solution](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore3-1-callsgraph.zip)
 
 [!INCLUDE [active-directory-develop-path-length-tip](../../../../../includes/active-directory-develop-path-length-tip.md)]
 
@@ -84,6 +84,7 @@ After consenting to the requested permissions, the app displays that you've succ
 
 :::image type="content" source="../../media/quickstart-v2-aspnet-core-webapp-calls-graph/webapp-02-signed-in.png" alt-text="Web browser displaying the running web app and the user signed in":::
 
+
 ## More information
 
 This section gives an overview of the code required to sign in users and call the Microsoft Graph API on their behalf. This overview can be useful to understand how the code works, main arguments, and also if you want to add sign-in to an existing ASP.NET Core application and call Microsoft Graph. It uses [Microsoft.Identity.Web](../../microsoft-identity-web.md), which is a wrapper around [MSAL.NET](../../msal-overview.md).

articles/active-directory/develop/msal-net-web-browsers.md

@@ -110,7 +110,7 @@ MSAL.NET is able to respond with an HTTP message when a token is received or in
 ```csharp
 var options = new SystemWebViewOptions() 
 {
-    HtmlMessageError = "<p> An error occured: {0}. Details {1}</p>",
+    HtmlMessageError = "<p> An error occurred: {0}. Details {1}</p>",
     BrowserRedirectSuccess = new Uri("https://www.microsoft.com");
 }
 

articles/active-directory/hybrid/plan-connect-topologies.md

@@ -149,8 +149,8 @@ This topology implements the following use cases:
 *	Only one Azure AD tenant sync can be configured to write back to Active Directory for the same object. This includes device and group writeback as well as Hybrid Exchange configurations – these features can only be configured in one tenant. The only exception here is Password Writeback – see below.
 *	It is supported to configure Password Hash Sync from Active Directory to multiple Azure AD tenants for the same user object. If Password Hash Sync is enabled for a tenant, then Password Writeback may be enabled as well, and this can be done on multiple tenants: if the password is changed on one tenant, then password writeback will update it in Active Directory, and Password Hash Sync will update the password in the other tenants.
 *	It is not supported to add and verify the same custom domain name in more than one Azure AD tenant, even if these tenants are in different Azure environments.
-*	It is not supported to configure hybrid experiences such as Seamless SSO and Hybrid Azure AD Join on more than one tenant. Doing so would overwrite the configuration of the other tenant and would make it unusable. 
-*	You can synchronize device objects to more than one tenant but only one tenant can be configured to trust a device.
+*	It is not supported to configure hybrid experiences that utilize forest level configuration in AD, such as Seamless SSO and Hybrid Azure AD Join (non-targeted approach), with more than one tenant.  Doing so would overwrite the configuration of the other tenant, making it no longer usable.  You can find additional information in [Plan your hybrid Azure Active Directory join deployment](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan#hybrid-azure-ad-join-for-single-forest-multiple-azure-ad-tenants). 
+*	You can synchronize device objects to more than one tenant but a device can be Hybrid Azure AD Joined to only one tenant.
 * Each Azure AD Connect instance should be running on a domain-joined machine.
 
 >[!NOTE]