Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into rolyon-rbac-service-provider-note

Author: rolyon

.openpublishing.redirection.json

@@ -55,6 +55,11 @@
       "redirect_url": "/azure/virtual-machines/linux/create-cli-complete",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/workloads/workloads.md",
+      "redirect_url": "/azure/virtual-machines/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/windows/maintenance-and-updates.md",
       "redirect_url": "/azure/virtual-machines/maintenance-and-updates?toc=/azure/virtual-machines/windows/toc.json&bc=/azure/virtual-machines/windows/breadcrumb/toc.json",
@@ -12677,7 +12682,12 @@
     },
     {
       "source_path": "articles/hdinsight/hdinsight-hadoop-create-windows-clusters-dotnet-sdk.md",
-      "redirect_url": "/azure/hdinsight/hdinsight-hadoop-create-linux-clusters-dotnet-sdk",
+      "redirect_url": "https://docs.microsoft.com/dotnet/api/overview/azure/hdinsight?view=azure-dotnet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/hdinsight/hdinsight-hadoop-create-linux-clusters-dotnet-sdk.md",
+      "redirect_url": "https://docs.microsoft.com/dotnet/api/overview/azure/hdinsight?view=azure-dotnet",
       "redirect_document_id": false
     },
     {
@@ -28222,8 +28232,13 @@
     },
     {
       "source_path": "articles/hdinsight/hdinsight-deep-learning-caffe-spark.md",
-      "redirect_url": "/azure/hdinsight/spark/apache-spark-deep-learning-caffe",
-      "redirect_document_id": true
+      "redirect_url": "/azure/hdinsight/spark/apache-spark-machine-learning-mllib-ipython",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/hdinsight/spark/apache-spark-deep-learning-caffe.md",
+      "redirect_url": "/azure/hdinsight/spark/apache-spark-machine-learning-mllib-ipython",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/hdinsight/hdinsight-develop-deploy-java-mapreduce-linux.md",
@@ -40799,6 +40814,11 @@
       "redirect_url": "/azure/azure-databricks/databricks-extract-load-sql-data-warehouse",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/azure-databricks/vnet-injection.md",
+      "redirect_url": "/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/security/blueprints/gdpr-analytics-overview.md",
       "redirect_url": "https://aka.ms/azureblueprint",
@@ -45623,6 +45643,11 @@
       "source_path": "articles/media-services/latest/cae-experimental.md",
       "redirect_url": "/azure/media-services/latest/content-aware-encoding",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/load-balancer/load-balancer-arm.md",
+      "redirect_url": "/azure/load-balancer/load-balancer-overview",
+      "redirect_document_id": true
     }
   ]
 }

articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-basic.md

@@ -298,17 +298,19 @@ After your RESTful service is protected by the client ID (username) and secret,
 
 ## Step 5: Upload the policy to your tenant
 
-1. In the [Azure portal](https://portal.azure.com), switch to the [context of your Azure AD B2C tenant](active-directory-b2c-navigate-to-b2c-context.md), and then open **Azure AD B2C**.
+1. In the [Azure portal](https://portal.azure.com), select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
 
-2. Select **Identity Experience Framework**.
+1. In the Azure portal, search for and select **Azure AD B2C**.
 
-3. Open **All Policies**.
+1. Select **Identity Experience Framework**.
 
-4. Select **Upload Policy**.
+1. Open **All Policies**.
 
-5. Select the **Overwrite the policy if it exists** check box.
+1. Select **Upload Policy**.
 
-6. Upload the *TrustFrameworkExtensions.xml* file, and then ensure that it passes validation.
+1. Select the **Overwrite the policy if it exists** check box.
+
+1. Upload the *TrustFrameworkExtensions.xml* file, and then ensure that it passes validation.
 
 ## Step 6: Test the custom policy by using Run Now
 

articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw-secure-cert.md

@@ -96,17 +96,19 @@ To support client certificate authentication in your custom policy, change the t
 
 ## Step 4: Upload the policy to your tenant
 
-1. In the [Azure portal](https://portal.azure.com), switch to the [context of your Azure AD B2C tenant](active-directory-b2c-navigate-to-b2c-context.md), and then select **Azure AD B2C**.
+1. In the [Azure portal](https://portal.azure.com), select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
 
-2. Select **Identity Experience Framework**.
+1. In the Azure portal, search for and select **Azure AD B2C**.
 
-3. Select **All Policies**.
+1. Select **Identity Experience Framework**.
 
-4. Select **Upload Policy**.
+1. Select **All Policies**.
 
-5. Select the **Overwrite the policy if it exists** check box.
+1. Select **Upload Policy**.
 
-6. Upload the *TrustFrameworkExtensions.xml* file, and then ensure that it passes validation.
+1. Select the **Overwrite the policy if it exists** check box.
+
+1. Upload the *TrustFrameworkExtensions.xml* file, and then ensure that it passes validation.
 
 ## Step 5: Test the custom policy by using Run Now
 1. Open **Azure AD B2C Settings**, and then select **Identity Experience Framework**.

articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw.md

@@ -333,7 +333,9 @@ After you add the new claim, the relying party code looks like this:
 
 ## Step 7: Upload the policy to your tenant
 
-1. In the [Azure portal](https://portal.azure.com), switch to the [context of your Azure AD B2C tenant](active-directory-b2c-navigate-to-b2c-context.md), and then open **Azure AD B2C**.
+1. In the [Azure portal](https://portal.azure.com), Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+
+1. In the Azure portal, search for and select **Azure AD B2C**.
 
 1. Select **Identity Experience Framework**.
 

articles/active-directory-b2c/active-directory-b2c-how-to-enable-billing.md

@@ -130,7 +130,7 @@ The management of Azure AD B2C using role-based access control is not affected b
 
 Azure AD B2C tenants can be moved to another subscription if the source and destination subscriptions exist within the same Azure Active Directory tenant.
 
-To learn how to move Azure resources like your Azure AD B2C tenant to another subscription, see [Move resources to new resource group or subscription](../azure-resource-manager/resource-group-move-resources.md).
+To learn how to move Azure resources like your Azure AD B2C tenant to another subscription, see [Move resources to new resource group or subscription](../azure-resource-manager/management/move-resource-group-and-subscription.md).
 
 Before you initiate the move, be sure to read the entire article to fully understand the limitations and requirements for such a move. In addition to instructions for moving resources, it includes critical information like a pre-move checklist and how to validate the move operation.
 

articles/active-directory-b2c/active-directory-b2c-ui-customization-custom-dynamic.md

@@ -213,17 +213,19 @@ To configure `ContentDefinition`, do the following:
     ![Example XML snippet with LoadUri element highlighted](media/active-directory-b2c-ui-customization-custom-dynamic/aadb2c-ief-ui-customization-content-definition.png)
 
 ## Step 6: Upload the policy to your tenant
-1. In the [Azure portal](https://portal.azure.com), switch to the [context of your Azure AD B2C tenant](active-directory-b2c-navigate-to-b2c-context.md), and then select **Azure AD B2C**.
+1. In the [Azure portal](https://portal.azure.com), select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
 
-2. Select **Identity Experience Framework**.
+1. In the Azure portal, search for and select **Azure AD B2C**.
 
-3. Select **All Policies**.
+1. Select **Identity Experience Framework**.
 
-4. Select **Upload Policy**.
+1. Select **All Policies**.
 
-5. Select the **Overwrite the policy if it exists** check box.
+1. Select **Upload Policy**.
 
-6. Upload the *TrustFrameworkExtensions.xml* file, and ensure that it passes validation.
+1. Select the **Overwrite the policy if it exists** check box.
+
+1. Upload the *TrustFrameworkExtensions.xml* file, and ensure that it passes validation.
 
 ## Step 7: Test the custom policy by using Run Now
 1. Select **Azure AD B2C Settings**, and then select **Identity Experience Framework**.
@@ -341,7 +343,3 @@ If you select the **Sign up now** link on the sign-in page, the browser displays
 ## (Optional) Download the complete policy files and code
 * After you complete the [Get started with custom policies](active-directory-b2c-get-started-custom.md) walkthrough, we recommend that you build your scenario by using your own custom policy files. For your reference, we have provided [Sample policy files](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/aadb2c-ief-ui-customization).
 * You can download the complete code from [Sample Visual Studio solution for reference](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/aadb2c-ief-ui-customization).
-
-
-
-

articles/active-directory-b2c/cookie-definitions.md

@@ -19,14 +19,13 @@ The following table lists the cookies used in Azure Active Directory B2C.
 
 | Name | Domain | Expiration | Purpose |
 | ----------- | ------ | -------------------------- | --------- |
-| x-ms-cpim-admin | main.b2cadmin.ext.azure.com | End of [browser session](active-directory-b2c-token-session-sso.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
-| x-ms-cpim-slice | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used to route requests to the appropriate production instance. |
-| x-ms-cpim-trans | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
-| x-ms-cpim-sso:{Id} | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used for maintaining the SSO session. |
-| x-ms-cpim-cache:{id}_n | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md), successful authentication | Used for maintaining the request state. |
-| x-ms-cpim-csrf | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Cross-Site Request Forgery token used for CRSF protection. |
-| x-ms-cpim-dc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used for Azure AD B2C network routing. |
-| x-ms-cpim-ctx | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Context |
-| x-ms-cpim-rp | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used for storing membership data for the resource provider tenant. |
-| x-ms-cpim-rc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](active-directory-b2c-token-session-sso.md) | Used for storing the relay cookie. |
-
+| x-ms-cpim-admin | main.b2cadmin.ext.azure.com | End of [browser session](session-behavior.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
+| x-ms-cpim-slice | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used to route requests to the appropriate production instance. |
+| x-ms-cpim-trans | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
+| x-ms-cpim-sso:{Id} | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. |
+| x-ms-cpim-cache:{id}_n | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
+| x-ms-cpim-csrf | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
+| x-ms-cpim-dc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
+| x-ms-cpim-ctx | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Context |
+| x-ms-cpim-rp | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
+| x-ms-cpim-rc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |

articles/active-directory-b2c/relyingparty.md

@@ -204,7 +204,7 @@ The **OutputClaim** element contains the following attributes:
 ### SubjectNamingInfo
 
 With the **SubjectNameingInfo** element, you control the value of the token subject:
-- **JWT token** - the `sub` claim. This is a principal about which the token asserts information, such as the user of an application. This value is immutable and cannot be reassigned or reused. It can be used to perform safe authorization checks, such as when the token is used to access a resource. By default, the subject claim is populated with the object ID of the user in the directory. For more information, see [Token, session and single sign-on configuration](active-directory-b2c-token-session-sso.md).
+- **JWT token** - the `sub` claim. This is a principal about which the token asserts information, such as the user of an application. This value is immutable and cannot be reassigned or reused. It can be used to perform safe authorization checks, such as when the token is used to access a resource. By default, the subject claim is populated with the object ID of the user in the directory. For more information, see [Token, session and single sign-on configuration](session-behavior.md).
 - **SAML token** - the `<Subject><NameID>` element which identifies the subject element.
 
 The **SubjectNamingInfo** element contains the following attribute:
@@ -242,5 +242,3 @@ The JWT token includes the `sub` claim with the user objectId:
   ...
 }
 ```
-
-

articles/active-directory-domain-services/TOC.yml

@@ -49,8 +49,6 @@
       href: ../active-directory/fundamentals/active-directory-whatis.md?context=/azure/active-directory-domain-services/context/azure-ad-ds-context
     - name: Azure Active Directory architecture
       href: ../active-directory/fundamentals/active-directory-architecture.md?context=/azure/active-directory-domain-services/context/azure-ad-ds-context
-    - name: Implement least-privilege administrative models
-      href: /windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models?context=/azure/active-directory-domain-services/context/azure-ad-ds-context
 - name: How to
   items:
     - name: Configure common settings

articles/active-directory/hybrid/how-to-connect-pta-faq.md

@@ -163,7 +163,7 @@ A: Under the following circumstances your on-premises UPN changes may not synchr
 
 This is because the default behavior of tenants created prior to June 15th 2015 was to block UPN changes.  If you need to un-block UPN changes you need to run the following PowerShell cmdlt:  
 
-`Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers-Enable $True`
+`Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $True`
 
 Tenants created after June 15th 2015 have the default behavior of synchronizing UPN changes.