Merge pull request #105702 from MicrosoftDocs/master

2/26 PM Publsih

Author: huypub

.openpublishing.redirection.json

@@ -801,34 +801,44 @@
       "redirect_url": "/azure/machine-learning",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/QnAMaker/concepts/data-sources-supported.md",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/reference-document-format-guidelines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/QnAMaker/tutorials/choosing-capacity-qnamaker-deployment.md",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Concepts/azure-resources",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/create-publish-kb-nodejs-sdk.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/quickstart-sdk",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/quickstart-sdk",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/create-publish-kb-csharp-sdk.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/quickstart-sdk",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/quickstart-sdk",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/python-sdk.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/quickstart-sdk",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/quickstart-sdk",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/create-knowledge-rest-api-nodejs.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/publish-kb-nodejs",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/publish-kb-nodejs",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-kb-using-postman.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
       "redirect_document_id": false
     },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Quickstarts/get-answer-from-kb-using-curl.md",
-      "redirect_url": "/azure/cognitive-services//QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
+      "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/get-answer-from-knowledge-base-using-url-tool",
       "redirect_document_id": false
     },
     {
@@ -986,11 +996,6 @@
       "redirect_url": "/azure/cognitive-services/QnAMaker/quickstarts/create-new-kb-csharp",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/cognitive-services/QnAMaker/Concepts/data-sources-supported.md",
-      "redirect_url": "/azure/cognitive-services/QnAMaker/concepts/knowledge-base",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/cognitive-services/QnAMaker/How-To/create-knowledge-base.md",
       "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/create-publish-knowledge-base",
@@ -1666,6 +1671,26 @@
       "redirect_url": "/azure/cognitive-services/bing-web-search/bing-web-stats",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Bing-Web-Search/web-search-sdk-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Web-Search/web-sdk-java-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Web-Search/web-search-sdk-node-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Bing-Web-Search/web-sdk-python-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/bing-web-search/quickstarts/client-libraries",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/classic/rdma-cluster.md",
       "redirect_url": "/azure/virtual-machines/linux/sizes-hpc#rdma-capable-instances",

articles/active-directory-b2c/TOC.yml

@@ -350,8 +350,9 @@
     - name: Azure Monitor
       href: azure-monitor.md
       displayName: log, logs, logging, usage, events
-    - name: Account management
+    - name: Manage users - Microsoft Graph
       href: manage-user-accounts-graph-api.md
+      displayName: account, accounts
     - name: Deploy with Azure Pipelines
       href: deploy-custom-policies-devops.md
       displayName: azure devops, ci/cd, cicd, custom policy, policies

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -272,7 +272,6 @@ Your custom policy and Azure AD B2C tenant are now ready. Next, create an applic
 1. Enter a **Name** for the application. For example, *SAMLApp1*.
 1. Under **Supported account types**, select **Accounts in this organizational directory only**
 1. Under **Redirect URI**, select **Web**, and then enter `https://localhost`. You modify this value later in the application registration's manifest.
-1. Select **Grant admin consent to openid and offline_access permissions**.
 1. Select **Register**.
 
 ### 4.2 Update the app manifest
@@ -334,7 +333,7 @@ The last step is to enable Azure AD B2C as a SAML IdP in your SAML relying party
 Some or all the following are typically required:
 
 * **Metadata**: `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name/Samlp/metadata`
-* **Issuer**: `https://tenant-name.onmicrosoft.com/policy-name`
+* **Issuer**:   `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name`
 * **Login Url/SAML endpoint/SAML Url**: Check the value in the metadata file
 * **Certificate**: This is *B2C_1A_SamlIdpCert*, but without the private key. To get the public key of the certificate:
 

articles/active-directory-b2c/phone-authentication.md

@@ -1,29 +1,35 @@
 ---
-title: Phone sign-up and sign-in with custom policies
+title: Phone sign-up and sign-in with custom policies (Preview)
 titleSuffix: Azure AD B2C
-description: Learn how to send one-time passwords in text messages to your application users' phones with custom policies in Azure Active Directory B2C.
+description: Send one-time passwords (OTP) in text messages to your application users' phones with custom policies in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/17/2019
+ms.date: 02/25/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
 
-# Set up phone sign-up and sign-in with custom policies in Azure AD B2C
+# Set up phone sign-up and sign-in with custom policies in Azure AD B2C (Preview)
 
 Phone sign-up and sign-in in Azure Active Directory B2C (Azure AD B2C) enables your users to sign up and sign in to your applications by using a one-time password (OTP) sent in a text message to their phone. One-time passwords can help minimize the risk of your users forgetting or having their passwords compromised.
 
 Follow the steps in this article to use the custom policies to enable your customers to sign up and sign in to your applications by using a one-time password sent to their phone.
 
 [!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
 
+## Pricing
+
+One-time passwords are sent to your users by using SMS text messages, and you may be charged for each message sent. For pricing information, see the **Separate Charges** section of [Azure Active Directory B2C pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/).
+
 ## Prerequisites
 
+You need the following resources in place before setting up OTP.
+
 * [Azure AD B2C tenant](tutorial-create-tenant.md)
 * [Web application registered](tutorial-register-applications.md) in your tenant
 * [Custom policies](custom-policy-get-started.md) uploaded to your tenant
@@ -66,6 +72,22 @@ As you upload each file, Azure adds the prefix `B2C_1A_`.
 1. Select **Run now** and sign up using an email address or a phone number.
 1. Select **Run now** once again and sign in with the same account to confirm that you have the correct configuration.
 
+## Get user account by phone number
+
+A user that signs up with a phone number but does not provide a recovery email address is recorded in your Azure AD B2C directory with their phone number as their sign-in name. If the user then wishes to change their phone number, your help desk or support team must first find their account, and then update their phone number.
+
+You can find a user by their phone number (sign-in name) by using [Microsoft Graph](manage-user-accounts-graph-api.md):
+
+```http
+GET https://graph.microsoft.com/v1.0/users?$filter=identities/any(c:c/issuerAssignedId eq '+{phone number}' and c/issuer eq '{tenant name}.onmicrosoft.com')
+```
+
+For example:
+
+```http
+GET https://graph.microsoft.com/v1.0/users?$filter=identities/any(c:c/issuerAssignedId eq '+450334567890' and c/issuer eq 'contosob2c.onmicrosoft.com')
+```
+
 ## Next steps
 
 You can find the phone sign-up and sign-in custom policy starter pack (and other starter packs) on GitHub:

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -39,7 +39,7 @@ The following table provides a list of the features that are available in the va
 
 | Feature | Azure AD Free - Security defaults | Azure AD Free - Azure AD Global Administrators | Office 365 Business Premium, E3, or E5 | Azure AD Premium P1 or P2 |
 | --- |:---:|:---:|:---:|:---:|
-| Protect Azure AD admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● |
+| Protect Azure AD tenant admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● |
 | Mobile app as a second factor | ● | ● | ● | ● |
 | Phone call as a second factor | | ● | ● | ● |
 | SMS as a second factor | | ● | ● | ● |

articles/active-directory/develop/howto-authenticate-service-principal-powershell.md

@@ -46,7 +46,7 @@ You can set the scope at the level of the subscription, resource group, or resou
 
 ## Create service principal with self-signed certificate
 
-The following example covers a simple scenario. It uses [New-​AzAD​Service​Principal](/powershell/module/az.resources/new-azadserviceprincipal) to create a service principal with a self-signed certificate, and uses [New-​Azure​Rm​Role​Assignment](/powershell/module/az.resources/new-azroleassignment) to assign the [Reader](/azure/role-based-access-control/built-in-roles#reader) role to the service principal. The role assignment is scoped to your currently selected Azure subscription. To select a different subscription, use [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext).
+The following example covers a simple scenario. It uses [New-​AzAD​Service​Principal](/powershell/module/az.resources/new-azadserviceprincipal) to create a service principal with a self-signed certificate, and uses [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) to assign the [Reader](/azure/role-based-access-control/built-in-roles#reader) role to the service principal. The role assignment is scoped to your currently selected Azure subscription. To select a different subscription, use [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext).
 
 > [!NOTE]
 > The New-SelfSignedCertificate cmdlet and the PKI module are currently not supported in PowerShell Core. 

articles/active-directory/reports-monitoring/concept-audit-logs.md

@@ -38,11 +38,11 @@ This article gives you an overview of the audit report.
 
 ## Who can access the data?
 
-* Users in the **Security Administrator**, **Security Reader**, **Report Reader** or **Global Administrator** roles
+* Users in the **Security Administrator**, **Security Reader**, **Report Reader** , **Global Reader** or **Global Administrator** roles
 
 ## Audit logs
 
-The Azure AD audit logs provide records of system activities for compliance. To access the audit report, select **Audit logs** in the **Activity** section of **Azure Active Directory**. Note that audit logs may have a latency of up to an hour, so it may take that long for audit activity data to show up in the portal after you have completed the task.
+The Azure AD audit logs provide records of system activities for compliance. To access the audit report, select **Audit logs** in the **Monitoring** section of **Azure Active Directory**. Note that audit logs may have a latency of up to an hour, so it may take that long for audit activity data to show up in the portal after you have completed the task.
 
 
 
@@ -87,16 +87,20 @@ You can filter the audit data on the following fields:
 The **Service** filter allows you to select from a drop-down list of the following services:
 
 - All
+- AAD Management UX
 - Access Reviews
-- Account Provisioning 
-- Application SSO
+- Account Provisioning
+- Application Proxy
 - Authentication Methods
 - B2C
 - Conditional Access
 - Core Directory
 - Entitlement Management
+- Hybrid Authentication
 - Identity Protection
 - Invited Users
+- MIM Service
+- MyApps
 - PIM
 - Self-service Group Management
 - Self-service Password Management
@@ -115,7 +119,11 @@ The **Category** filter enables you to select one of the following filters:
 - DirectoryManagement
 - EntitlementManagement
 - GroupManagement
+- KerberosDomain
+- KeyManagement
+- Label
 - Other
+- PermissionGrantPolicy
 - Policy
 - ResourceManagement
 - RoleManagement
@@ -131,14 +139,13 @@ The **Status** filter allows you to filter based on the status of an audit opera
 - Success
 - Failure
 
-The **Target** filter allows you to search for a particular target by name or user principal name (UPN). The target name and UPN are case-sensitive. 
+The **Target** filter allows you to search for a particular target by the starting of the name or user principal name (UPN). The target name and UPN are case-sensitive. 
 
-The **Initiated by** filter enables you to define an actor's name or a universal principal name (UPN). The name and UPN are case-sensitive.
+The **Initiated by** filter enables you to define what an actor's name or a universal principal name (UPN) starts with. The name and UPN are case-sensitive.
 
 The **Date range** filter enables to you to define a timeframe for the returned data.  
 Possible values are:
 
-- 1 month
 - 7 days
 - 24 hours
 - Custom
@@ -176,11 +183,11 @@ With user and group-based audit reports, you can get answers to questions such a
 
 - What licenses have been assigned to a group or a user?
 
-If you want to review only auditing data that is related to users, you can find a filtered view under **Audit logs** in the **Activity** section of the **Users** tab. This entry point has **UserManagement** as preselected category.
+If you want to review only auditing data that is related to users, you can find a filtered view under **Audit logs** in the **Monitoring** section of the **Users** tab. This entry point has **UserManagement** as preselected category.
 
 ![Audit logs](./media/concept-audit-logs/users.png "Audit logs")
 
-If you want to review only auditing data that is related to groups, you can find a filtered view under **Audit logs** in the **Activity** section of the **Groups** tab. This entry point has **GroupManagement** as preselected category.
+If you want to review only auditing data that is related to groups, you can find a filtered view under **Audit logs** in the **Monitoring** section of the **Groups** tab. This entry point has **GroupManagement** as preselected category.
 
 ![Audit logs](./media/concept-audit-logs/groups.png "Audit logs")
 

articles/aks/operator-best-practices-storage.md

@@ -31,7 +31,7 @@ The following table outlines the available storage types and their capabilities:
 |----------|---------------|-----------------|----------------|-----------------|--------------------|
 | Shared configuration       | Azure Files   | Yes | Yes | Yes | Yes |
 | Structured app data        | Azure Disks   | Yes | No  | No  | Yes |
-| Unstructured data, file system operations | [BlobFuse (preview)][blobfuse] | Yes | Yes | Yes | No |
+| Unstructured data, file system operations | [BlobFuse][blobfuse] | Yes | Yes | Yes | No |
 
 The two primary types of storage provided for volumes in AKS are backed by Azure Disks or Azure Files. To improve security, both types of storage use Azure Storage Service Encryption (SSE) by default that encrypts data at rest. Disks cannot currently be encrypted using Azure Disk Encryption at the AKS node level.
 

articles/aks/private-clusters.md

@@ -51,6 +51,18 @@ The control plane or API server is in an Azure Kubernetes Service (AKS)-managed
 * West US 2
 * East US 2
 
+## Currently Supported Availability Zones
+
+* Central US
+* East US
+* East US 2
+* France Central
+* Japan East
+* North Europe
+* Southeast Asia
+* UK South
+* West Europe
+* West US 2
 
 ## Install the latest Azure CLI AKS Preview extension
 
@@ -111,6 +123,7 @@ Where *--enable-private-cluster* is a mandatory flag for a private cluster.
 > If the Docker bridge address CIDR (172.17.0.1/16) clashes with the subnet CIDR, change the Docker bridge address appropriately.
 
 ## Connect to the private cluster
+
 The API server endpoint has no public IP address. Consequently, you must create an Azure virtual machine (VM) in a virtual network and connect to the API server. To do so, do the following:
 
 1. Get credentials to connect to the cluster.
@@ -144,7 +157,8 @@ The API server endpoint has no public IP address. Consequently, you must create
 * To use a custom DNS server, deploy an AD server with DNS to forward to this IP 168.63.129.16
 
 ## Limitations 
-* Availability Zones are currently only supported for East US 2 and West US 2 regions
+* IP authorized ranges cannot be applied to the private api server endpoint, they only apply to the public API server
+* Availability Zones are currently supported for certain regions, see the beginning of this document 
 * [Azure Private Link service limitations][private-link-service] apply to private clusters, Azure private endpoints, and virtual network service endpoints, which aren't currently supported in the same virtual network.
 * No support for virtual nodes in a private cluster to spin private Azure Container Instances (ACI) in a private Azure virtual network
 * No support for Azure DevOps integration out of the box with private clusters

articles/api-management/configure-custom-domain.md

@@ -49,7 +49,8 @@ To perform the steps described in this article, you must have:
     - **Gateway** (default is: `<apim-service-name>.azure-api.net`),
     - **Portal** (default is: `<apim-service-name>.portal.azure-api.net`),
     - **Management** (default is: `<apim-service-name>.management.azure-api.net`),
-    - **SCM** (default is: `<apim-service-name>.scm.azure-api.net`).
+    - **SCM** (default is: `<apim-service-name>.scm.azure-api.net`),
+    - **NewPortal** (default is: `<apim-service-name>.developer.azure-api.net`).
 
     > [!NOTE]
     > Only the **Gateway** endpoint is available for configuration in the Consumption tier.