Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into dps-faq

Author: anaharris-ms

.github/workflows/stale.yml

@@ -19,7 +19,8 @@ jobs:
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
         operations-per-run: 1200
-        ascending: false
+        ascending: true
+        start-date: '2020-09-02'
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.active-directory.json

@@ -82,7 +82,7 @@
         },
         {
             "source_path": "articles/active-directory/user-help/multi-factor-authentication-end-user-first-time.md",
-            "redirect_url": "https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc",
+            "redirect_url": "https://support.microsoft.com/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a",
             "redirect_document_id": false
         },
         {
@@ -957,7 +957,7 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-facebook-at-work-provisioning-tutorial.md",
-            "redirect_url": "/azure/active-directory/active-directory-saas-workplacebyfacebook-provisioning-tutorial",
+            "redirect_url": "/azure/active-directory/saas-apps/workplace-by-facebook-provisioning-tutorial",
             "redirect_document_id": false
         },
         {
@@ -9887,7 +9887,7 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-saas-workplacebyfacebook-provisioning-tutorial.md",
-            "redirect_url": "/azure/active-directory/saas-apps/workplacebyfacebook-provisioning-tutorial",
+            "redirect_url": "/azure/active-directory/saas-apps/workplace-by-facebook-provisioning-tutorial",
             "redirect_document_id": true
         },
         {
@@ -10544,6 +10544,33 @@
             "source_path_from_root": "/articles/active-directory-b2c/troubleshoot-custom-policies.md",
             "redirect_url": "/azure/active-directory-b2c/troubleshoot",
             "redirect_document_id": false
-          }
+          },
+        {
+            "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-arm.md",
+            "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-arm",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli.md",
+            "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azcli",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md",
+            "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-powershell.md",
+            "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-powershell",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-rest.md",
+            "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-rest",
+            "redirect_document_id": false
+        }
+   
+         
     ]
-}
+}

.openpublishing.redirection.json

@@ -408,6 +408,21 @@
       "redirect_url": "/articles/frontdoor/front-door-quickstart-template-samples",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/frontdoor/standard-premium/concept-health-probes.md",
+      "redirect_url": "/articles/frontdoor/front-door-health-probes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/frontdoor/standard-premium/concept-ddos.md",
+      "redirect_url": "/articles/frontdoor/front-door-ddos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/frontdoor/standard-premium/geo-filtering.md",
+      "redirect_url": "/articles/frontdoor/front-door-geo-filtering",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-sql/database/doc-changes-updates-release-notes.md",
       "redirect_url": "/azure/azure-sql/database/doc-changes-updates-release-notes-whats-new",
@@ -5693,6 +5708,11 @@
       "redirect_url": "/azure/azure-arc/data/release-notes",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/azure-arc/data/reference/overview.md",
+      "redirect_url": "/azure/azure-arc/data/reference/reference-az-arcdata",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/azure-arc/data/create-data-controller-using-k8s-native-tools.md",
       "redirect_url": "/azure/azure-arc/data/create-data-controller-using-kubernetes-native-tools",

.openpublishing.redirection.security-benchmark.json

@@ -516,6 +516,11 @@
         "redirect_url": "/security/benchmark/azure/baselines/virtual-network-security-baseline",
         "redirect_document_id": false
     },
+    {
+        "source_path_from_root": "/articles/virtual-network/nat-gateway/nat-security-baseline.md",
+        "redirect_url": "/security/benchmark/azure/baselines/virtual-network-nat-security-baseline",
+        "redirect_document_id": false
+    },
     {
         "source_path_from_root": "/articles/virtual-network/nat-security-baseline.md",
         "redirect_url": "/security/benchmark/azure/baselines/virtual-network-nat-security-baseline",
@@ -526,6 +531,17 @@
         "redirect_url": "/security/benchmark/azure/baselines/virtual-wan-security-baseline",
         "redirect_document_id": false
     },
+    {
+        "source_path_from_root": "/articles/virtual-desktop/security-baseline.md",
+        "redirect_url": "/security/benchmark/azure/baselines/virtual-desktop-security-baseline",
+        "redirect_document_id": false
+    },
+    {
+        "source_path_from_root": "/articles/cloud-services/security-baseline.md",
+        "redirect_url": "/security/benchmark/azure/baselines/cloud-services-security-baseline",
+        "redirect_document_id": false
+    },
+
     {
         "source_path_from_root": "/articles/vpn-gateway/security-baseline.md",
         "redirect_url": "/security/benchmark/azure/baselines/vpn-gateway-security-baseline",

.openpublishing.redirection.synapse-analytics.json

@@ -64,6 +64,11 @@
             "source_path_from_root": "/articles/synapse-analytics/machine-learning/tutorial-spark-pool-filesystem-spec.md",
             "redirect_url": "/azure/synapse-analytics/spark/tutorial-spark-pool-filesystem-spec",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/synapse-analytics/security/synapse-workspace-managed-identity.md",
+            "redirect_url": "/azure/data-factory/data-factory-service-identity",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -247,8 +247,8 @@ After you deploy your REST API, set the metadata of the `REST-GetProfile` techni
 
 - **ServiceUrl**. Set the URL of the REST API endpoint.
 - **SendClaimsIn**. Specify how the input claims are sent to the RESTful claims provider.
-- **AuthenticationType**. Set the type of authentication being performed by the RESTful claims provider. 
-- **AllowInsecureAuthInProduction**. In a production environment, make sure to set this metadata to `true`
+- **AuthenticationType**. Set the type of authentication being performed by the RESTful claims provider such as `Basic` or `ClientCertificate` 
+- **AllowInsecureAuthInProduction**. In a production environment, make sure to set this metadata to `false`
 
 See the [RESTful technical profile metadata](restful-technical-profile.md#metadata) for more configurations.
 

articles/active-directory-b2c/add-api-connector.md

@@ -5,7 +5,7 @@ services: active-directory-b2c
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: how-to
-ms.date: 08/24/2021
+ms.date: 11/09/2021
 
 ms.author: kengaderdus
 author: kengaderdus
@@ -72,6 +72,7 @@ Content-type: application/json
      }
  ],
  "displayName": "John Smith",
+ "objectId": "11111111-0000-0000-0000-000000000000"
  "givenName":"John",
  "surname":"Smith",
  "jobTitle":"Supplier",
@@ -142,6 +143,7 @@ Content-type: application/json
      }
  ],
  "displayName": "John Smith",
+ "objectId": "11111111-0000-0000-0000-000000000000",
  "givenName":"John",
  "lastName":"Smith",
  "step": "PostFederationSignup",
@@ -195,6 +197,7 @@ Content-type: application/json
      }
  ],
  "displayName": "John Smith",
+ "objectId": "11111111-0000-0000-0000-000000000000",
  "givenName":"John",
  "surname":"Smith",
  "jobTitle":"Supplier",

articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -76,7 +76,7 @@ If you want to get the `family_name` and `given_name` claims from Azure AD, you
 1. Select **Add optional claim**.
 1. For the **Token type**, select **ID**.
 1. Select the optional claims to add, `family_name` and `given_name`.
-1. Click **Add**.
+1. Select **Add**. If **Turn on the Microsoft Graph email permission (required for claims to appear in token)** appears, enable it, and then select **Add** again.
 
 ## [Optional] Verify your app authenticity
 
@@ -97,8 +97,7 @@ If you want to get the `family_name` and `given_name` claims from Azure AD, you
     https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
     ```
 
-    For example, `https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration`.
-    For example, `https://login.microsoftonline.com/contoso.com/v2.0/.well-known/openid-configuration`.
+ For example, `https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration`. If you use a custom domain, replace `contoso.com` with your custom domain in `https://login.microsoftonline.com/contoso.com/v2.0/.well-known/openid-configuration`.
 
 1. For **Client ID**, enter the application ID that you previously recorded.
 1. For **Client secret**, enter the client secret that you previously recorded.
@@ -121,7 +120,8 @@ At this point, the Azure AD identity provider has been set up, but it's not yet
 
 1. In your Azure AD B2C tenant, select **User flows**.
 1. Click the user flow that you want to add the Azure AD identity provider.
-1. Under the **Social identity providers**, select **Contoso Azure AD**.
+1. Under **Settings**, select **Identity providers**
+1. Under **Custom identity providers**, select **Contoso Azure AD**.
 1. Select **Save**.
 1. To test your policy, select **Run user flow**.
 1. For **Application**, select a web application that you [previously registered](tutorial-register-applications.md). The **Reply URL** should show `https://jwt.ms`. 

articles/active-directory-b2c/partner-bloksec.md

@@ -21,8 +21,6 @@ zone_pivot_groups: b2c-policy-type
 
 ::: zone pivot="b2c-custom-policy"
 
-
-
 ::: zone-end
 
 In this sample tutorial, learn how to integrate Azure Active Directory (AD) B2C authentication with [BlokSec](https://bloksec.com/). BlokSec simplifies the end-user login experience by providing customers passwordless authentication and tokenless multifactor authentication (MFA). BlokSec protects customers against identity-centric cyber-attacks such as password stuffing, phishing, and man-in-the-middle attacks.
@@ -55,6 +53,7 @@ The following architecture diagram shows the implementation.
 Request a demo tenant with BlokSec by filling out [the form](https://bloksec.com/request-a-demo/). In the message field indicates that you would like to onboard with Azure AD B2C. Download and install the free BlokSec yuID mobile app from the app store. Once your demo tenant has been prepared, you'll receive an email. On your mobile device where the BlokSec application is installed, select the link to register your admin account with your yuID app.
 
 ::: zone pivot="b2c-user-flow"
+
 ## Prerequisites
 
 To get started, you'll need:
@@ -69,6 +68,7 @@ To get started, you'll need:
 ::: zone-end
 
 ::: zone pivot="b2c-custom-policy"
+
 ## Prerequisites
 
 To get started, you'll need:
@@ -112,10 +112,10 @@ To get started, you'll need:
 1. Sign-in to the [Azure portal](https://portal.azure.com/#home) as the global administrator of your Azure AD B2C tenant.
 1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C** 
-1. Navigate to **Dashboard > Azure Active Directory B2C > Identity providers**
-1. Select New **OpenID Connect Provider**
-1. Select **Add**
+1. Choose **All services** in the top-left corner of the Azure portal, then search for and select **Azure AD B2C**.
+1. Navigate to **Dashboard** > **Azure Active Directory B2C** > **Identity providers**.
+1. Select New **OpenID Connect Provider**.
+1. Select **Add**.
 
 ### Part 3 - Configure an Identity provider
 
@@ -126,14 +126,14 @@ To get started, you'll need:
 |Property  |Value  |
 |:---------|:---------|
 |Name     |Enter BlokSec yuID – Passwordless or a name of your choice|
-|Metadata URL|https://api.bloksec.io/oidc/.well-known/openid-configuration|         
+|Metadata URL| `https://api.bloksec.io/oidc/.well-known/openid-configuration` |
 |Client ID|The application ID from the BlokSec admin UI captured in **Part 1**|
 |Client Secret|The application Secret from the BlokSec admin UI captured in **Part 1**|
 |Scope|OpenID email profile|
 |Response type|Code|
 |Domain hint|yuID|
 
-1. Select **OK**
+1. Select **OK**.
 
 1. Select **Map this identity provider’s claims**.
 
@@ -177,13 +177,13 @@ You should now see BlokSec as a new OIDC Identity provider listed within your B2
 
 1. Select **Run user flow**
 
-1. In the form, enter the Replying URL, for example, https://jwt.ms
+1. In the form, enter the Replying URL, such as `https://jwt.ms`.
 
 1. The browser will be redirected to the BlokSec login page. Enter the account name registered during User registration. The user will receive a push notification to their mobile device where the BlokSec yuID application is installed; upon opening the notification, the user will be presented with an authentication challenge
 
-1. Once the authentication challenge is accepted, the browser will redirect the user to the replying URL.  
+1. Once the authentication challenge is accepted, the browser will redirect the user to the replying URL.
 
-## Next steps 
+## Next steps
 
 For additional information, review the following articles:
 
@@ -320,7 +320,8 @@ The following XML demonstrates the first two orchestration steps of a user journ
 
 The relying party policy, for example [SignUpSignIn.xml](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAndLocalAccounts/SignUpOrSignin.xml), specifies the user journey which Azure AD B2C will execute. Find the **DefaultUserJourney** element within relying party. Update the **ReferenceId** to match the user journey ID, in which you added the identity provider.
 
-In the following example, for the `CustomSignUpOrSignIn` user journey, the ReferenceId is set to `CustomSignUpOrSignIn`.  
+In the following example, for the `CustomSignUpOrSignIn` user journey, the ReferenceId is set to `CustomSignUpOrSignIn`.
+
 ```xml
 <RelyingParty>
   <DefaultUserJourney ReferenceId="CustomSignUpSignIn" />
@@ -346,12 +347,12 @@ Select **Upload Custom Policy**, and then upload the two policy files that you c
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
-## Next steps 
+## Next steps
 
 For additional information, review the following articles:
 
 - [Custom policies in Azure AD B2C](./custom-policy-overview.md)
 
 - [Get started with custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy)
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/technical-overview.md

@@ -118,7 +118,7 @@ Read the [User flows and custom policies overview](user-flow-overview.md) articl
 
 ## User interface
 
-In Azure AD B2C, you can craft your users' identity experiences so that the pages are shown blend seamlessly with the look and feel of your brand. You get nearly full control of the HTML and CSS content presented to your users when they proceed through your application's identity journeys. With this flexibility, you can maintain brand and visual consistency between your application and Azure AD B2C.
+In Azure AD B2C, you can craft your users' identity experiences so that the pages that are shown blend seamlessly with the look and feel of your brand. You get nearly full control of the HTML and CSS content presented to your users when they proceed through your application's identity journeys. With this flexibility, you can maintain brand and visual consistency between your application and Azure AD B2C.
 
 
 
@@ -132,7 +132,7 @@ For information on UI customization, see:
 
 ## Custom domain
 
-You can customize your Azure AD B2C domain in the redirect URLs for Azure AD B2C. Custom domain allows you to create a seamless experience so that the pages are shown blend seamlessly with the domain name of your application.
+You can customize your Azure AD B2C domain in the redirect URLs for Azure AD B2C. Custom domain allows you to create a seamless experience so that the pages that are shown blend seamlessly with the domain name of your application.
 
 ![Screenshots of Azure AD B2C custom domain](media/technical-overview/custom-domain.png)