Merge branch 'master' of https://github.com/Microsoft/azure-docs-pr into azureadds-createui

Author: iainfoulds

.openpublishing.redirection.json

@@ -3821,7 +3821,7 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "articles/billing-mca-setup-account.md",
+      "source_path": "articles/billing/billing-mca-setup-account.md",
       "redirect_url": "/azure/billing/mca-setup-account",
       "redirect_document_id": false
     },
@@ -15810,6 +15810,16 @@
       "redirect_url": "/azure/traffic-manager/traffic-manager-manage-endpoints",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-encrypt-disks-cli.md",
+      "redirect_url": "/azure/virtual-machine-scale-sets/disk-encryption-cli",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-encrypt-disks-ps.md",
+      "redirect_url": "/azure/virtual-machine-scale-sets/disk-encryption-powershell",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-advanced-autoscale.md",
       "redirect_url": "/azure/monitoring-and-diagnostics/insights-advanced-autoscale-virtual-machine-scale-sets",
@@ -34614,11 +34624,6 @@
       "redirect_url": "/azure/cognitive-services/video-indexer/video-indexer-output-json-v2",
       "redirect_document_id": true
     },
-    {
-      "source_path": "articles/security/azure-security-disk-encryption.md",
-      "redirect_url": "/azure/security/azure-security-disk-encryption-overview",
-      "redirect_document_id": true
-    },
     {
       "source_path": "articles/active-directory/device-management-hybrid-azuread-joined-devices-setup.md",
       "redirect_url": "/azure/active-directory/devices/hybrid-azuread-join-manual-steps",
@@ -34718,6 +34723,26 @@
       "redirect_url": "/azure/active-directory/conditional-access/app-based-mfa",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/active-directory/conditional-access/howto-baseline-protect-administrators.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-baseline-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/howto-baseline-protect-azure.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-baseline-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/howto-baseline-protect-end-users.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-baseline-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/howto-baseline-protect-legacy-auth.md",
+      "redirect_url": "/azure/active-directory/conditional-access/concept-baseline-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory/active-directory-identityprotection-enable.md",
       "redirect_url": "/azure/active-directory/identity-protection/enable",
@@ -34893,6 +34918,56 @@
       "redirect_url": "/azure/aks/ssh",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-appendix.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-faq.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-linux.md",
+      "redirect_url": "/azure/virtual-machines/linux/disk-encryption-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-linux-aad.md",
+      "redirect_url": "/azure/virtual-machines/linux/disk-encryption-overview-aad",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-overview.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-prerequisites.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-prerequisites-aad.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-tsg.md",
+      "redirect_url": "/azure/security/fundamentals/azure-disk-encryption-vms-vmss",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-windows.md",
+      "redirect_url": "/azure/virtual-machines/linux/disk-encryption-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/azure-security-disk-encryption-windows-aad.md",
+      "redirect_url": "/azure/virtual-machines/linux/disk-encryption-overview-aad",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/luis/Home.md",
       "redirect_url": "/azure/cognitive-services/luis/what-is-luis",
@@ -34903,6 +34978,11 @@
       "redirect_url": "/azure/data-factory/monitor-using-azure-monitor",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/data-factory/concepts-data-flow-reference-node.md",
+      "redirect_url": "/azure/data-factory/data-flow-join",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/virtual-machines/linux/ansible-create-complete-vm.md",
       "redirect_url": "/azure/virtual-machines/linux/ansible-create-vm",
@@ -34920,7 +35000,7 @@
     },
     {
       "source_path": "articles/security-center/security-center-disk-encryption.md",
-      "redirect_url": "/azure/security/azure-security-disk-encryption-overview",
+      "redirect_url": "/azure/security-center/security-center-apply-disk-encryption",
       "redirect_document_id": false
     },
     {
@@ -42437,6 +42517,56 @@
       "source_path": "articles/storage/common/storage-import-export-tool-previewing-drive-usage-export-v1.md",
       "redirect_url": "/previous-versions/azure/storage/common/storage-import-export-tool-previewing-drive-usage-export-v1",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/security/fundamentals/abstract-network-security.md",
+      "redirect_url": "https://azure.microsoft.com/resources/azure-network-security/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/abstract-serverless-platform-security.md",
+      "redirect_url": "https://azure.microsoft.com/resources/azure-functions-serverless-platform-security/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/abstract-container-security.md",
+      "redirect_url": "https://azure.microsoft.com/resources/container-security-in-microsoft-azure/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/abstract-operational-security.md",
+      "redirect_url": "https://azure.microsoft.com/resources/azure-operational-security/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/abstract-develop-secure-apps.md",
+      "redirect_url": "https://azure.microsoft.com/resources/develop-secure-applications-on-azure/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/storage-overview.md",
+      "redirect_url": "/azure/storage/common/storage-security-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security/fundamentals/global-admin.md",
+      "redirect_url": "/azure/active-directory/authentication/multi-factor-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/istio-install.md",
+      "redirect_url": "/azure/aks/servicemesh-istio-install",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/istio-scenario-routing.md",
+      "redirect_url": "/azure/aks/servicemesh-istio-scenario-routing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/aks/consul-install.md",
+      "redirect_url": "/azure/aks/servicemesh-consul-install",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/active-directory-b2c-quickstarts-spa.md

@@ -21,10 +21,12 @@ Azure Active Directory B2C (Azure AD B2C) provides cloud identity management to
 
 ## Prerequisites
 
-- [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
-- Install [Node.js](https://nodejs.org/en/download/)
-- A social account from either Facebook, Google, or Microsoft.
-- [Download a zip file](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp/archive/master.zip) or clone the sample web app from GitHub.
+- [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload
+- [Node.js](https://nodejs.org/en/download/)
+- Social account from Facebook, Google, or Microsoft
+- Code sample from GitHub: [active-directory-b2c-javascript-msal-singlepageapp](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp)
+    
+    You can [download the zip archive](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp/archive/master.zip) or clone the repository:
 
     ```
     git clone https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp.git

articles/active-directory-b2c/active-directory-b2c-reference-oauth-code.md

@@ -168,7 +168,7 @@ POST {tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
 Host: {tenant}.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&client_secret=JqQX2PNo9bpM0uEihUPzyrh&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
+grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
 ```
 
 | Parameter | Required? | Description |
@@ -222,4 +222,4 @@ To try these requests yourself, complete the following steps. Replace the exampl
 
 1. [Create an Azure AD B2C directory](active-directory-b2c-get-started.md). Use the name of your directory in the requests.
 2. [Create an application](active-directory-b2c-app-registration.md) to obtain an application ID and a redirect URI. Include a native client in your app.
-3. [Create your user flows](active-directory-b2c-reference-policies.md) to obtain your user flow names.
+3. [Create your user flows](active-directory-b2c-reference-policies.md) to obtain your user flow names.

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -137,7 +137,7 @@ POST {tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
 Host: {tenant}.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_secret=<your-application-secret>
+grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
 ```
 
 | Parameter | Required | Description |
@@ -206,7 +206,7 @@ POST {tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1
 Host: {tenant}.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=openid offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_secret=<your-application-secret>
+grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=openid offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
 ```
 
 | Parameter | Required | Description |

articles/active-directory-b2c/active-directory-b2c-setup-commonaad-custom.md

@@ -79,7 +79,7 @@ You can define Azure AD as a claims provider by adding Azure AD to the **ClaimsP
           <Description>Login with your Contoso account</Description>
           <Protocol Name="OpenIdConnect"/>
           <Metadata>
-            <Item Key="METADATA">https://login.windows.net/common/.well-known/openid-configuration</Item>
+            <Item Key="METADATA">https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration</Item>
             <!-- Update the Client ID below to the Application ID -->
             <Item Key="client_id">00000000-0000-0000-0000-000000000000</Item>
             <Item Key="response_types">code</Item>
@@ -89,9 +89,9 @@ You can define Azure AD as a claims provider by adding Azure AD to the **ClaimsP
             <Item Key="UsePolicyInRedirectUri">false</Item>
             <Item Key="DiscoverMetadataByTokenIssuer">true</Item>
             <!-- The key below allows you to specify each of the Azure AD tenants that can be used to sign in. Update the GUIDs below for each tenant. -->
-            <Item Key="ValidTokenIssuerPrefixes">https://sts.windows.net/00000000-0000-0000-0000-000000000000,https://sts.windows.net/11111111-1111-1111-1111-111111111111</Item>
+            <Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000,https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111</Item>
             <!-- The commented key below specifies that users from any tenant can sign-in. Uncomment if you would like anyone with an Azure AD account to be able to sign in. -->
-            <!-- <Item Key="ValidTokenIssuerPrefixes">https://sts.windows.net/</Item> -->
+            <!-- <Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/</Item> -->
           </Metadata>
           <CryptographicKeys>
             <Key Id="client_secret" StorageReferenceId="B2C_1A_AADAppSecret"/>
@@ -125,17 +125,17 @@ You can define Azure AD as a claims provider by adding Azure AD to the **ClaimsP
 ### Restrict access
 
 > [!NOTE]
-> Using `https://sts.windows.net` as the value for **ValidTokenIssuerPrefixes** allows all Azure AD users to sign in to your application.
+> Using `https://login.microsoftonline.com/` as the value for **ValidTokenIssuerPrefixes** allows all Azure AD users to sign in to your application.
 
 You need to update the list of valid token issuers and restrict access to a specific list of Azure AD tenant users who can sign in.
 
-To obtain the values, look at the OpenID Connect discovery metadata for each of the Azure AD tenants that you would like to have users sign in from. The format of the metadata URL is similar to `https://login.windows.net/your-tenant/.well-known/openid-configuration`, where `your-tenant` is your Azure AD tenant name. For example:
+To obtain the values, look at the OpenID Connect discovery metadata for each of the Azure AD tenants that you would like to have users sign in from. The format of the metadata URL is similar to `https://login.microsoftonline.com/your-tenant/v2.0/.well-known/openid-configuration`, where `your-tenant` is your Azure AD tenant name. For example:
 
-`https://login.windows.net/fabrikam.onmicrosoft.com/.well-known/openid-configuration`
+`https://login.microsoftonline.com/fabrikam.onmicrosoft.com/v2.0/.well-known/openid-configuration`
 
 Perform these steps for each Azure AD tenant that should be used to sign in:
 
-1. Open your browser and go to the OpenID Connect metadata URL for the tenant. Find the **issuer** object and record its value. It should look similar to `https://sts.windows.net/00000000-0000-0000-0000-000000000000/`.
+1. Open your browser and go to the OpenID Connect metadata URL for the tenant. Find the **issuer** object and record its value. It should look similar to `https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/`.
 1. Copy and paste the value into the **ValidTokenIssuerPrefixes** key. Separate multiple issuers with a comma. An example with two issuers appears in the previous `ClaimsProvider` XML sample.
 
 ### Upload the extension file for verification

articles/active-directory-b2c/page-layout.md

@@ -64,6 +64,17 @@ To set up a page layout, use the following table to find **DataUri** values.
 
 Page layout packages are periodically updated to include fixes and improvements in their page elements. The following change log specifies the changes introduced in each version.
 
+### 1.2.0 
+- All pages
+  - Accessibility fixes
+  - You can now add the `data-preload="true"` attribute in your HTML tags to control the load order for CSS and JavaScript. Scenarios include:
+      - Use this on your CSS link to load the CSS at the same time as your HTML so that it doesn't 'flicker' between loading the files
+      - This attribute allows you to control the order in which your Script tags are fetched and executed before the page load
+  - Email field is now `type=email` and mobile keyboards will provide the correct suggestions
+  - Support for Chrome translate
+- Unified and self-asserted page
+  - The username/email and password fields now use the form HTML element.  This will now allow Edge and IE to properly save this information
+  
 ### 1.1.0
 
 - Exception page (globalexception)

articles/active-directory/authentication/TOC.yml

@@ -131,6 +131,8 @@
     href: howto-password-smart-lockout.md
   - name: Passwordless
     items: 
+      - name: Deploying passwordless
+        href: howto-authentication-passwordless-deployment.md
       - name: Passwordless security keys
         href: howto-authentication-passwordless-security-key.md
       - name: Passwordless phone sign-in