Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into us1669724q

Author: TimShererWithAquent

.openpublishing.redirection.json

@@ -18559,6 +18559,11 @@
       "redirect_url": "/azure/virtual-machines/workloads/redhat/redhat-rhui",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/linux/rhel-images.md",
+      "redirect_url": "/azure/virtual-machines/workloads/redhat/redhat-images",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machine-scale-sets/virtual-machine-scale-sets-advanced-autoscale.md",
       "redirect_url": "/azure/monitoring-and-diagnostics/insights-advanced-autoscale-virtual-machine-scale-sets",
@@ -49604,6 +49609,11 @@
       "source_path": "articles/postgresql/howto-tls-configurations.md",
       "redirect_url": "/azure/postgresql/concepts-ssl-connection-security",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/lab-services/classroom-labs/class-type-deep-learning-natural-processing.md", 
+      "redirect_url": "/azure/lab-services/classroom-labs/class-type-deep-learning-natural-language-processing", 
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/02/2020
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -68,10 +68,12 @@ The following sections list available claim resolvers.
 | {OIDC:LoginHint} |  The `login_hint` query string parameter. | [email protected] |
 | {OIDC:MaxAge} | The `max_age`. | N/A |
 | {OIDC:Nonce} |The `Nonce`  query string parameter. | defaultNonce |
+| {OIDC:Password}| The [resource owner password credentials flow](ropc-custom.md) user's password.| password1| 
 | {OIDC:Prompt} | The `prompt` query string parameter. | login |
+| {OIDC:RedirectUri} |The `redirect_uri`  query string parameter. | https://jwt.ms |
 | {OIDC:Resource} |The `resource`  query string parameter. | N/A |
 | {OIDC:scope} |The `scope`  query string parameter. | openid |
-| {OIDC:RedirectUri} |The `redirect_uri`  query string parameter. | https://jwt.ms |
+| {OIDC:Username}| The [resource owner password credentials flow](ropc-custom.md) user's username.| [email protected]| 
 
 ### Context
 
@@ -90,7 +92,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 
 | Claim | Description | Example |
 | ----- | ----------------------- | --------|
-| {OAUTH-KV:campaignId} | A query string parameter. | hawaii |
+| {OAUTH-KV:campaignId} | A query string parameter. | Hawaii |
 | {OAUTH-KV:app_session} | A query string parameter. | A3C5R |
 | {OAUTH-KV:loyalty_number} | A query string parameter. | 1234 |
 | {OAUTH-KV:any custom query string} | A query string parameter. | N/A |
@@ -108,7 +110,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | ----- | ----------- | --------|
 | {SAML:AuthnContextClassReferences} | The `AuthnContextClassRef` element value, from the SAML request. | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
 | {SAML:NameIdPolicyFormat} | The `Format` attribute, from the `NameIDPolicy` element of the SAML request. | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
-| {SAML:Issuer} |  The SAML `Issuer` element value of the SAML request.| https://contoso.com |
+| {SAML:Issuer} |  The SAML `Issuer` element value of the SAML request.| `https://contoso.com` |
 | {SAML:AllowCreate} | The `AllowCreate` attribute value, from the `NameIDPolicy` element of the SAML request. | True |
 | {SAML:ForceAuthn} | The `ForceAuthN` attribute value, from the `AuthnRequest` element of the SAML request. | True |
 | {SAML:ProviderName} | The `ProviderName` attribute value, from the `AuthnRequest` element of the SAML request.| Contoso.com |
@@ -139,7 +141,7 @@ Settings:
 
 ### RESTful technical profile
 
-In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on these claims the REST API can run custom business logic, and if necessary raise a localized error message.
+In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on the claims the REST API can run custom business logic, and if necessary raise a localized error message.
 
 The following example shows a RESTful technical profile with this scenario:
 
@@ -171,7 +173,7 @@ Using claim resolvers, you can prepopulate the sign-in name or direct sign-in to
 
 Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
 
-The following example passes in the query string parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
+The following example passes in the query string parameter named **campaignId** with a value of `Hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
 
 ```XML
 <UserJourneyBehaviors>

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/27/2020
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -333,7 +333,7 @@ The last step is to enable Azure AD B2C as a SAML IdP in your SAML relying party
 Some or all the following are typically required:
 
 * **Metadata**: `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name/Samlp/metadata`
-* **Issuer**:   `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name`
+* **Issuer**:   Use the entityID in the metadata file
 * **Login Url/SAML endpoint/SAML Url**: Check the value in the metadata file
 * **Certificate**: This is *B2C_1A_SamlIdpCert*, but without the private key. To get the public key of the certificate:
 
@@ -350,7 +350,7 @@ To complete this tutorial using our [SAML Test Application][samltest]:
 * Update policy name, for example *B2C_1A_signup_signin_saml*
 * Specify this issuer URI: `https://contoso.onmicrosoft.com/app-name`
 
-Select **Login** and you should be presented with an end user sign-in screen. Upon sign-in, a SAML assertion is issued back to the sample application.
+Select **Login** and you should be presented with a user sign-in screen. Upon sign-in, a SAML assertion is issued back to the sample application.
 
 ## Sample policy
 
@@ -371,7 +371,8 @@ The following SAML relying party (RP) scenarios are supported via your own metad
 
 ## Next steps
 
-You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
+- You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
+- Get the SAML test web app from [Azure AD B2C GitHub community repo](https://github.com/azure-ad-b2c/saml-sp-tester).
 
 <!-- LINKS - External -->
 [samltest]: https://aka.ms/samltestapp

articles/active-directory-b2c/contentdefinitions.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/17/2020
+ms.date: 02/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -66,7 +66,7 @@ The **ContentDefinition** element contains the following elements:
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
 | LoadUri | 1:1 | A string that contains the URL of the HTML5 page for the content definition. |
-| RecoveryUri | 1:1 | A string that contains the URL of the HTML page for displaying an error relating to the content definition. |
+| RecoveryUri | 1:1 | A string that contains the URL of the HTML page for displaying an error relating to the content definition. Not currently used, the value must be `~/common/default_page_error.html`. |
 | DataUri | 1:1 | A string that contains the relative URL of an HTML file that provides the user experience to invoke for the step. |
 | Metadata | 0:1 | A collection of key/value pairs that contains the metadata utilized by the content definition. |
 | LocalizedResourcesReferences | 0:1 | A collection of localized resources references. Use this element to customize the localization of a user interface and claims attribute. |

articles/active-directory-b2c/customize-ui-overview.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/30/2020
+ms.date: 03/19/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -80,6 +80,7 @@ Review the following guidance before using your own HTML and CSS files to custom
   - Limited support for Internet Explorer 9 and 8
   - Google Chrome 42.0 and above
   - Mozilla Firefox 38.0 and above
+  - Safari for iOS and macOS, version 12 and above
 - Don't include **form tags** in your HTML. Form tags interfere with the POST operations generated by the HTML injected by Azure AD B2C.
 
 ### Where do I store UI content?

articles/active-directory-b2c/identity-provider-twitter-custom.md

@@ -32,7 +32,7 @@ To use Twitter as an identity provider in Azure AD B2C, you need to create a Twi
 1. Sign in to the [Twitter Developers](https://developer.twitter.com/en/apps) website with your Twitter account credentials.
 2. Select  **Create an app**.
 3. Enter an **App name** and an **Application description**.
-4. In **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, https://contosob2c.b2clogin.com.
+4. In **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`.
 5. For the **Callback URL**, enter `https://your-tenant.b2clogin.com/your-tenant.onmicrosoft.com/your-policy-Id/oauth1/authresp`. Replace `your-tenant` with the name of your tenant name and `your-policy-Id` with the identifier of your policy. For example, `b2c_1A_signup_signin_twitter`. You need to use all lowercase letters when entering your tenant name even if the tenant is defined with uppercase letters in Azure AD B2C.
 6. At the bottom of the page, read and accept the terms, and then select **Create**.
 7. On the **App details** page, select **Edit > Edit details**, check the box for **Enable Sign in with Twitter**, and then select **Save**.

articles/active-directory-b2c/identity-provider-twitter.md

@@ -23,7 +23,7 @@ To use Twitter as an identity provider in Azure AD B2C, you need to create a Twi
 1. Sign in to the [Twitter Developers](https://developer.twitter.com/en/apps) website with your Twitter account credentials.
 1. Select  **Create an app**.
 1. Enter an **App name** and an **Application description**.
-1. In **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, https://contosob2c.b2clogin.com.
+1. In **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`.
 1. For the **Callback URL**, enter `https://your-tenant.b2clogin.com/your-tenant.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Replace `your-tenant` with the name of your tenant name and `your-user-flow-Id` with the identifier of your user flow. For example, `b2c_1A_signup_signin_twitter`. You need to use all lowercase letters when entering your tenant name and user flow id even if they are defined with uppercase letters in Azure AD B2C.
 1. At the bottom of the page, read and accept the terms, and then select **Create**.
 1. On the **App details** page, select **Edit > Edit details**, check the box for **Enable Sign in with Twitter**, and then select **Save**.

articles/active-directory/app-provisioning/export-import-provisioning-configuration.md

@@ -1,6 +1,6 @@
 ---
-title: 'Export or import your provisioning configuration by using the Microsoft Graph API | Microsoft Docs'
-description: Learn how to export and import provisioning configuration using the Microsoft Graph API.
+title: 'Export your provisioning configuration and roll back to a known good state for disaster recovery.| Microsoft Docs'
+description: Learn how to export your provisioning configuration and roll back to a known good state for disaster recovery.
 services: active-directory
 author: cmmdesai
 documentationcenter: na
@@ -13,23 +13,39 @@ ms.devlang: na
 ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 09/09/2019
+ms.date: 03/19/2020
 ms.author: chmutali
 
 ms.collection: M365-identity-device-management
 ---
-# Export or import your provisioning configuration by using the Microsoft Graph API
+# Export your provisioning configuration and roll back to a known good state
 
+## Export and import your provisioning configuration from the Azure portal
+
+### How can I export my provisioning configuration?
+To export your configuration:
+1. In the [Azure portal](https://portal.azure.com/), on the left navigation panel, select **Azure Active Directory**.
+2. In the **Azure Active Directory** pane, select **Enterprise applications** and choose your application.
+3. In the left navigation pane, select **provisioning**. From the provisioning configuration page, click on **attribute mappings**, then **show advanced options**, and finally **review your schema**. This will take you to the schema editor. 
+5. Click on download in the command bar at the top of the page to download your schema.
+
+### Disaster recovery - roll back to a known good state
+Exporting and saving your configuration allows you to roll back to a previous version of your configuration. We recommend exporting your provisioning configuration and saving it for later use anytime you make a change to your attribute mappings or scoping filters. All you need to do is open up the JSON file that you downloaded in the steps above, copy the entire contents of the JSON file, replace the entire contents of the JSON payload in the schema editor, and then save. If there is an active provisioning cycle, it will complete and the next cycle will use the updated schema. The next cycle will also be an initial cycle, which reevaluates every user and group based on the new configuration. Consider the following when rolling back to a previous configuration:
+* Users will be evaluated again to determine if they should be in scope. If the scoping filters have changed a user is not in scope any more they will be disabled. While this is the desired behavior in most cases, there are times where you may want to prevent this and can use the [skip out of scope deletions](https://docs.microsoft.com/azure/active-directory/app-provisioning/skip-out-of-scope-deletions) functionality. 
+* Changing your provisioning configuration restarts the service and triggers an [initial cycle](https://docs.microsoft.com/azure/active-directory/app-provisioning/how-provisioning-works#provisioning-cycles-initial-and-incremental).
+
+
+## Export and import your provisioning configuration by using the Microsoft Graph API
 You can use the Microsoft Graph API and the Microsoft Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration. 
 
-## Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
+### Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
 
-1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your  provisioning application. For e.g. if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app. 
+1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your  provisioning application. For example, if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app. 
 1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Microsoft Graph Explorer operations.
 
    ![Workday App Service Principal ID](./media/export-import-provisioning-configuration/wd_export_01.png)
 
-## Step 2: Sign into Microsoft Graph Explorer
+### Step 2: Sign into Microsoft Graph Explorer
 
 1. Launch [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
 1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Admin or App Admin credentials.
@@ -38,7 +54,7 @@ You can use the Microsoft Graph API and the Microsoft Graph Explorer to export y
 
 1. Upon successful sign-in, you will see the user account details in the left-hand pane.
 
-## Step 3: Retrieve the Provisioning Job ID of the Provisioning App
+### Step 3: Retrieve the Provisioning Job ID of the Provisioning App
 
 In the Microsoft Graph Explorer, run the following GET query replacing [servicePrincipalId]  with the **ServicePrincipalId** extracted from the [Step 1](#step-1-retrieve-your-provisioning-app-service-principal-id-object-id).
 
@@ -50,7 +66,7 @@ You will get a response as shown below. Copy the "id attribute" present in the r
 
    [![Provisioning Job ID](./media/export-import-provisioning-configuration/wd_export_03.png)](./media/export-import-provisioning-configuration/wd_export_03.png#lightbox)
 
-## Step 4: Download the Provisioning Schema
+### Step 4: Download the Provisioning Schema
 
 In the Microsoft Graph Explorer, run the following GET query, replacing [servicePrincipalId] and [ProvisioningJobId] with the ServicePrincipalId and the ProvisioningJobId retrieved in the previous steps.
 
@@ -60,7 +76,7 @@ In the Microsoft Graph Explorer, run the following GET query, replacing [service
 
 Copy the JSON object from the response and save it to a file to create a backup of the schema.
 
-## Step 5: Import the Provisioning Schema
+### Step 5: Import the Provisioning Schema
 
 > [!CAUTION]
 > Perform this step only if you need to modify the schema for configuration that cannot be changed using the Azure portal or if you need to restore the configuration from a previously backed up file with valid and working schema.

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -788,7 +788,7 @@ Applications that support the SCIM profile described in this article can be conn
    ![Example: An app's Provisioning page in the Azure portal](media/use-scim-to-provision-users-and-groups/scim-figure-2b.png)<br/>
    *Configuring provisioning in the Azure portal*
 
-7. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: https://api.contoso.com/scim/
+7. In the **Tenant URL** field, enter the URL of the application's SCIM endpoint. Example: `https://api.contoso.com/scim/`
 8. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional **Secret Token** field. If this field is left blank, Azure AD includes an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD-issued token. 
    > [!NOTE]
    > It's ***not*** recommended to leave this field blank and rely on a token generated by Azure AD. This option is primarily available for testing purposes.

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -300,7 +300,7 @@ This error could be due to one of several reasons. Use these steps to help troub
 1. Restart your NPS server.
 2. Verify that client cert is installed as expected.
 3. Verify that the certificate is associated with your tenant on Azure AD.
-4. Verify that https://login.microsoftonline.com/ is accessible from the server running the extension.
+4. Verify that `https://login.microsoftonline.com/` is accessible from the server running the extension.
 
 ---