Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into acrfix

Author: dlepow

.openpublishing.redirection.json

@@ -3732,7 +3732,12 @@
     },
     {
       "source_path": "articles/azure-resource-manager/resource-group-create-multiple.md",
-      "redirect_url": "/azure/azure-resource-manager/templates/create-multiple-instances",
+      "redirect_url": "/azure/azure-resource-manager/templates/copy-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/azure-resource-manager/templates/create-multiple-instances.md",
+      "redirect_url": "/azure/azure-resource-manager/templates/copy-resources",
       "redirect_document_id": false
     },
     {
@@ -4662,7 +4667,7 @@
     },
     {
       "source_path": "articles/resource-group-create-multiple.md",
-      "redirect_url": "/azure/azure-resource-manager/templates/create-multiple-instances",
+      "redirect_url": "/azure/azure-resource-manager/templates/copy-resources",
       "redirect_document_id": false
     },
     {
@@ -12037,7 +12042,7 @@
     },
     {
       "source_path": "articles/azure-resource-manager/resource-manager-property-copy.md",
-      "redirect_url": "/azure/azure-resource-manager/templates/create-multiple-instances",
+      "redirect_url": "/azure/azure-resource-manager/templates/copy-properties",
       "redirect_document_id": false
     },
     {
@@ -12047,7 +12052,7 @@
     },
     {
       "source_path": "articles/azure-resource-manager/resource-manager-sequential-loop.md",
-      "redirect_url": "/azure/azure-resource-manager/templates/create-multiple-instances",
+      "redirect_url": "/azure/azure-resource-manager/templates/copy-resources",
       "redirect_document_id": false
     },
     {

CODEOWNERS

@@ -1,6 +1,6 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
 # Cognitive Services
-articles/cognitive-services/ @diberry @erhopf, @nitinme
+articles/cognitive-services/ @diberry @erhopf @aahill @ievangelist @patrickfarley @nitinme
 
 # DevOps
 articles/ansible/ @TomArcherMsft

articles/active-directory-b2c/claim-resolver-overview.md

@@ -102,7 +102,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 
 ## Using claim resolvers 
 
-You can use claims resolvers with following elements: 
+You can use claims resolvers with the following elements: 
 
 | Item | Element | Settings |
 | ----- | ----------------------- | --------|
@@ -119,16 +119,16 @@ You can use claims resolvers with following elements:
 |[RelyingParty](relyingparty.md#technicalprofile) technical profile| `OutputClaim`| 2 |
 
 Settings: 
-1. The `IncludeClaimResolvingInClaimsHandling` metadata must set to `true`
-1. The input or output claims attribute `AlwaysUseDefaultValue` must set to `true`
+1. The `IncludeClaimResolvingInClaimsHandling` metadata must be set to `true`.
+1. The input or output claims attribute `AlwaysUseDefaultValue` must be set to `true`.
 
-## How to use claim resolvers
+## Claim resolvers samples
 
 ### RESTful technical profile
 
 In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on these claims the REST API can run custom business logic, and if necessary raise a localized error message.
 
-The following example shows a RESTful technical profile:
+The following example shows a RESTful technical profile with this scenario:
 
 ```XML
 <TechnicalProfile Id="REST">
@@ -138,12 +138,13 @@ The following example shows a RESTful technical profile:
     <Item Key="ServiceUrl">https://your-app.azurewebsites.net/api/identity</Item>
     <Item Key="AuthenticationType">None</Item>
     <Item Key="SendClaimsIn">Body</Item>
+    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
   </Metadata>
   <InputClaims>
-    <InputClaim ClaimTypeReferenceId="userLanguage" DefaultValue="{Culture:LCID}" />
-    <InputClaim ClaimTypeReferenceId="policyName" DefaultValue="{Policy:PolicyId}" />
-    <InputClaim ClaimTypeReferenceId="scope" DefaultValue="{OIDC:scope}" />
-    <InputClaim ClaimTypeReferenceId="clientId" DefaultValue="{OIDC:ClientId}" />
+    <InputClaim ClaimTypeReferenceId="userLanguage" DefaultValue="{Culture:LCID}" AlwaysUseDefaultValue="true" />
+    <InputClaim ClaimTypeReferenceId="policyName" DefaultValue="{Policy:PolicyId}" AlwaysUseDefaultValue="true" />
+    <InputClaim ClaimTypeReferenceId="scope" DefaultValue="{OIDC:scope}" AlwaysUseDefaultValue="true" />
+    <InputClaim ClaimTypeReferenceId="clientId" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />
   </InputClaims>
   <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
 </TechnicalProfile>
@@ -155,9 +156,9 @@ Using claim resolvers, you can prepopulate the sign-in name or direct sign-in to
 
 ### Dynamic UI customization
 
-Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints so that you can dynamically render the page content. For example, you can change the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization-dynamic.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
+Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization-dynamic.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
 
-The following example passes in the query string a parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
+The following example passes in the query string parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
 
 ```XML
 <UserJourneyBehaviors>
@@ -169,12 +170,23 @@ The following example passes in the query string a parameter named **campaignId*
 </UserJourneyBehaviors>
 ```
 
-As a result Azure AD B2C sends the above parameters to the HTML content page:
+As a result, Azure AD B2C sends the above parameters to the HTML content page:
 
 ```
 /selfAsserted.aspx?campaignId=hawaii&language=en-US&app=0239a9cc-309c-4d41-87f1-31288feb2e82
 ```
 
+### Content definition
+
+In a [ContentDefinition](contentdefinitions.md) `LoadUri`, you can send claim resolvers to pull content from different places, based on the parameters used. 
+
+```XML
+<ContentDefinition Id="api.signuporsignin">
+  <LoadUri>https://contoso.blob.core.windows.net/{Culture:LanguageName}/myHTML/unified.html</LoadUri>
+  ...
+</ContentDefinition>
+```
+
 ### Application Insights technical profile
 
 With Azure Application Insights and claim resolvers you can gain insights on user behavior. In the Application Insights technical profile, you send input claims that are persisted to Azure Application Insights. For more information, see [Track user behavior in Azure AD B2C journeys by using Application Insights](analytics-with-application-insights.md). The following example sends the policy ID, correlation ID, language, and the client ID to Azure Application Insights.
@@ -192,3 +204,28 @@ With Azure Application Insights and claim resolvers you can gain insights on use
   </InputClaims>
 </TechnicalProfile>
 ```
+
+### Relying party policy
+
+In a [Relying party](relyingparty.md) policy technical profile, you may want to send the tenant ID, or correlation ID to the relying party application within the JWT. 
+
+```XML
+<RelyingParty>
+    <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
+    <TechnicalProfile Id="PolicyProfile">
+      <DisplayName>PolicyProfile</DisplayName>
+      <Protocol Name="OpenIdConnect" />
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="displayName" />
+        <OutputClaim ClaimTypeReferenceId="givenName" />
+        <OutputClaim ClaimTypeReferenceId="surname" />
+        <OutputClaim ClaimTypeReferenceId="email" />
+        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
+        <OutputClaim ClaimTypeReferenceId="identityProvider" />
+        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
+        <OutputClaim ClaimTypeReferenceId="correlationId" AlwaysUseDefaultValue="true" DefaultValue="{Context:CorrelationId}" />
+      </OutputClaims>
+      <SubjectNamingInfo ClaimType="sub" />
+    </TechnicalProfile>
+  </RelyingParty>
+```

articles/active-directory-b2c/phone-number-claims-transformations.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 02/14/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -28,7 +28,8 @@ This claim validates the format of the phone number. If it is in a valid format,
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| InputClaim | inputClaim | string | The claim of string type converting from. |
+| InputClaim | phoneNumberString | string |  The string claim for the phone number. The phone number has to be in international format, complete with a leading "+" and country code. If input claim `country` is provided, the phone number is in local format (without the country code). |
+| InputClaim | country | string | [Optional] The string claim for the country code of the phone number in ISO3166 format (the two-letter ISO-3166 country code). |
 | OutputClaim | outputClaim | phoneNumber | The result of this claims transformation. |
 
 The **ConvertStringToPhoneNumberClaim** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md) or [display control](display-controls.md). The **UserMessageIfClaimsTransformationInvalidPhoneNumber** self-asserted technical profile metadata controls the error message that is presented to the user.
@@ -40,7 +41,8 @@ You can use this claims transformation to ensure that the provided string claim
 ```XML
 <ClaimsTransformation Id="ConvertStringToPhoneNumber" TransformationMethod="ConvertStringToPhoneNumberClaim">
   <InputClaims>
-    <InputClaim ClaimTypeReferenceId="phoneString" TransformationClaimType="inputClaim" />
+    <InputClaim ClaimTypeReferenceId="phoneString" TransformationClaimType="phoneNumberString" />
+    <InputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="country" />
   </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="outputClaim" />
@@ -59,11 +61,19 @@ The self-asserted technical profile that calls the validation technical profile
 </TechnicalProfile>
 ```
 
-### Example
+### Example 1
 
 - Input claims:
-  - **inputClaim**: +1 (123) 456-7890
+  - **phoneNumberString**: 045 456-7890
+  - **country**: DK
 - Output claims:
+  - **outputClaim**: +450546148120
+
+### Example 2
+
+- Input claims:
+  - **phoneNumberString**: +1 (123) 456-7890
+- Output claims: 
   - **outputClaim**: +11234567890
 
 ## GetNationalNumberAndCountryCodeFromPhoneNumberString

articles/active-directory/app-provisioning/customize-application-attributes.md

@@ -296,7 +296,7 @@ Certain attributes such as phoneNumbers and emails are multi-value attributes wh
 
 ## Restoring the default attributes and attribute-mappings
 
-Should you need to start over and reset your existing mappings back to their default state, you can select the **Restore default mappings** check box and save the configuration. Doing so sets all mappings as if the application was just added to your Azure AD tenant from the application gallery.
+Should you need to start over and reset your existing mappings back to their default state, you can select the **Restore default mappings** check box and save the configuration. Doing so sets all mappings and scoping filters as if the application was just added to your Azure AD tenant from the application gallery.
 
 Selecting this option will effectively force a resynchronization of all users while the provisioning service is running.
 

articles/active-directory/develop/TOC.yml

@@ -7,6 +7,7 @@
   - name: Evolution of Microsoft identity platform
     href: about-microsoft-identity-platform.md  
 - name: Quickstarts
+  expanded: true
   items:
   - name: Set up a tenant
     href: quickstart-create-new-tenant.md
@@ -90,6 +91,7 @@
 - name: Samples
   href: sample-v2-code.md
 - name: Concepts
+  expanded: true
   items:
   - name: Authentication basics
     href: authentication-scenarios.md

articles/active-directory/develop/howto-convert-app-to-be-multi-tenant.md

@@ -172,7 +172,7 @@ In this article, you learned how to build an application that can sign in a user
 
 ## Related content
 
-* [Multi-tenant application samples](https://docs.microsoft.com/samples/browse/?products=azure-active-directory)
+* [Multi-tenant application sample](https://github.com/mspnp/multitenant-saas-guidance)
 * [Branding guidelines for applications][AAD-App-Branding]
 * [Application objects and service principal objects][AAD-App-SP-Objects]
 * [Integrating applications with Azure Active Directory][AAD-Integrating-Apps]

articles/active-directory/saas-apps/jamfprosamlconnector-tutorial.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: tutorial
-ms.date: 08/28/2019
+ms.date: 02/11/2020
 ms.author: jeedes
 
 ms.collection: M365-identity-device-management
@@ -151,16 +151,16 @@ In this section, you grant B.Simon access to Jamf Pro.
 
   b. Select the **Enable Single Sign-On Authentication** check box.
 
-	c. Select **Azure** as an option from the **Identity Provider** drop-down menu.
+  c. Select **Azure** as an option from the **Identity Provider** drop-down menu.
 
-	d. Copy the **ENTITY ID** value and paste it into the **Identifier (Entity ID)** field in the **Basic SAML Configuration** section in the Azure portal.
+  d. Copy the **ENTITY ID** value and paste it into the **Identifier (Entity ID)** field in the **Basic SAML Configuration** section in the Azure portal.
 
-	> [!NOTE]
-	> Use the value in the `<SUBDOMAIN>` field to complete the sign-on URL and reply URL in the **Basic SAML Configuration** section in the Azure portal.
+> [!NOTE]
+> Use the value in the `<SUBDOMAIN>` field to complete the sign-on URL and reply URL in the **Basic SAML Configuration** section in the Azure portal.
 
-	e. Select **Metadata URL** from the **Identity Provider Metadata Source** drop-down menu. In the field that appears, paste the **App Federation Metadata Url** value that you've copied from the Azure portal.
+  e. Select **Metadata URL** from the **Identity Provider Metadata Source** drop-down menu. In the field that appears, paste the **App Federation Metadata Url** value that you've copied from the Azure portal.
 
-	f. (Optional) Edit the token expiration value or select "Disable SAML token expiration".
+  f. (Optional) Edit the token expiration value or select "Disable SAML token expiration".
 
 7. On the same page, scroll down to the **User Mapping** section. Then, take the following steps.
 

articles/aks/TOC.yml

@@ -174,6 +174,8 @@
       href: internal-lb.md
     - name: Use a Standard Load Balancer
       href: load-balancer-standard.md
+    - name: Use a user defined route for egress
+      href: egress-outboundtype.md
     - name: Use a static IP address
       href: static-ip.md
     - name: Ingress