Merge pull request #99329 from MicrosoftDocs/master

12/18 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -42208,6 +42208,11 @@
       "redirect_url": "/azure/iot-central/preview/quick-monitor-devices/",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/iot-central/core/overview-iot-options.md",
+      "redirect_url": "/azure/iot-fundamentals/iot-services-and-technologies/",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/iot-accelerators/iot-accelerators-arduino-iot-devkit-az3166-devkit-remote-monitoringV2.md",
       "redirect_url": "/azure/iot-accelerators/iot-accelerators-arduino-iot-devkit-az3166-devkit-remote-monitoring-v2",

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -271,6 +271,7 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 | {tenant} | Yes | Name of your Azure AD B2C tenant |
 | {policy} | Yes | The user flow that you want to use to sign the user out of your application. |
 | id_token_hint| No | A previously issued ID token to pass to the logout endpoint as a hint about the end user's current authenticated session with the client. The `id_token_hint` ensures that the `post_logout_redirect_uri` is a registered reply URL in your Azure AD B2C application settings. |
+| client_id | No* | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application.<br><br>\**This is required when using `Application` isolation SSO configuration and _Require ID Token_ in logout request is set to `No`.* |
 | post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you should not register this URL as a reply URL in your Azure AD B2C application settings. |
 | state | No | If a `state` parameter is included in the request, the same value should appear in the response. The application should verify that the `state` values in the request and response are identical. |
 

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -160,7 +160,7 @@ Now that your tenant can issue SAML assertions, you need to create the SAML rely
 
 1. Open the *SignUpOrSigninSAML.xml* file in your preferred editor.
 
-1. Change the `PolicyId` and `PublicPolicyUri` of the policy to _B2C_1A_signup_signin_saml_ and _http://tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml_ as seen below.
+1. Change the `PolicyId` and `PublicPolicyUri` of the policy to _B2C_1A_signup_signin_saml_ and `http://tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml` as seen below.
 
     ```XML
     <TrustFrameworkPolicy

articles/active-directory-b2c/custom-email.md

@@ -147,13 +147,14 @@ With a SendGrid account created and SendGrid API key stored in a Azure AD B2C po
     </html>
     ```
 
+1. Expand **Settings** on the left, and for **Email Subject**, enter `{{subject}}`.
 1. Select **Save Template**.
 1. Return to the **Transactional Templates** page by selecting the back arrow.
 1. Record the **ID** of template you created for use in a later step. For example, `d-989077fbba9746e89f3f6411f596fb96`. You specify this ID when you [add the claims transformation](#add-the-claims-transformation).
 
 ## Add Azure AD B2C claim types
 
-In your policy, add the following claim types.
+In your policy, add the following claim types to the `<ClaimsSchema>` element within `<BuildingBlocks>`.
 
 These claims types are necessary to generate and verify the email address using a one-time password (OTP) code.
 
@@ -174,6 +175,50 @@ These claims types are necessary to generate and verify the email address using
 </ClaimType>
 ```
 
+## Add the claims transformation
+
+Next, you need a claims transformation to output a JSON string claim that will be the body of the request sent to SendGrid.
+
+The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md).
+
+Add the following claims transformation to the `<ClaimsTransformations>` element within `<BuildingBlocks>`. Make the following updates to the claims transformation XML:
+
+* Update the `template_id` InputParameter value with the ID of the SendGrid transactional template you created earlier in [Create SendGrid template](#create-sendgrid-template).
+* Update the `from.email` address value. Use a valid email address to help prevent the verification email from being marked as spam.
+* Update the value of the `personalizations.0.dynamic_template_data.subject` subject line input parameter with a subject line appropriate for your organization.
+
+```XML
+<ClaimsTransformation Id="GenerateSendGridRequestBody" TransformationMethod="GenerateJson">
+  <InputClaims>
+    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
+    <InputClaim ClaimTypeReferenceId="otp" TransformationClaimType="personalizations.0.dynamic_template_data.otp" />
+    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.email" />
+  </InputClaims>
+  <InputParameters>
+    <!-- Update the template_id value with the ID of your SendGrid template. -->
+    <InputParameter Id="template_id" DataType="string" Value="d-989077fbba9746e89f3f6411f596fb96"/>
+    <InputParameter Id="from.email" DataType="string" Value="[email protected]"/>
+    <!-- Update with a subject line appropriate for your organization. -->
+    <InputParameter Id="personalizations.0.dynamic_template_data.subject" DataType="string" Value="Contoso account email verification code"/>
+  </InputParameters>
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="sendGridReqBody" TransformationClaimType="outputClaim"/>
+  </OutputClaims>
+</ClaimsTransformation>
+```
+
+## Add DataUri content definition
+
+Below the claims transformations within `<BuildingBlocks>`, add the following [ContentDefinition](contentdefinitions.md) to reference the version 2.0.0 data URI:
+
+```XML
+<ContentDefinitions>
+ <ContentDefinition Id="api.localaccountsignup">
+    <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.0.0</DataUri>
+  </ContentDefinition>
+</ContentDefinitions>
+```
+
 ## Create a DisplayControl
 
 A verification display control is used to verify the email address with a verification code that's sent to the user.
@@ -187,7 +232,7 @@ This example display control is configured to:
 
 ![Send verification code email action](media/custom-email/display-control-verification-email-action-01.png)
 
-Under [ClaimsSchema](claimsschema.md), add the following [DisplayControl](display-controls.md) of type [VerificationControl](display-control-verification.md) to your policy.
+Under content definitions, still within `<BuildingBlocks>`, add the following [DisplayControl](display-controls.md) of type [VerificationControl](display-control-verification.md) to your policy.
 
 ```XML
 <DisplayControls>
@@ -220,6 +265,8 @@ Under [ClaimsSchema](claimsschema.md), add the following [DisplayControl](displa
 
 The `GenerateOtp` technical profile generates a code for the email address. The `VerifyOtp` technical profile verifies the code associated with the email address. You can change the configuration of the format and the expiration of the one-time password. For more information about OTP technical profiles, see [Define a one-time password technical profile](one-time-password-technical-profile.md).
 
+Add the following technical profiles to the `<ClaimsProviders>` element.
+
 ```XML
 <ClaimsProvider>
   <DisplayName>One time password technical profiles</DisplayName>
@@ -266,6 +313,8 @@ The `GenerateOtp` technical profile generates a code for the email address. The
 
 This REST API technical profile generates the email content (using the SendGrid format). For more information about RESTful technical profiles, see [Define a RESTful technical profile](restful-technical-profile.md).
 
+As with the OTP technical profiles, add the following technical profiles to the `<ClaimsProviders>` element.
+
 ```XML
 <ClaimsProvider>
   <DisplayName>RestfulProvider</DisplayName>
@@ -293,85 +342,49 @@ This REST API technical profile generates the email content (using the SendGrid
 </ClaimsProvider>
 ```
 
-## Add the claims transformation
-
-Add the following claims transformation to output a JSON string claim that will be the body of the request sent to SendGrid. Make the following updates to the claims transformation XML:
-
-* Update the `template_id` InputParameter value with the ID of the SendGrid transactional template you created earlier in [Create SendGrid template](#create-sendgrid-template).
-* Update the value of the `personalizations.0.dynamic_template_data.subject` subject line input parameter with a subject line appropriate for your organization.
-
-The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md).
-
-```XML
-<ClaimsTransformation Id="GenerateSendGridRequestBody" TransformationMethod="GenerateJson">
-  <InputClaims>
-    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
-    <InputClaim ClaimTypeReferenceId="otp" TransformationClaimType="personalizations.0.dynamic_template_data.otp" />
-    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.email" />
-  </InputClaims>
-  <InputParameters>
-    <!-- Update the template_id value with the ID of your SendGrid template. -->
-    <InputParameter Id="template_id" DataType="string" Value="d-989077fbba9746e89f3f6411f596fb96"/>
-    <InputParameter Id="from.email" DataType="string" Value="[email protected]"/>
-    <!-- Update with a subject line appropriate for your organization. -->
-    <InputParameter Id="personalizations.0.dynamic_template_data.subject" DataType="string" Value="Contoso account email verification code"/>
-  </InputParameters>
-  <OutputClaims>
-    <OutputClaim ClaimTypeReferenceId="sendGridReqBody" TransformationClaimType="outputClaim"/>
-  </OutputClaims>
-</ClaimsTransformation>
-```
-
-## Add DataUri content definition
-
-Add the following ContentDefinition within BuildingBlocks to reference the version 2.0.0 data URI:
-
-```XML
-<ContentDefinitions>
- <ContentDefinition Id="api.localaccountsignup">
-    <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.0.0</DataUri>
-  </ContentDefinition>
-</ContentDefinitions>
-```
-
 ## Make a reference to the DisplayControl
 
 In the final step, add a reference to the DisplayControl you created. Replace your existing `LocalAccountSignUpWithLogonEmail` self-asserted technical profile with the following if you used an earlier version of Azure AD B2C policy. This technical profile uses `DisplayClaims` with a reference to the DisplayControl.
 
 For more information, see [Self-asserted technical profile](restful-technical-profile.md) and [DisplayControl](display-controls.md).
 
 ```XML
-<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
-  <DisplayName>Email signup</DisplayName>
-  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
-  <Metadata>
-    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
-    <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
-    <Item Key="language.button_continue">Create</Item>
-  </Metadata>
-  <InputClaims>
-    <InputClaim ClaimTypeReferenceId="email" />
-  </InputClaims>
-  <DisplayClaims>
-    <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
-    <DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
-    <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
-    <DisplayClaim ClaimTypeReferenceId="surName" Required="true" />
-    <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
-    <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
-  </DisplayClaims>
-  <OutputClaims>
-    <OutputClaim ClaimTypeReferenceId="email" Required="true" />
-    <OutputClaim ClaimTypeReferenceId="objectId" />
-    <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
-    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
-    <OutputClaim ClaimTypeReferenceId="newUser" />
-  </OutputClaims>
-  <ValidationTechnicalProfiles>
-    <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
-  </ValidationTechnicalProfiles>
-  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
-</TechnicalProfile>
+<ClaimsProvider>
+  <DisplayName>Local Account</DisplayName>
+  <TechnicalProfiles>
+    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
+      <DisplayName>Email signup</DisplayName>
+      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+      <Metadata>
+        <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
+        <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
+        <Item Key="language.button_continue">Create</Item>
+      </Metadata>
+      <InputClaims>
+        <InputClaim ClaimTypeReferenceId="email" />
+      </InputClaims>
+      <DisplayClaims>
+        <DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
+        <DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
+        <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
+        <DisplayClaim ClaimTypeReferenceId="surName" Required="true" />
+        <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
+        <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
+      </DisplayClaims>
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="email" Required="true" />
+        <OutputClaim ClaimTypeReferenceId="objectId" />
+        <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
+        <OutputClaim ClaimTypeReferenceId="authenticationSource" />
+        <OutputClaim ClaimTypeReferenceId="newUser" />
+      </OutputClaims>
+      <ValidationTechnicalProfiles>
+        <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
+      </ValidationTechnicalProfiles>
+      <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
+    </TechnicalProfile>
+  </TechnicalProfiles>
+</ClaimsProvider>
 ```
 
 ## Next steps

articles/active-directory-b2c/phone-authentication.md

@@ -60,7 +60,7 @@ As you upload each file, Azure adds the prefix `B2C_1A_`.
 
 ## Test the custom policy
 
-1. Under **Custom policies**, select **B2C_1A_SignUpOrSignInWithPhoneOrEmail**.
+1. Under **Custom policies**, select **B2C_1A_SignUpOrSignInWithPhone**.
 1. Under **Select application**, select the *webapp1* application that you registered when completing the prerequisites.
 1. For **Select reply url**, choose `https://jwt.ms`.
 1. Select **Run now** and sign up using an email address or a phone number.

articles/active-directory-domain-services/network-considerations.md

@@ -16,7 +16,7 @@ ms.author: iainfou
 ---
 # Virtual network design considerations and configuration options for Azure AD Domain Services
 
-As Azure Active Directory Domain Services (AD DS) provides authentication and management services to other applications and workloads, network connectivity is a key component. Without appropriately configured virtual network resources, applications and workloads can't communicate with and use the features provides by Azure AD DS. If you plan your virtual network correctly, you make sure that Azure AD DS can serve your applications and workloads as needed.
+As Azure Active Directory Domain Services (AD DS) provides authentication and management services to other applications and workloads, network connectivity is a key component. Without appropriately configured virtual network resources, applications and workloads can't communicate with and use the features provided by Azure AD DS. If you plan your virtual network correctly, you make sure that Azure AD DS can serve your applications and workloads as needed.
 
 This article outlines design considerations and requirements for an Azure virtual network that supports Azure AD DS.
 

articles/active-directory/develop/reference-v2-libraries.md

@@ -52,7 +52,7 @@ Use client authentication libraries to acquire a token for calling a protected w
 
 | Platform | Library | Download | Source code | Sample | Reference | Conceptual doc | Roadmap |
 | --- | --- | --- | --- | --- | --- | --- | --- |
-| ![JavaScript](media/sample-v2-code/logo_js.png) | MSAL.js  | [NPM](https://www.npmjs.com/package/msal) |[GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/README.md) |  [Single-page app](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2) | [Reference](https://htmlpreview.github.io/?https://raw.githubusercontent.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-core/docs/classes/_useragentapplication_.useragentapplication.html) | [Conceptual docs](msal-overview.md)| [Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki#roadmap)
+| ![JavaScript](media/sample-v2-code/logo_js.png) | MSAL.js  | [NPM](https://www.npmjs.com/package/msal) |[GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/README.md) |  [Single-page app](https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2) | [Reference](https://azuread.github.io/microsoft-authentication-library-for-js/docs/msal/) | [Conceptual docs](msal-overview.md)| [Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki#roadmap)
 |![Angular JS](media/sample-v2-code/logo_angular.png) | MSAL Angular JS | [NPM](https://www.npmjs.com/package/@azure/msal-angularjs) | [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angularjs/README.md) |  |  | |
 ![Angular](media/sample-v2-code/logo_angular.png) | MSAL Angular (Preview) | [NPM](https://www.npmjs.com/package/@azure/msal-angular) |[GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular/README.md) | | | |
 | ![.NET Framework](media/sample-v2-code/logo_NET.png) ![UWP](media/sample-v2-code/logo_windows.png) ![Xamarin](media/sample-v2-code/logo_xamarin.png) | MSAL.NET  |[NuGet](https://www.nuget.org/packages/Microsoft.Identity.Client) |[GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) | [Desktop app](guidedsetups/active-directory-mobileanddesktopapp-windowsdesktop-intro.md) | [MSAL.NET](https://docs.microsoft.com/dotnet/api/microsoft.identity.client?view=azure-dotnet-preview) |[Conceptual docs](msal-overview.md) | [Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki#roadmap)