pull master

Author: mlhoop

.openpublishing.publish.config.json

@@ -157,7 +157,7 @@
       "url": "https://github.com/Azure-Samples/functions-python-pytorch-tutorial",
       "branch": "master",
       "branch_mapping": {}
-    },   
+    },
     {
       "path_to_root": "functions-quickstart-templates",
       "url": "https://github.com/Azure/azure-functions-templates",
@@ -187,7 +187,8 @@
       "path_to_root": "functions-docs-powershell",
       "url": "https://github.com/Azure-Samples/functions-docs-powershell",
       "branch": "master"
-    },     {
+    },
+    {
       "path_to_root": "samples-personalizer",
       "url": "https://github.com/Azure-Samples/cognitive-services-personalizer-samples",
       "branch": "master"
@@ -277,6 +278,11 @@
       "url": "https://github.com/Azure/pcs-remote-monitoring-webui.git",
       "branch": "master"
     },
+    {
+      "path_to_root": "MachineLearningNotebooks",
+      "url": "https://github.com/Azure/MachineLearningNotebooks",
+      "branch": "master"
+    },
     {
       "path_to_root": "aml-sdk-samples",
       "url": "https://github.com/Azure/MachineLearningNotebooks",
@@ -361,7 +367,7 @@
       "path_to_root": "azure-sdk-for-java-script-event-hubs",
       "url": "https://github.com/Azure/azure-sdk-for-js/",
       "branch": "master"
-    },        
+    },
     {
       "path_to_root": "azure-sdk-for-net-event-hubs",
       "url": "https://github.com/Azure/azure-sdk-for-net/",
@@ -371,7 +377,7 @@
       "path_to_root": "azure-sdk-for-python-event-hubs",
       "url": "https://github.com/Azure/azure-sdk-for-python/",
       "branch": "master"
-    },      
+    },
     {
       "path_to_root": "cosmos-dotnet-getting-started",
       "url": "https://github.com/Azure-Samples/cosmos-dotnet-getting-started",
@@ -505,5 +511,8 @@
     "Pdf": {
       "template_folder": "_themes.pdf"
     }
+  },
+  "docs_build_engine": {
+    "name": "docfx_v3"
   }
 }

.openpublishing.redirection.json

@@ -57,5 +57,6 @@
     ],
     "cSpell.words": [
         "auditd"
-    ]
+    ],
+    "git.ignoreLimitWarning": true
 }

.vscode/settings.json

@@ -9,12 +9,12 @@ articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Requires Internal Review
-articles/best-practices-availability-paired-regions.md @jpconnock @arob98 @syntaxc4 @tysonn @snoviking
+articles/best-practices-availability-paired-regions.md @jpconnock @martinekuan @syntaxc4 @tysonn @snoviking
 
 # Governance
 articles/governance/ @DCtheGeek
 
 # Configuration
-*.json @SyntaxC4 @snoviking @arob98
-.acrolinx-config.edn @MonicaRush @arob98
-articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @arob98
+*.json @SyntaxC4 @snoviking @martinekuan
+.acrolinx-config.edn @MonicaRush @martinekuan
+articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @martinekuan

CODEOWNERS

@@ -74,6 +74,8 @@
       href: custom-policy-overview.md
   - name: User accounts
     href: user-overview.md
+  - name: User profile attributes
+    href: user-profile-attributes.md
 - name: How-to guides
   items:
   - name: App integration
@@ -182,9 +184,13 @@
       - name: Customize the UI
         href: custom-policy-ui-customization.md
         displayName: ux, input, cors, html, css
+      - name: Customize language
+        href: custom-policy-localization.md
       - name: Custom email
         href: custom-email.md
         displayName: verification
+      - name: Disable email verification
+        href: custom-policy-disable-email-verification.md
       - name: Enable JavaScript
         href: javascript-samples.md
       - name: Password complexity
@@ -305,13 +311,15 @@
           items:
           - name: About technical profiles
             href: technical-profiles-overview.md
+          - name: About validation technical profiles
+            href: validation-technical-profile.md
+          - name: Application Insights
+            href: application-insights-technical-profile.md
+          - name: Azure Active Directory
+            href: active-directory-technical-profile.md
           - name: Azure Multi-Factor Authentication
             href: multi-factor-auth-technical-profile.md
             displayName: mfa
-          - name: Claim resolvers
-            href: claim-resolver-overview.md
-          - name: Azure Active Directory
-            href: active-directory-technical-profile.md
           - name: Claims transformation
             href: claims-transformation-technical-profile.md
           - name: JWT token issuer
@@ -325,6 +333,8 @@
             displayName: otp
           - name: OpenID Connect
             href: openid-connect-technical-profile.md
+          - name: Phone factor
+            href: phone-factor-technical-profile.md 
           - name: REST
             href: restful-technical-profile.md
           - name: SAML
@@ -336,12 +346,12 @@
           - name: SSO session
             href: custom-policy-reference-sso.md
             displayName: single sign-on
-          - name: Validation
-            href: validation-technical-profile.md
       - name: UserJourneys
         href: userjourneys.md
       - name: RelyingParty
         href: relyingparty.md
+      - name: Claim resolvers
+        href: claim-resolver-overview.md
   - name: Use b2clogin.com
     items:
     - name: b2clogin.com overview
@@ -385,28 +395,28 @@
       href: user-migration.md
 - name: Reference
   items:
-  - name: Identity Experience Framework release notes
-    href: custom-policy-developer-notes.md
+  - name: Billing model
+    href: billing.md
   - name: Code samples
     href: https://azure.microsoft.com/resources/samples/?service=active-directory-b2c
-  - name: Page layout versions
-    href: page-layout.md
   - name: Cookie definitions
     href: cookie-definitions.md
     displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
+  - name: Extensions app
+    href: extensions-app.md
+  - name: Identity Experience Framework release notes
+    href: custom-policy-developer-notes.md
   - name: Microsoft Graph API operations
     href: microsoft-graph-operations.md
+  - name: Page layout versions
+    href: page-layout.md
   - name: Region availability & data residency
     href: data-residency.md
-  - name: Billing model
-    href: billing.md
   - name: Threat management
     href: threat-management.md
     displayName: security
-  - name: Extensions app
-    href: extensions-app.md
   - name: User flow versions
     href: user-flow-versions.md
 - name: Resources

articles/active-directory-b2c/TOC.yml

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/09/2020
+ms.date: 03/16/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -60,13 +60,13 @@ To read, update, or delete an existing user account, the input claim is a key th
 
 To create a new user account, the input claim is a key that uniquely identifies a local or federated account. For example, local account: **signInNames.emailAddress**, or **signInNames.userName**. For a federated account: the **alternativeSecurityId**.
 
-The InputClaimsTransformations element may contain a collection of input claims transformation elements that are used to modify the input claim or generate new one.
+The [InputClaimsTransformations](technicalprofiles.md#inputclaimstransformations) element may contain a collection of input claims transformation elements that are used to modify the input claim or generate new one.
 
 ## OutputClaims
 
 The **OutputClaims** element contains a list of claims returned by the Azure AD technical profile. You may need to map the name of the claim defined in your policy to the name defined in Azure Active Directory. You can also include claims that aren't returned by the Azure Active Directory, as long as you set the `DefaultValue` attribute.
 
-The **OutputClaimsTransformations** element may contain a collection of **OutputClaimsTransformation** elements that are used to modify the output claims or generate new ones.
+The [OutputClaimsTransformations](technicalprofiles.md#outputclaimstransformations) element may contain a collection of **OutputClaimsTransformation** elements that are used to modify the output claims or generate new ones.
 
 For example, the **AAD-UserWriteUsingLogonEmail** technical profile creates a local account and returns the following claims:
 
@@ -88,7 +88,7 @@ For example, the **AAD-UserWriteUsingLogonEmail** technical profile creates a lo
 
 ## PersistedClaims
 
-The **PersistedClaims** element contains all of the values that should be persisted by Azure AD with possible mapping information between a claim type already defined in the ClaimsSchema section in the policy and the Azure AD attribute name.
+The **PersistedClaims** element contains all of the values that should be persisted by Azure AD with possible mapping information between a claim type already defined in the [ClaimsSchema](claimsschema.md) section in the policy and the Azure AD attribute name.
 
 The **AAD-UserWriteUsingLogonEmail** technical profile, which creates new local account, persists following claims:
 
@@ -111,6 +111,7 @@ The name of the claim is the name of the Azure AD attribute unless the **Partner
 ## Requirements of an operation
 
 - There must be exactly one **InputClaim** element in the claims bag for all Azure AD technical profiles.
+- The [user profile attributes article](user-profile-attributes.md) describes the supported Azure AD B2C user profile attributes you can use in the input claims, output claims, and persisted claims. 
 - If the operation is `Write` or `DeleteClaims`, then it must also appear in a **PersistedClaims** element.
 - The value of the **userPrincipalName** claim must be in the format of `[email protected]`.
 - The **displayName** claim is required and cannot be an empty string.
@@ -119,9 +120,7 @@ The name of the claim is the name of the Azure AD attribute unless the **Partner
 
 ### Read
 
-The **Read** operation reads data about a single user account. To read user data, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames** (any type, user name and email-based account) or **alternativeSecurityId**.
-
-The following technical profile reads data about a user account using the user's objectId:
+The **Read** operation reads data about a single user account. The following technical profile reads data about a user account using the user's objectId:
 
 ```XML
 <TechnicalProfile Id="AAD-UserReadUsingObjectId">
@@ -151,9 +150,7 @@ The following technical profile reads data about a user account using the user's
 
 ### Write
 
-The **Write** operation creates or updates a single user account. To write a user account, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress**, or **alternativeSecurityId**.
-
-The following technical profile creates new social account:
+The **Write** operation creates or updates a single user account. The following technical profile creates new social account:
 
 ```XML
 <TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
@@ -193,9 +190,7 @@ The following technical profile creates new social account:
 
 ### DeleteClaims
 
-The **DeleteClaims** operation clears the information from a provided list of claims. To delete information from claims, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress** or **alternativeSecurityId**.
-
-The following technical profile deletes claims:
+The **DeleteClaims** operation clears the information from a provided list of claims. The following technical profile deletes claims:
 
 ```XML
 <TechnicalProfile Id="AAD-DeleteClaimsUsingObjectId">
@@ -216,9 +211,7 @@ The following technical profile deletes claims:
 
 ### DeleteClaimsPrincipal
 
-The **DeleteClaimsPrincipal** operation deletes a single user account from the directory. To delete a user account, you need to provide a key as an input claim, such as **objectId**, **userPrincipalName**, **signInNames.emailAddress** or **alternativeSecurityId**.
-
-The following technical profile deletes a user account from the directory using the user principal name:
+The **DeleteClaimsPrincipal** operation deletes a single user account from the directory. The following technical profile deletes a user account from the directory using the user principal name:
 
 ```XML
 <TechnicalProfile Id="AAD-DeleteUserUsingObjectId">
@@ -253,13 +246,27 @@ The following technical profile deletes a social user account using **alternativ
 | --------- | -------- | ----------- |
 | Operation | Yes | The operation to be performed. Possible values: `Read`, `Write`, `DeleteClaims`, or `DeleteClaimsPrincipal`. |
 | RaiseErrorIfClaimsPrincipalDoesNotExist | No | Raise an error if the user object does not exist in the directory. Possible values: `true` or `false`. |
-| UserMessageIfClaimsPrincipalDoesNotExist | No | If an error is to be raised (see the RaiseErrorIfClaimsPrincipalDoesNotExist attribute description), specify the message to show to the user if user object does not exist. The value can be [localized](localization.md).|
 | RaiseErrorIfClaimsPrincipalAlreadyExists | No | Raise an error if the user object already exists. Possible values: `true` or `false`.|
-| UserMessageIfClaimsPrincipalAlreadyExists | No | If an error is to be raised (see RaiseErrorIfClaimsPrincipalAlreadyExists attribute description), specify the message to show to the user if user object already exists. The value can be [localized](localization.md).|
 | ApplicationObjectId | No | The application object identifier for extension attributes. Value: ObjectId of an application. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md). |
 | ClientId | No | The client identifier for accessing the tenant as a third party. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md) |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 
+## Error messages
+ 
+The following settings can be used to configure the error message displayed upon failure. The metadata should be configured in the [self-asserted](self-asserted-technical-profile.md) technical profile. The error messages can be [localized](localization.md).
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| UserMessageIfClaimsPrincipalAlreadyExists | No | If an error is to be raised (see RaiseErrorIfClaimsPrincipalAlreadyExists attribute description), specify the message to show to the user if user object already exists. |
+| UserMessageIfClaimsPrincipalDoesNotExist | No | If an error is to be raised (see the RaiseErrorIfClaimsPrincipalDoesNotExist attribute description), specify the message to show to the user if user object does not exist. |
+
+
+## Next steps
+
+See the following article, for example of using Azure AD technical profile:
+
+- [Add claims and customize user input using custom policies in Azure Active Directory B2C](custom-policy-configure-user-input.md)
+
 
 
 

articles/active-directory-b2c/active-directory-technical-profile.md

@@ -0,0 +1,84 @@
+---
+title: Define an Application Insights technical profile in a custom policy
+titleSuffix: Azure AD B2C
+description: Define an Application Insights technical profile in a custom policy in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: reference
+ms.date: 03/20/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+
+# Define an Application Insights technical profile in an Azure AD B2C custom policy
+
+[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
+
+Azure Active Directory B2C (Azure AD B2C) supports sending event data directly to [Application Insights](../azure-monitor/app/app-insights-overview.md) by using the instrumentation key provided to Azure AD B2C.  With an Application Insights technical profile, you can get detailed and customized event logs for your user journeys to:
+
+* Gain insights on user behavior.
+* Troubleshoot your own policies in development or in production.
+* Measure performance.
+* Create notifications from Application Insights.
+
+
+## Protocol
+
+The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C for Application Insights:
+`Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null`
+
+The following example shows the common Application Insights technical profile. Other Application Insights technical profiles include the AzureInsights-Common to leverage its configuration.  
+
+```xml
+<TechnicalProfile Id="AzureInsights-Common">
+  <DisplayName>Azure Insights Common</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.Insights.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+</TechnicalProfile>
+```
+
+## Input claims
+
+The **InputClaims** element contains a list of claims to send to Application Insights. You can also map the name of your claim to a name you prefer to appear in Application Insights. The following example shows how to send telemetries to Application Insights. Properties of an event are added through the syntax `{property:NAME}`, where NAME is property being added to the event. DefaultValue can be either a static value or a value that's resolved by one of the supported [claim resolvers](claim-resolver-overview.md).
+
+```XML
+<InputClaims>
+  <InputClaim ClaimTypeReferenceId="PolicyId" PartnerClaimType="{property:Policy}" DefaultValue="{Policy:PolicyId}" />
+  <InputClaim ClaimTypeReferenceId="CorrelationId" PartnerClaimType="{property:JourneyId}" DefaultValue="{Context:CorrelationId}" />
+  <InputClaim ClaimTypeReferenceId="Culture" PartnerClaimType="{property:Culture}" DefaultValue="{Culture:RFC5646}" />
+  <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="{property:objectId}"  />
+</InputClaims>
+```
+
+The **InputClaimsTransformations** element may contain a collection of **InputClaimsTransformation** elements that are used to modify the input claims or generate new ones before sending to Application Insights.
+
+## Persist claims
+
+The PersistedClaims element is not used.
+
+## Output claims
+
+The OutputClaims, and OutputClaimsTransformations elements are not used.
+
+## Cryptographic keys
+
+The CryptographicKeys element is not used.
+
+
+## Metadata
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| InstrumentationKey| Yes | The Application Insights [instrumentation key](../azure-monitor/app/create-new-resource.md#copy-the-instrumentation-key), which will be used for logging the events. | 
+| DeveloperMode| No | A Boolean that indicates whether developer mode is enabled. Possible values: `true` or `false` (default). This metadata controls how events are buffered. In a development environment with minimal event volume, enabling developer mode results in events being sent immediately to Application Insights.|  
+|DisableTelemetry |No |A Boolean that indicates whether telemetry should be enabled or not. Possible values: `true` or `false` (default).| 
+
+
+## Next steps
+
+- [Create an Application Insights resource](../azure-monitor/app/create-new-resource.md)
+- Learn how to [track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md)