MicrosoftDocs
diff --git a/‎.openpublishing.publish.config.json
Lines changed: 4 additions & 1 deletion b/‎.openpublishing.publish.config.json
Lines changed: 4 additions & 1 deletion
diff --git a/‎.openpublishing.redirection.defender-for-iot.json
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.defender-for-iot.json
Lines changed: 5 additions & 0 deletions
diff --git a/‎.openpublishing.redirection.json
Lines changed: 34205 additions & 40335 deletions b/‎.openpublishing.redirection.json
Lines changed: 34205 additions & 40335 deletions
diff --git a/‎CONTRIBUTING.md
Lines changed: 1 addition & 1 deletion b/‎CONTRIBUTING.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-b2c/identity-provider-twitter.md
Lines changed: 33 additions & 6 deletions b/‎articles/active-directory-b2c/identity-provider-twitter.md
Lines changed: 33 additions & 6 deletions
diff --git a/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 6 additions & 2 deletions b/‎articles/active-directory-b2c/localization-string-ids.md
Lines changed: 6 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/page-layout.md
Lines changed: 14 additions & 7 deletions b/‎articles/active-directory-b2c/page-layout.md
Lines changed: 14 additions & 7 deletions
diff --git a/‎articles/active-directory-b2c/string-transformations.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/string-transformations.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-domain-services/migrate-from-classic-vnet.md
Lines changed: 9 additions & 3 deletions b/‎articles/active-directory-domain-services/migrate-from-classic-vnet.md
Lines changed: 9 additions & 3 deletions
diff --git a/‎articles/active-directory-domain-services/policy-reference.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-domain-services/policy-reference.md
Lines changed: 1 addition & 1 deletion
@@ -1022,6 +1022,9 @@
     "articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json",
     "articles/machine-learning/.openpublishing.redirection.machine-learning.json",
     "articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",
-    ".openpublishing.redirection.virtual-desktop.json"
+    ".openpublishing.redirection.virtual-desktop.json",
+    "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services.json",
+    "articles/applied-ai-services/.openpublishing.archived.json",
+    "articles/cognitive-services/.openpublishing.redirection.cognitive-services.json"
   ]
 }
@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-frequently-asked-questions.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/faqs-general",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md",
             "redirect_url": "/azure/defender-for-iot/organizations/appliance-catalog/index",
 
@@ -2,7 +2,7 @@
 
 Thank you for taking the time to contribute to the Microsoft Azure documentation.
 
-This guide covers some general topics related to contribution and refers to the [contributor guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
+This guide covers some general topics related to contribution and refers to our [contributor guide](https://docs.microsoft.com/contribute) for more detailed explanations when required.
 
 ## Code of Conduct
 
 
@@ -33,6 +33,32 @@ zone_pivot_groups: b2c-policy-type
 
 To enable sign-in for users with a Twitter account in Azure AD B2C, you need to create a Twitter application. If you don't already have a Twitter account, you can sign up at [`https://twitter.com/signup`](https://twitter.com/signup). You also need to [Apply for a developer account](https://developer.twitter.com/). For more information, see [Apply for access](https://developer.twitter.com/en/apply-for-access).
 
+::: zone pivot="b2c-custom-policy"
+1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
+1. Select **+ Create Project** button. 
+1. Under **Project name** tab, enter a preferred name of your project, and then select **Next** button.
+1. Under **Use case** tab, select your preferred use case, and then select **Next**. 
+1. Under **Project description** tab, enter your project description, and then select **Next** button. 
+1. Under **App name** tab, enter a name for your app, such as *azureadb2c*, and the select **Next** button.
+1. Under **Keys & Tokens** tab, copy the value of **API Key** and **API Key Secret** for later. You use both of them to configure Twitter as an identity provider in your Azure AD B2C tenant. 
+1. Select **App settings** to open the app settings. 
+1. At the lower part of the page, under **User authentication settings**, select **Set up**.
+1. In the **User authentication settings** page, select **OAuth 2.0** option. 
+1. Under **OAUTH 2.0 SETTINGS**, for the **Type of app**, select your appropriate app type such as *Web App*. 
+1. Under **GENERAL AUTHENTICATION SETTINGS**:
+    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-policy-id/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
+        - `your-tenant-name` with the name of your tenant name.
+        - `your-domain-name` with your custom domain.
+        - `your-policy-id` with the identifier of your user flow. For example, `b2c_1a_signup_signin_twitter`.  
+    1. For the **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.
+    1. Enter a URL for the **Terms of service**, for example `http://www.contoso.com/tos`. The policy URL is a page you maintain to provide terms and conditions for your application.
+    1. Enter a URL for the **Privacy policy**, for example `http://www.contoso.com/privacy`. The policy URL is a page you maintain to provide privacy information for your application.
+1. Select **Save**. 
+ ::: zone-end
+
+
+::: zone pivot="b2c-user-flow"
+
 1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
 1. Select **+ Create Project** button. 
 1. Under **Project name** tab, enter a preferred name of your project, and then select **Next** button.
@@ -45,15 +71,16 @@ To enable sign-in for users with a Twitter account in Azure AD B2C, you need to
 1. In the **User authentication settings** page, select **OAuth 2.0** option. 
 1. Under **OAUTH 2.0 SETTINGS**, for the **Type of app**, select your appropriate app type such as *Web App*. 
 1. Under **GENERAL AUTHENTICATION SETTINGS**:
-    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
+    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-name/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
         - `your-tenant-name` with the name of your tenant name.
         - `your-domain-name` with your custom domain.
-        - `your-user-flow-Id` with the identifier of your user flow. For example, `b2c_1a_signup_signin_twitter`. 
-    
+        - `your-user-flow-name` with the identifier of your user flow. For example, `b2c_1_signup_signin_twitter`. 
     1. For the **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.
     1. Enter a URL for the **Terms of service**, for example `http://www.contoso.com/tos`. The policy URL is a page you maintain to provide terms and conditions for your application.
     1. Enter a URL for the **Privacy policy**, for example `http://www.contoso.com/privacy`. The policy URL is a page you maintain to provide privacy information for your application.
 1. Select **Save**. 
+ 
+::: zone-end
 
 ::: zone pivot="b2c-user-flow"
 
@@ -83,8 +110,6 @@ At this point, the Twitter identity provider has been set up, but it's not yet a
 1. Select the **Run user flow** button.
 1. From the sign-up or sign-in page, select **Twitter** to sign in with Twitter account.
 
-If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
-
 ::: zone-end
 
 ::: zone pivot="b2c-custom-policy"
@@ -186,7 +211,9 @@ You can define a Twitter account as a claims provider by adding it to the **Clai
 1. For **Application**, select a web application that you [previously registered](tutorial-register-applications.md). The **Reply URL** should show `https://jwt.ms`.
 1. Select the **Run now** button.
 1. From the sign-up or sign-in page, select **Twitter** to sign in with Twitter account.
+::: zone-end
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
-::: zone-end
+> [!TIP]
+>  If you're facing `unauthorized` error while testing this identity provider, make sure you use the correct Twitter API Key and API Key Secret, or try to apply for [elevated](https://developer.twitter.com/en/portal/products/elevated) access. Also, we recommend you've a look at [Twitter's projects structure](https://developer.twitter.com/en/docs/projects/overview), if you registered your app before the feature was available.
@@ -377,7 +377,7 @@ The following are the IDs for a [Verification display control](display-control-v
 
 | ID | Default value |
 | --- | ------------- |
-|intro_msg <sup>*</sup>| Verification is necessary. Please click Send button.|
+|intro_msg<sup>1</sup>| Verification is necessary. Please click Send button.|
 |success_send_code_msg | Verification code has been sent. Please copy it to the input box below.|
 |failure_send_code_msg | We are having trouble verifying your email address. Please enter a valid email address and try again.|
 |success_verify_code_msg | E-mail address verified. You can now continue.|
@@ -386,13 +386,16 @@ The following are the IDs for a [Verification display control](display-control-v
 |but_verify_code | Verify code|
 |but_send_new_code | Send new code|
 |but_change_claims | Change e-mail|
+| UserMessageIfVerificationControlClaimsNotVerified<sup>2</sup>| The claims for verification control have not been verified. |
 
-Note: The `intro_msg` element is hidden, and not shown on the self-asserted page. To make it visible, use the [HTML customization](customize-ui-with-html.md) with Cascading Style Sheets. For example:
+<sup>1</sup> The `intro_msg` element is hidden, and not shown on the self-asserted page. To make it visible, use the [HTML customization](customize-ui-with-html.md) with Cascading Style Sheets. For example:
 
 ```css
 .verificationInfoText div{display: block!important}
 ```
 
+<sup>2</sup> This error message is displayed to the user if they enter a verification code, but instead of completing the verification by selecting on the **Verify** button, they select the **Continue** button.
+  
 ### Verification display control example
 
 ```xml
@@ -408,6 +411,7 @@ Note: The `intro_msg` element is hidden, and not shown on the self-asserted page
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_verify_code">Verify code</LocalizedString>
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_send_new_code">Send new code</LocalizedString>
     <LocalizedString ElementType="DisplayControl" ElementId="emailVerificationControl" StringId="but_change_claims">Change e-mail</LocalizedString>
+    <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfVerificationControlClaimsNotVerified">The claims for verification control have not been verified.</LocalizedString>
   </LocalizedStrings>
 </LocalizedResources>
 ```
 
@@ -28,25 +28,32 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 |Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compiler version |
 |---------|---------|------|--------|----------|
-|multifactor |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
+|multifactor |>= 1.2.8 | 3.5.1 | 4.7.7 |4.7.7 |
+|            |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
 |            |< 1.2.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|selfasserted |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
+|selfasserted |>= 2.1.11 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 2.1.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|unifiedssp |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
+|unifiedssp |>= 2.1.7 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 2.1.4 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 2.1.4 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|globalexception |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|globalexception |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|providerselection |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|providerselection |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|claimsconsent |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|claimsconsent |>= 1.2.2 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.2 | 3.5.1 |4.7.7 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
-|unifiedssd |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
+|unifiedssd |>= 1.2.3 | 3.5.1 |4.7.7 |4.7.7 |
+|            |>= 1.2.1 | 3.5.1 |4.7.6 |4.7.7 |
 |            |< 1.2.1 | 3.4.1 |4.0.12 |2.0.1 |
 |            |< 1.2.0 | 1.12.4 |
 
 
@@ -864,7 +864,7 @@ Checks whether the provided phone number is valid, based on phone number regular
   </InputClaims>
   <InputParameters>
     <InputParameter Id="matchTo" DataType="string" Value="^[0-9]{4,16}$" />
-    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="Phone" />
+    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="iPhone" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/07/2022
+ms.date: 08/15/2022
 ms.author: justinha 
 ms.custom: devx-track-azurepowershell
 
@@ -172,9 +172,15 @@ Before you begin the migration process, complete the following initial checks an
 
     Make sure that network settings don't block necessary ports required for Azure AD DS. Ports must be open on both the Classic virtual network and the Resource Manager virtual network. These settings include route tables (although it's not recommended to use route tables) and network security groups.
 
-    Azure AD DS needs a network security group to secure the ports needed for the managed domain and block all other incoming traffic. This network security group acts as an extra layer of protection to lock down access to the managed domain. To view the ports required, see [Network security groups and required ports][network-ports].
+    Azure AD DS needs a network security group to secure the ports needed for the managed domain and block all other incoming traffic. This network security group acts as an extra layer of protection to lock down access to the managed domain. 
 
-    If you use secure LDAP, add a rule to the network security group to allow incoming traffic for *TCP* port *636*. For more information, see [Lock down secure LDAP access over the internet](tutorial-configure-ldaps.md#lock-down-secure-ldap-access-over-the-internet)
+    The following network security group Inbound rules are required for the managed domain to provide authentication and management services. Don't edit or delete these network security group rules for the virtual network subnet your managed domain is deployed into.
+
+    | Inbound port number | Protocol | Source                             | Destination | Action | Required | Purpose |
+    |:-----------:|:--------:|:----------------------------------:|:-----------:|:------:|:--------:|:--------|
+    | 5986        | TCP      | AzureActiveDirectoryDomainServices | Any         | Allow  | Yes      | Management of your domain. |
+    | 3389        | TCP      | CorpNetSaw                         | Any         | Allow  | Optional      | Debugging for support. |
+    | 636         | TCP      | AzureActiveDirectoryDomainServices | Inbound         | Allow  | Optional      | Secure LDAP. |
 
     Make a note of this target resource group, target virtual network, and target virtual network subnet. These resource names are used during the migration process.
 
 
@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 08/08/2022
+ms.date: 08/16/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha
Original file line number	Diff line number	Diff line change
`@@ -1022,6 +1022,9 @@`
`1022`	`1022`	`"articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json",`
`1023`	`1023`	`"articles/machine-learning/.openpublishing.redirection.machine-learning.json",`
`1024`	`1024`	`"articles/static-web-apps/.openpublishing.redirection.static-web-apps.json",`
`1025`		`- ".openpublishing.redirection.virtual-desktop.json"`
	`1025`	`+ ".openpublishing.redirection.virtual-desktop.json",`
	`1026`	`+ "articles/applied-ai-services/.openpublishing.redirection.applied-ai-services.json",`
	`1027`	`+ "articles/applied-ai-services/.openpublishing.archived.json",`
	`1028`	`+ "articles/cognitive-services/.openpublishing.redirection.cognitive-services.json"`
`1026`	`1029`	`]`
`1027`	`1030`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,10 @@`
`1`	`1`	`{`
`2`	`2`	`"redirections": [`
	`3`	`+ {`
	`4`	`+ "source_path_from_root": "/articles/defender-for-iot/organizations/resources-frequently-asked-questions.md",`
	`5`	`+ "redirect_url": "/azure/defender-for-iot/organizations/faqs-general",`
	`6`	`+ "redirect_document_id": false`
	`7`	`+ },`
`3`	`8`	`{`
`4`	`9`	`"source_path_from_root": "/articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md",`
`5`	`10`	`"redirect_url": "/azure/defender-for-iot/organizations/appliance-catalog/index",`