MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/claim-resolver-overview.md
Lines changed: 23 additions & 1 deletion b/‎articles/active-directory-b2c/claim-resolver-overview.md
Lines changed: 23 additions & 1 deletion
diff --git a/‎articles/automation/automation-dsc-diagnostics.md
Lines changed: 48 additions & 51 deletions b/‎articles/automation/automation-dsc-diagnostics.md
Lines changed: 48 additions & 51 deletions
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 01/25/2019
+ms.date: 02/13/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -100,6 +100,28 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | ----- | ----------------------- | --------|
 | {oauth2:access_token} | The access token. | N/A |
 
+## Using claim resolvers 
+
+You can use claims resolvers with following elements: 
+
+| Item | Element | Settings |
+| ----- | ----------------------- | --------|
+|Application Insights technical profile |`InputClaim` | |
+|[Azure Active Directory](active-directory-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
+|[OAuth2](oauth2-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
+|[OpenID Connect](openid-connect-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
+|[Claims transformation](claims-transformation-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
+|[RESTful provider](restful-technical-profile.md) technical profile| `InputClaim`| 1, 2|
+|[SAML2](saml-technical-profile.md)  technical profile| `OutputClaim`| 1, 2|
+|[Self-Asserted](self-asserted-technical-profile.md) technical profile| `InputClaim`, `OutputClaim`| 1, 2|
+|[ContentDefinition](contentdefinitions.md)| `LoadUri`| |
+|[ContentDefinitionParameters](relyingparty.md#contentdefinitionparameters)| `Parameter` | |
+|[RelyingParty](relyingparty.md#technicalprofile) technical profile| `OutputClaim`| 2 |
+
+Settings: 
+1. The `IncludeClaimResolvingInClaimsHandling` metadata must set to `true`
+1. The input or output claims attribute `AlwaysUseDefaultValue` must set to `true`
+
 ## How to use claim resolvers
 
 ### RESTful technical profile
 
@@ -31,118 +31,115 @@ With Azure Monitor logs you can:
 To start sending your Automation State Configuration reports to Azure Monitor logs, you need:
 
 - The November 2016 or later release of [Azure PowerShell](/powershell/azure/overview) (v2.3.0).
-- An Azure Automation account. For more information, see [Getting Started with Azure Automation](automation-offering-get-started.md)
-- A Log Analytics workspace with an **Automation & Control** service offering. For more information, see [Get started with Azure Monitor logs](../log-analytics/log-analytics-get-started.md).
-- At least one Azure Automation State Configuration node. For more information, see [Onboarding machines for management by Azure Automation State Configuration](automation-dsc-onboarding.md)
-- The [xDscDiagnostics](https://www.powershellgallery.com/packages/xDscDiagnostics/2.7.0.0) module, version 2.7.0.0 or greater. For installation steps, see [View DSC logs on your Node](./troubleshoot/desired-state-configuration.md#steps-to-troubleshoot-desired-state-configuration-dsc).
+- An Azure Automation account. For more information, see [An introduction to Azure Automation](automation-intro.md).
+- A Log Analytics workspace with an Automation & Control service offering. For more information, see [Get started with Log Analytics in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-portal).
+- At least one Azure Automation State Configuration node. For more information, see [Onboarding machines for management by Azure Automation State Configuration](automation-dsc-onboarding.md).
+- The [xDscDiagnostics](https://www.powershellgallery.com/packages/xDscDiagnostics/2.7.0.0) module, version 2.7.0.0 or greater. For installation steps, see [Troubleshoot Azure Automation Desired State Configuration](./troubleshoot/desired-state-configuration.md#steps-to-troubleshoot-desired-state-configuration-dsc).
 
 ## Set up integration with Azure Monitor logs
 
 To begin importing data from Azure Automation DSC into Azure Monitor logs, complete the following steps:
 
-1. Log in to your Azure account in PowerShell. See [Log in with Azure PowerShell](https://docs.microsoft.com/powershell/azure/authenticate-azureps)
-1. Get the _ResourceId_ of your automation account by running the following PowerShell command:
-   (if you have more than one automation account, choose the _ResourceID_ for the account you want to configure).
+1. Log in to your Azure account in PowerShell. See [Sign in with Azure PowerShell](https://docs.microsoft.com/powershell/azure/authenticate-azureps).
+1. Get the resource ID of your Automation account by running the following PowerShell cmdlet. If you have more than one automation account, choose the resource ID for the account that you want to configure.
 
    ```powershell
-   # Find the ResourceId for the Automation Account
+   # Find the ResourceId for the Automation account
    Get-AzResource -ResourceType 'Microsoft.Automation/automationAccounts'
    ```
 
-1. Get the _ResourceId_ of your Log Analytics workspace by running the following PowerShell command:
-   (if you have more than one workspace, choose the _ResourceID_ for the workspace you want to configure).
+1. Get the resource ID of your Log Analytics workspace by running the following PowerShell cmdlet. If you have more than one workspace, choose the resource ID for the workspace that you want to configure.
 
    ```powershell
    # Find the ResourceId for the Log Analytics workspace
    Get-AzResource -ResourceType 'Microsoft.OperationalInsights/workspaces'
    ```
 
-1. Run the following PowerShell command, replacing `<AutomationResourceId>` and `<WorkspaceResourceId>` with the _ResourceId_ values from each of the previous steps:
+1. Run the following PowerShell cmdlet, replacing `<AutomationResourceId>` and `<WorkspaceResourceId>` with the *ResourceId* values from each of the previous steps.
 
    ```powershell
    Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $true -Category 'DscNodeStatus'
    ```
 
-If you want to stop importing data from Azure Automation State Configuration into Azure Monitor logs, run the following PowerShell command:
+1. If you want to stop importing data from Azure Automation State Configuration into Azure Monitor logs, run the following PowerShell cmdlet.
 
-```powershell
-Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Category 'DscNodeStatus'
-```
+   ```powershell
+   Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Category 'DscNodeStatus'
+   ```
 
 ## View the State Configuration logs
 
-After you set up integration with Azure Monitor logs for your Automation State Configuration data, they can be viewed by selecting **Logs** in the **Monitoring** section in the left pane of the State Configuration (DSC) page.  
+After you set up integration with Azure Monitor logs for your Automation State Configuration data, you can view them by selecting **Logs** in the **Monitoring** section in the left pane of the State configuration (DSC) page.
 
 ![Logs](media/automation-dsc-diagnostics/automation-dsc-logs-toc-item.png)
 
-The **Log Search** blade opens, and you see a **DscNodeStatusData** operation for each State
-Configuration node, and a **DscResourceStatusData** operation for each [DSC
-resource](/powershell/scripting/dsc/resources/resources) called in the Node configuration applied to that node.
-
-The **DscResourceStatusData** operation contains error information for any DSC resources that failed.
+The **Log Search** pane opens with a query region scoped to your Automation account resource. You can search the State Configuration logs for DSC operations by searching in Azure Monitor logs. The records for DSC operations are stored in the AzureDiagnostics table. For example, to find nodes that are not compliant, type the following query.
 
-Click each operation in the list to see the data for that operation.
-
-You can also view the logs by searching in Azure Monitor logs. See [Find data using log searches](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview). Type the following query to find your State Configuration logs.
-
-```
-AzureDiagnostics
+```AzureDiagnostics
 | where Category == 'DscNodeStatus' 
 | where OperationName contains 'DSCNodeStatusData'
 | where ResultType != 'Compliant'
 ```
+Filtering details:
+
+* Filter on *DscNodeStatusData* to return operations for each State Configuration node.
+* Filter on *DscResourceStatusData* to return operations for each DSC resource called in the node configuration applied to that resource. 
+* Filter on *DscResourceStatusData* to return error information for any DSC resources that fail.
+
+To learn more about constructing log queries to find data, see [Overview of log queries in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview).
 
 ### Send an email when a State Configuration compliance check fails
 
-One of our top customer requests is for the ability to send an email or a text when something goes
-wrong with a DSC configuration.
+One of our top customer requests is for the ability to send an email or a text when something goes wrong with a DSC configuration.
 
-To create an alert rule, you start by creating a log search for the State Configuration report
-records that should invoke the alert. Click the **+ New Alert Rule** button to create and configure
+To create an alert rule, start by creating a log search for the State Configuration report records that should invoke the alert. Click the **+ New Alert Rule** button to create and configure
 the alert rule.
 
 1. From the Log Analytics workspace Overview page, click **Logs**.
 1. Create a log search query for your alert by typing the following search into the query field:  `Type=AzureDiagnostics Category='DscNodeStatus' NodeName_s='DSCTEST1' OperationName='DscNodeStatusData' ResultType='Failed'`
 
-   If you have set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account.
-   Automation account name can be derived from the Resource field in the search of DscNodeStatusData.
-1. To open the **Create rule** screen, click **+ New Alert Rule** at the top of the page. For more information on the options to configure the alert, see [Create an alert rule](../monitoring-and-diagnostics/monitor-alerts-unified-usage.md).
+   If you have set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account. Derive the Automation account name from the Resource field in the search of DscNodeStatusData.
+1. To open the **Create rule** screen, click **+ New Alert Rule** at the top of the page. 
+
+For more information on the options to configure the alert, see [Create an alert rule](../monitoring-and-diagnostics/monitor-alerts-unified-usage.md).
 
 ### Find failed DSC resources across all nodes
 
 One advantage of using Azure Monitor logs is that you can search for failed checks across nodes.
-To find all instances of DSC resources that failed.
+To find all instances of DSC resources that have failed:
 
-1. From the Log Analytics workspace Overview page, click **Logs**.
+1. On the Log Analytics workspace Overview page, click **Logs**.
 1. Create a log search query for your alert by typing the following search into the query field:  `Type=AzureDiagnostics Category='DscNodeStatus' OperationName='DscResourceStatusData' ResultType='Failed'`
 
 ### View historical DSC node status
 
-Finally, you may want to visualize your DSC node status history over time.
-You can use this query to search for the status of your DSC node status over time.
+To visualize your DSC node status history over time, you can use this query:
 
 `Type=AzureDiagnostics ResourceProvider="MICROSOFT.AUTOMATION" Category=DscNodeStatus NOT(ResultType="started") | measure Count() by ResultType interval 1hour`
 
-This will display a chart of the node status over time.
+This query displays a chart of the node status over time.
 
 ## Azure Monitor logs records
 
-Diagnostics from Azure Automation creates two categories of records in Azure Monitor logs.
+Azure Automation diagnostics create two categories of records in Azure Monitor logs:
+
+* Node status data (DscNodeStatusData)
+* Resource status data (DscResourceStatusData)
 
 ### DscNodeStatusData
 
 | Property | Description |
 | --- | --- |
 | TimeGenerated |Date and time when the compliance check ran. |
-| OperationName |DscNodeStatusData |
+| OperationName |DscNodeStatusData. |
 | ResultType |Whether the node is compliant. |
 | NodeName_s |The name of the managed node. |
 | NodeComplianceStatus_s |Whether the node is compliant. |
 | DscReportStatus |Whether the compliance check ran successfully. |
-| ConfigurationMode | How the configuration is applied to the node. Possible values are __"ApplyOnly"__,__"ApplyandMonitior"__, and __"ApplyandAutoCorrect"__. <ul><li>__ApplyOnly__: DSC applies the configuration and does nothing further unless a new configuration is pushed to the target node or when a new configuration is pulled from a server. After initial application of a new configuration, DSC does not check for drift from a previously configured state. DSC attempts to apply the configuration until it is successful before __ApplyOnly__ takes effect. </li><li> __ApplyAndMonitor__: This is the default value. The LCM applies any new configurations. After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs. DSC attempts to apply the configuration until it is successful before __ApplyAndMonitor__ takes effect.</li><li>__ApplyAndAutoCorrect__: DSC applies any new configurations. After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs, and then reapplies the current configuration.</li></ul> |
+| ConfigurationMode | How the configuration is applied to the node. Possible values are: <ul><li>*ApplyOnly*: DSC applies the configuration and does nothing further unless a new configuration is pushed to the target node or when a new configuration is pulled from a server. After initial application of a new configuration, DSC does not check for drift from a previously configured state. DSC attempts to apply the configuration until it is successful before the *ApplyOnly* value takes effect. </li><li>*ApplyAndMonitor*: This is the default value. The LCM applies any new configurations. After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs. DSC attempts to apply the configuration until it is successful before the *ApplyAndMonitor* value takes effect.</li><li>*ApplyAndAutoCorrect*: DSC applies any new configurations. After initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs, and then reapplies the current configuration.</li></ul> |
 | HostName_s | The name of the managed node. |
 | IPAddress | The IPv4 address of the managed node. |
-| Category | DscNodeStatus |
+| Category | DscNodeStatus. |
 | Resource | The name of the Azure Automation account. |
 | Tenant_g | GUID that identifies the tenant for the Caller. |
 | NodeId_g |GUID that identifies the managed node. |
@@ -151,14 +148,14 @@ Diagnostics from Azure Automation creates two categories of records in Azure Mon
 | ReportStartTime_t |Date and time when the report was started. |
 | ReportEndTime_t |Date and time when the report completed. |
 | NumberOfResources_d |The number of DSC resources called in the configuration applied to the node. |
-| SourceSystem | How Azure Monitor logs collected the data. Always *Azure* for Azure diagnostics. |
-| ResourceId |Specifies the Azure Automation account. |
+| SourceSystem | How Azure Monitor logs collected the data. Always "Azure" for Azure diagnostics. |
+| ResourceId |Identifier of the Azure Automation account. |
 | ResultDescription | The description for this operation. |
 | SubscriptionId | The Azure subscription ID (GUID) for the Automation account. |
 | ResourceGroup | Name of the resource group for the Automation account. |
-| ResourceProvider | MICROSOFT.AUTOMATION |
-| ResourceType | AUTOMATIONACCOUNTS |
-| CorrelationId |GUID that is the Correlation ID of the compliance report. |
+| ResourceProvider | MICROSOFT.AUTOMATION. |
+| ResourceType | AUTOMATIONACCOUNTS. |
+| CorrelationId |GUID that is the correlation identifier of the compliance report. |
 
 ### DscResourceStatusData
 
@@ -168,7 +165,7 @@ Diagnostics from Azure Automation creates two categories of records in Azure Mon
 | OperationName |DscResourceStatusData|
 | ResultType |Whether the resource is compliant. |
 | NodeName_s |The name of the managed node. |
-| Category | DscNodeStatus |
+| Category | DscNodeStatus. |
 | Resource | The name of the Azure Automation account. |
 | Tenant_g | GUID that identifies the tenant for the Caller. |
 | NodeId_g |GUID that identifies the managed node. |
@@ -187,8 +184,8 @@ Diagnostics from Azure Automation creates two categories of records in Azure Mon
 | ResultDescription | The description for this operation. |
 | SubscriptionId | The Azure subscription ID (GUID) for the Automation account. |
 | ResourceGroup | Name of the resource group for the Automation account. |
-| ResourceProvider | MICROSOFT.AUTOMATION |
-| ResourceType | AUTOMATIONACCOUNTS |
+| ResourceProvider | MICROSOFT.AUTOMATION. |
+| ResourceType | AUTOMATIONACCOUNTS. |
 | CorrelationId |GUID that is the Correlation ID of the compliance report. |
 
 ## Summary