MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 10 additions & 5 deletions b/‎.openpublishing.redirection.json
Lines changed: 10 additions & 5 deletions
diff --git a/‎CODEOWNERS
Lines changed: 5 additions & 12 deletions b/‎CODEOWNERS
Lines changed: 5 additions & 12 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-reference-oidc.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/active-directory-b2c-reference-oidc.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/b2b/direct-federation.md
Lines changed: 1 addition & 2 deletions b/‎articles/active-directory/b2b/direct-federation.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/develop/msal-js-initializing-client-applications.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/develop/msal-js-initializing-client-applications.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts.md
Lines changed: 3 additions & 2 deletions b/‎articles/active-directory/manage-apps/define-conditional-rules-for-provisioning-user-accounts.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 6 additions & 4 deletions b/‎articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md
Lines changed: 6 additions & 4 deletions
diff --git a/‎articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-datalake.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-datalake.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md
Lines changed: 5 additions & 5 deletions
@@ -24605,6 +24605,16 @@
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-java",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-nodejs-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs-legacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-v10.md",
+      "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-javascript-client-libraries-legacy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/blobs/storage-nodejs-how-to-use-blob-storage.md",
       "redirect_url": "/azure/storage/blobs/storage-quickstart-blobs-nodejs",
@@ -40879,11 +40889,6 @@
       "redirect_url": "/azure/azure-monitor/platform/data-platform",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/azure-monitor/platform/data-sources-reference.md",
-      "redirect_url": "/azure/azure-monitor/platform/data-sources",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/azure-monitor/platform/collect-activity-logs-subscriptions.md",
       "redirect_url": "/azure/azure-monitor/platform/activity-log-collect-tenants",
 
@@ -1,24 +1,17 @@
 # Testing the new code owners feature in GitHub. Please contact Cory Fowler if you have questions.
-# articles/storage/  @tamram @robinsh
-# articles/virtual-machines/  @iainfoulds @cynthn
-# articles/virtual-machines/linux/  @iainfoulds @cynthn
-# articles/virtual-machines/windows/  @iainfoulds @cynthn
-# articles/application-insights/  @SergeyKanzhelev
-# articles/cosmos-db/ @mimig1
-
-# All Articles
-articles/ @apex-docs-pr-reviewers
-
 # Cognitive Services
 articles/cognitive-services/ @diberry @erhopf, @nitinme
 
 # DevOps
-
 articles/ansible/ @TomArcherMsft
 articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
 # Governance
-
 articles/governance/ @DCtheGeek
+
+# Configuration
+*.json @SyntaxC4 @snoviking @arob98
+.acrolinx-config.edn @MonicaRush @arob98
+articles/zone-pivot-groups.yml @SyntaxC4 @snoviking @arob98
@@ -20,7 +20,7 @@ OpenID Connect is an authentication protocol, built on top of OAuth 2.0, that ca
 
 [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) extends the OAuth 2.0 *authorization* protocol for use as an *authentication* protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an *ID token*, which allows the client to verify the identity of the user and obtain basic profile information about the user.
 
-Because it extends OAuth 2.0, it also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md). OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. If you want to add identity management to your mobile or desktop applications using Azure AD B2C, you should use [OAuth 2.0](active-directory-b2c-reference-oauth-code.md) rather than OpenID Connect. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](active-directory-b2c-reference-tokens.md)
+Because it extends OAuth 2.0, it also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md). OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](active-directory-b2c-reference-tokens.md)
 
 Azure AD B2C extends the standard OpenID Connect protocol to do more than simple authentication and authorization. It introduces the [user flow parameter](active-directory-b2c-reference-policies.md), which enables you to use OpenID Connect to add user experiences to your application, such as sign-up, sign-in, and profile management.
 
 
@@ -80,8 +80,7 @@ First, your partner organization needs to configure their identity provider with
 Azure AD B2B can be configured to federate with identity providers that use the SAML protocol with specific requirements listed below. For more information about setting up a trust between your SAML identity provider and Azure AD, see  [Use a SAML 2.0 Identity Provider (IdP) for Single Sign-On](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-fed-saml-idp).  
 
 > [!NOTE]
-> NOTE
-The target domain for direct federation must not be DNS-verified on Azure AD. The authentication URL domain must match the target domain or it must be the domain of an allowed identity provider. See the [Limitations](#limitations) section for details. 
+> The target domain for direct federation must not be DNS-verified on Azure AD. The authentication URL domain must match the target domain or it must be the domain of an allowed identity provider. See the [Limitations](#limitations) section for details. 
 
 #### Required SAML 2.0 attributes and claims
 The following tables show requirements for specific attributes and claims that must be configured at the third-party identity provider. To set up direct federation, the following attributes must be received in the SAML 2.0 response from the identity provider. These attributes can be configured by linking to the online security token service XML file or by entering them manually.
 
@@ -33,9 +33,9 @@ These application roles are defined in the [Azure portal](https://portal.azure.c
 ### Declare app roles using Azure portal
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. On the top bar, select your account, and then **Switch Directory**.
-1. Once the **Directory + subscription** pane opens, choose the Active Directory tenant where you wish to register your application, from the **Favorites** or **All Directories** list.
-1. Select **All services** in the left-hand nav, and choose **Azure Active Directory**.
+1. Select the **Directory + Subscription** icon in the portal toolbar.
+1. In the **Favorites** or **All Directories** list, choose the Active Directory tenant where you wish to register your application.
+1. In the Azure portal, search for and select **Azure Active Directory**.
 1. In the  **Azure Active Directory** pane, select **App registrations** to view a list of all your applications.
 1. Select the application you want to define app roles in. Then select **Manifest**.
 1. Edit the app manifest by locating the `appRoles` setting and adding all your Application Roles.
 
@@ -113,7 +113,7 @@ Below is the total set of configurable options that are supported currently in t
         * `https://login.microsoftonline.com/common`- Used to sign in users with work and school accounts or a Microsoft personal account.
         * `https://login.microsoftonline.com/organizations/`- Used to sign in users with work and school accounts.
         * `https://login.microsoftonline.com/consumers/` - Used to sign in users with only personal Microsoft account (live).
-    * In Azure AD B2C, it is of the form `https://<instance>/tfp/<tenant>/<policyName>/`, where instance is the Azure AD B2C domain, tenant is the name of the Azure AD B2C tenant, policyName is the name of the B2C policy to apply.
+    * In Azure AD B2C, it is of the form `https://<instance>/tfp/<tenant>/<policyName>/`, where instance is the Azure AD B2C domain i.e. {your-tenant-name}.b2clogin.com, tenant is the name of the Azure AD B2C tenant i.e. {your-tenant-name}.onmicrosoft.com, policyName is the name of the B2C policy to apply.
 
 
 - **validateAuthority**: Optional.  Validate the issuer of tokens. Default is `true`. For B2C applications, since the authority value is known and can be different per policy, the authority validation will not work and has to be set to `false`.
 
@@ -89,8 +89,9 @@ Scoping filters are configured as part of the attribute mappings for each Azure
    g. **REGEX MATCH**. Clause returns "true" if the evaluated attribute matches a regular expression pattern. For example: ([1-9][0-9]) matches any number between 10 and 99.
 
    h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern.
-
-8. Select **Add new scoping clause**.
+ 
+>[!IMPORTANT] 
+> The Includes and IsMemberOf filters are not supported. They will soon be removed from the UI.
 
 9. Optionally, repeat steps 7-8 to add more scoping clauses.
 
 
@@ -59,15 +59,16 @@ Note that you don't need to support both users and groups or all the attributes
 | Azure Active Directory user | "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" |
 | --- | --- |
 | IsSoftDeleted |active |
+|department|urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|
 | displayName |displayName |
+|employeeId|urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber|
 | Facsimile-TelephoneNumber |phoneNumbers[type eq "fax"].value |
 | givenName |name.givenName |
 | jobTitle |title |
 | mail |emails[type eq "work"].value |
 | mailNickname |externalId |
-| manager |manager |
+| manager |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager |
 | mobile |phoneNumbers[type eq "mobile"].value |
-| objectId |ID |
 | postalCode |addresses[type eq "work"].postalCode |
 | proxy-Addresses |emails[type eq "other"].Value |
 | physical-Delivery-OfficeName |addresses[type eq "other"].Formatted |
@@ -76,15 +77,16 @@ Note that you don't need to support both users and groups or all the attributes
 | telephone-Number |phoneNumbers[type eq "work"].value |
 | user-PrincipalName |userName |
 
+
 ### Table 2: Default group attribute mapping
 
 | Azure Active Directory group | urn:ietf:params:scim:schemas:core:2.0:Group |
 | --- | --- |
-| displayName |externalId |
+| displayName |displayName |
 | mail |emails[type eq "work"].value |
 | mailNickname |displayName |
 | members |members |
-| objectId |ID |
+| objectId |externalId |
 | proxyAddresses |emails[type eq "other"].Value |
 
 ## Step 2: Understand the Azure AD SCIM implementation
 
@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 11/20/2017
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -34,9 +34,9 @@ In this tutorial, you learn how to:
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Grant your VM access to Azure Data Lake Store
+## Grant access
 
-Now you can grant your VM access to files and folders in Azure Data Lake Store. For this step, you can use an existing Data Lake Store instance or create a new one. To create a Data Lake Store instance by using the Azure portal, follow the [Azure Data Lake Store quickstart](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-get-started-portal). There are also quickstarts that use Azure CLI and Azure PowerShell in the [Azure Data Lake Store documentation](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-overview).
+This section shows how to grant your VM access to files and folders in Azure Data Lake Store. For this step, you can use an existing Data Lake Store instance or create a new one. To create a Data Lake Store instance by using the Azure portal, follow the [Azure Data Lake Store quickstart](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-get-started-portal). There are also quickstarts that use Azure CLI and Azure PowerShell in the [Azure Data Lake Store documentation](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-overview).
 
 In Data Lake Store, create a new folder and grant our Linux VM system-assigned managed identity permission to read, write, and execute files in that folder:
 
@@ -54,9 +54,9 @@ In Data Lake Store, create a new folder and grant our Linux VM system-assigned m
 
 Managed identities for Azure resources can now perform all operations on files in the folder that you created. For more information on managing access to Data Lake Store, see [Access Control in Data Lake Store](https://docs.microsoft.com/azure/data-lake-store/data-lake-store-access-control).
 
-## Get an access token and call the Data Lake Store file system
+## Get an access token 
 
-Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained via using managed identities for Azure resources. To authenticate to the Data Lake Store file system, you send an access token issued by Azure AD to your Data Lake Store file system endpoint. The access token is in an authorization header in the format "Bearer \<ACCESS_TOKEN_VALUE\>".  To learn more about Data Lake Store support for Azure AD authentication, see [Authentication with Data Lake Store using Azure Active Directory](https://docs.microsoft.com/azure/data-lake-store/data-lakes-store-authentication-using-azure-active-directory).
+This section shows how to obtain an access token and call the Data Lake Store file system. Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained via using managed identities for Azure resources. To authenticate to the Data Lake Store file system, you send an access token issued by Azure AD to your Data Lake Store file system endpoint. The access token is in an authorization header in the format "Bearer \<ACCESS_TOKEN_VALUE\>".  To learn more about Data Lake Store support for Azure AD authentication, see [Authentication with Data Lake Store using Azure Active Directory](https://docs.microsoft.com/azure/data-lake-store/data-lakes-store-authentication-using-azure-active-directory).
 
 In this tutorial, you authenticate to the REST API for the Data Lake Store file system by using cURL to make REST requests.
 
 
@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 04/12/2018
+ms.date: 01/10/2020
 ms.author: markvi
 ms.collection: M365-identity-device-management
 ---
@@ -36,7 +36,7 @@ This tutorial shows you how to use a system-assigned managed identity for a Wind
 
 [!INCLUDE [msi-tut-prereqs](../../../includes/active-directory-msi-tut-prereqs.md)]
 
-## Create a storage account
+## Create account
 
 In this section, you create a storage account.
 
@@ -65,9 +65,9 @@ Files require blob storage so you need to create a blob container in which to st
 7. In the **Upload blob** pane, under **Files**, click the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then click **Upload**.
     ![Upload text file](./media/msi-tutorial-linux-vm-access-storage/upload-text-file.png)
 
-## Grant your VM access to an Azure Storage container
+## Grant access
 
-You can use the VM's system-assigned managed identity to retrieve the data in the Azure storage blob.
+This section shows how to grant your VM access to an Azure Storage container. You can use the VM's system-assigned managed identity to retrieve the data in the Azure storage blob.
 
 1. Navigate back to your newly created storage account.
 2. Click the **Access control (IAM)** link in the left panel.
@@ -79,7 +79,7 @@ You can use the VM's system-assigned managed identity to retrieve the data in th
 
     ![Assign permissions](./media/tutorial-linux-vm-access-storage/access-storage-perms.png)
 
-## Get an access token and use it to call Azure Storage 
+## Get an access token 
 
 Azure Storage natively supports Azure AD authentication, so it can directly accept access tokens obtained using a managed identity. This is part of Azure Storage's integration with Azure AD, and is different from supplying credentials on the connection string.