Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into digital-twins-tutorials

Author: ShawnJackson

.openpublishing.publish.config.json

@@ -247,6 +247,18 @@
       "url": "https://github.com/Azure-Samples/cognitive-services-qnamaker-python",
       "branch": "master",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "cognitive-services-dotnet-sdk-samples",
+      "url": "https://github.com/Azure-Samples/cognitive-services-dotnet-sdk-samples",
+      "branch": "master",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "cognitive-services-java-sdk-samples",
+      "url": "https://github.com/Azure-Samples/cognitive-services-java-sdk-samples",
+      "branch": "master",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.json

@@ -27052,11 +27052,6 @@
             "redirect_url": "/azure/cloud-shell/overview",
             "redirect_document_id": false
         },
-        {
-            "source_path": "articles/dms/index.md",
-            "redirect_url": "/azure/dms/dms-overview",
-            "redirect_document_id": false
-        },
         {
             "source_path": "articles/guides/developer/index.md",
             "redirect_url": "/azure/guides/developer/azure-developer-guide",

articles/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.md

@@ -8,7 +8,7 @@ manager: mtillman
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 11/05/2018
+ms.date: 11/07/2018
 ms.author: davidmu
 ms.component: B2C
 ---
@@ -22,19 +22,19 @@ This article shows you how to enable sign-in for an ADFS user account by using [
 ## Prerequisites
 
 - Complete the steps in [Get started with custom policies in Azure Active Directory B2C](active-directory-b2c-get-started-custom.md).
-- Make sure that you have access to the certificate .pfx file with the private key that was issued by ADFS.
+- Make sure that you have access to a certificate .pfx file with a private key. You can generate your own signed certificate and upload it to Azure AD B2C. Azure AD B2C uses this certificate to sign the SAML request sent to your SAML identity provider.
 
 ## Create a policy key
 
-You need to store your ADFS certificate in your Azure AD B2C tenant.
+You need to store your certificate in your Azure AD B2C tenant.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
 3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 4. On the Overview page, select **Identity Experience Framework - PREVIEW**.
 5. Select **Policy Keys** and then select **Add**.
 6. For **Options**, choose `Upload`.
-7. Enter a **Name** for the policy key. For example, `ADFSSamlCert`. The prefix `B2C_1A_` is added automatically to the name of your key.
+7. Enter a **Name** for the policy key. For example, `SamlCert`. The prefix `B2C_1A_` is added automatically to the name of your key.
 8. Browse to and select your certificate .pfx file with the private key.
 9. Click **Create**.
 

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -62,8 +62,8 @@ You now have an application that has permission to create, read and update users
 > 
 > 
 
-## Configure delete permissions for your application
-Currently, the *Read and write directory data* permission does **NOT** include the ability to do any deletions such as deleting users. If you want to give your application the ability to delete users, you'll need to do these extra steps that involve PowerShell, otherwise, you can skip to the next section.
+## Configure delete or update password permissions for your application
+Currently, the *Read and write directory data* permission does **NOT** include the ability to delete users or update user passwords. If you want to give your application the ability to delete users or update passwords, you'll need to do these extra steps that involve PowerShell, otherwise, you can skip to the next section.
 
 First, if you don't already have it installed, install the [Azure AD PowerShell v1 module (MSOnline)](https://docs.microsoft.com/powershell/azure/active-directory/install-msonlinev1?view=azureadps-1.0):
 
@@ -80,15 +80,15 @@ After you install the PowerShell module connect to your Azure AD B2C tenant.
 Connect-MsolService
 ```
 
-Now we'll use the **Application ID** in the script below to assign the application the user account administrator role which will allow it to delete users. These roles have well-known identifiers, so all you need to do is input your **Application ID** in the script below.
+Now we'll use the **Application ID** in the script below to assign the application the user account administrator role. These roles have well-known identifiers, so all you need to do is input your **Application ID** in the script below.
 
 ```powershell
 $applicationId = "<YOUR_APPLICATION_ID>"
 $sp = Get-MsolServicePrincipal -AppPrincipalId $applicationId
 Add-MsolRoleMember -RoleObjectId fe930be7-5e62-47db-91af-98c3a49a38b1 -RoleMemberObjectId $sp.ObjectId -RoleMemberType servicePrincipal
 ```
 
-Your application now also has permissions to delete users from your B2C tenant.
+Your application now also has permissions to delete users or update passwords from your B2C tenant.
 
 ## Download, configure, and build the sample code
 First, download the sample code and get it running. Then we will take a closer look at it.  You can [download the sample code as a .zip file](https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/archive/master.zip). You can also clone it into a directory of your choice:

articles/active-directory-b2c/active-directory-b2c-reference-oauth-code.md

@@ -17,8 +17,6 @@ ms.component: B2C
 You can use the OAuth 2.0 authorization code grant in apps installed on a device to gain access to protected resources, such as web APIs. By using the Azure Active Directory B2C (Azure AD B2C) implementation of OAuth 2.0, you can add sign-up, sign-in,
 and other identity management tasks to your mobile and desktop apps. This article is language-independent. In the article, we describe how to send and receive HTTP messages without using any open-source libraries.
 
-<!-- TODO: Need link to libraries -->
-
 The OAuth 2.0 authorization code flow is described in [section 4.1 of the OAuth 2.0 specification](http://tools.ietf.org/html/rfc6749). You can use it for authentication and authorization in most [application types](active-directory-b2c-apps.md), including web applications and natively installed applications. You can use the OAuth 2.0 authorization code flow to securely acquire access tokens and refresh tokens for your applications, which can be used to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md).  The refresh token allows the client to acquire new access (and refresh) tokens once the access token expires, typically after one hour.
 
 This article focuses on the **public clients** OAuth 2.0 authorization code flow. A public client is any client application that cannot be trusted to securely maintain the integrity of a secret password. This includes mobile apps, desktop applications, and essentially any application that runs on a device and needs to get access tokens. 
@@ -77,7 +75,7 @@ client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
 | redirect_uri |Required |The redirect URI of your app, where authentication responses are sent and received by your app. It must exactly match one of the redirect URIs that you registered in the portal, except that it must be URL-encoded. |
 | scope |Required |A space-separated list of scopes. A single scope value indicates to Azure Active Directory (Azure AD) both of the permissions that are being requested. Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.  The `offline_access` scope indicates that your app needs a refresh token for long-lived access to resources. You also can use the `openid` scope to request an ID token from Azure AD B2C. |
 | response_mode |Recommended |The method that you use to send the resulting authorization code back to your app. It can be `query`, `form_post`, or `fragment`. |
-| state |Recommended |A value included in the request that is returned in the token response. It can be a string of any content that you want to use. Usually, a randomly generated unique value is  used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the policy that was being executed. |
+| state |Recommended |A value included in the request that can be a string of any content that you want to use. Usually, a randomly generated unique value is  used, to prevent cross-site request forgery attacks. The state also is used to encode information about the user's state in the app before the authentication request occurred. For example, the page the user was on, or the policy that was being executed. |
 | p |Required |The policy that is executed. It's the name of a policy that is created in your Azure AD B2C directory. The policy name value should begin with **b2c\_1\_**. To learn more about policies, see [Azure AD B2C built-in policies](active-directory-b2c-reference-policies.md). |
 | prompt |Optional |The type of user interaction that is required. Currently, the only valid value is `login`, which forces the user to enter their credentials on that request. Single sign-on will not take effect. |
 

articles/active-directory/authentication/howto-authentication-phone-sign-in.md

@@ -34,11 +34,16 @@ For public preview, an admin must first add a policy via powershell to allow use
 
 ### Steps to enable
 
-1. Install the [public preview release of the Azure Active Directory V2 PowerShell Module](https://www.powershellgallery.com/packages/AzureADPreview/).  
-2. In PowerShell, run two commands:
-   1. `Connect-AzureAD`
-      1. In the authentication dialog, sign in with an account in the tenant. The account must either be a Security Administrator or Global Administrator.
-   2. `New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn`
+Ensure you have the latest version of the Public Preview release of Azure Active Directory V2 PowerShell Module. You may wish to uninstall and reinstall to confirm this by executing the following commands:
+
+1. `Uninstall-Module -Name AzureADPreview`
+2. `Install-Module -Name AzureADPreview`
+
+You can enable the password-less phone sign-in preview using the following PowerShell commands:
+
+1. `Connect-AzureAD`
+   1. In the authentication dialog, sign in with an account in the tenant. The account must either be a Security Administrator or Global Administrator.
+1. `New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn`
 
 ## How do my end users enable phone sign-in?
 
@@ -58,7 +63,7 @@ Once the user has the MFA account with push notifications set up in the Microsof
 
 ### AD FS Integration
 
-When a user has enabled the Microsoft Authenticator password-less credential, authentication for that user will always default to sending a notification for approval. This logic prevents users in a hybrid tenant from being directed to ADFS for sign-in verification without the user taking an additional step to click “Use your password instead.” This process will also bypass any on-premises Conditional Access policies, and Pass-through authentication flows. The exception to this process is if a login_hint is specified, a user will be auto-forwarded to AD FS, and bypass the option to use the password-less credential.
+When a user has enabled the Microsoft Authenticator password-less credential, authentication for that user will always default to sending a notification for approval. This logic prevents users in a hybrid tenant from being directed to ADFS for sign-in verification without the user taking an additional step to click “Use your password instead.” This process will also bypass any on-premises Conditional Access policies, and Pass-through authentication flows. The exception to this process is if a login_hint is specified, a user will be autoforwarded to AD FS, and bypass the option to use the password-less credential.
 
 ### Azure MFA server
 

articles/active-directory/authentication/tutorial-sspr-windows.md

@@ -112,7 +112,7 @@ When testing this functionality using Remote Desktop, the "Reset password" link
 
 If the Windows lock screen is disabled using a registry key or group policy, **Reset password** will not be available.
 
-If Ctrl+Alt+Del is required by policy, or Lock screen notifications are turned off, **Reset password** will not work. Windows 10 19H1 will resolve this requirement.
+If Ctrl+Alt+Del is required by policy, or Lock screen notifications are turned off, **Reset password** will not work.
 
 The Azure AD audit log will include information about the IP address and ClientType where the password reset occurred.
 

articles/active-directory/develop/reference-breaking-changes.md

@@ -24,7 +24,7 @@ ms.custom: aaddev
 
 >Get notified about updates to this page. Just add [this URL](https://docs.microsoft.com/api/search/rss?search=%22whats%20new%20for%20authentication%22&locale=en-us) to your RSS feed reader.
 
-The authentication system alters and adds features on an ongoing basis to improve security and standards compliance. To stay up-to-date with the most recent developments, this article provides you with information about the following:
+The authentication system alters and adds features on an ongoing basis to improve security and standards compliance. To stay up-to-date with the most recent developments, this article provides you with information about the following details:
 
 - Latest features
 - Known issues
@@ -36,34 +36,39 @@ The authentication system alters and adds features on an ongoing basis to improv
 
 ## Upcoming changes
 
+None scheduled at this time. 
+
+## October 2018
+
 ### Authorization codes can no longer be reused
 
-**Effective date**: October 10, 2018
+**Effective date**: November 15, 2018
+
 **Endpoints impacted**: Both v1.0 and v2.0
+
 **Protocol impacted**: [Code flow](v2-oauth2-auth-code-flow.md)
 
-Starting on October 10, 2018, Azure AD will stop accepting previously-used authentication codes for apps. This security change helps to bring Azure AD in line with the OAuth specification and will be enforced on both the v1 and v2 endpoints.
+Starting on November 15, 2018, Azure AD will stop accepting previously used authentication codes for apps. This security change helps to bring Azure AD in line with the OAuth specification and will be enforced on both the v1 and v2 endpoints.
 
 If your app reuses authorization codes to get tokens for multiple resources, we recommend that you use the code to get a refresh token, and then use that refresh token to acquire additional tokens for other resources. Authorization codes can only be used once, but refresh tokens can be used multiple times across multiple resources. Any new app that attempts to reuse an authentication code during the OAuth code flow will get an invalid_grant error.
 
 For more information about refresh tokens, see [Refreshing the access tokens](v1-protocols-oauth-code.md#refreshing-the-access-tokens).
 
-> [!NOTE]
-> In an effort to break as few apps as possible, existing applications that rely on this feature were given an exception to this requirement.  Any app with more than 10 logins a day relying on this pattern was considered to rely on it.  
-
 ## May 2018
 
 ### ID tokens cannot be used for the OBO flow
 
 **Date**: May 1, 2018
+
 **Endpoints impacted**: Both v1.0 and v2.0
+
 **Protocols impacted**: Implicit flow and [OBO flow](v1-oauth2-on-behalf-of-flow.md)
 
-After May 1, 2018, id_tokens cannot be used as the assertion in an OBO flow for new applications. Access tokens should be used instead to secure APIs, even between a client and middle tier of the same application. Apps registered before May 1, 2018 will continue to work and be able to exchange id_tokens for an access token; however, this is not considered a best practice.
+After May 1, 2018, id_tokens cannot be used as the assertion in an OBO flow for new applications. Access tokens should be used instead to secure APIs, even between a client and middle tier of the same application. Apps registered before May 1, 2018 will continue to work and be able to exchange id_tokens for an access token; however, this pattern is not considered a best practice.
 
 To work around this change, you can do the following:
 
-1. Create a Web API for your middle tier application, with one or more scopes. This will allow finer grained control and security.
+1. Create a Web API for your application, with one or more scopes. This explicit entry point will allow finer grained control and security.
 1. In your app's manifest, in the [Azure portal](https://portal.azure.com) or the [app registration portal](https://apps.dev.microsoft.com), ensure that the app is allowed to issue access tokens via the implicit flow. This is controlled through the `oauth2AllowImplicitFlow` key.
 1. When your client application requests an id_token via `response_type=id_token`, also request an access token (`response_type=token`) for the Web API created above. Thus, when using the v2.0 endpoint the `scope` parameter should look similar to `api://GUID/SCOPE`. On the v1.0 endpoint, the `resource` parameter should be the app URI of the web API.
 1. Pass this access token to the middle tier in place of the id_token.  

articles/active-directory/devices/hybrid-azuread-join-federated-domains.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: tutorial
-ms.date: 11/01/2018
+ms.date: 11/07/2018
 ms.author: markvi
 ms.reviewer: sandeo
 
@@ -176,8 +176,6 @@ To successfully complete hybrid Azure AD join of your Windows down-level devices
 
 - `https://device.login.microsoftonline.com`
 
-- `https://device.login.microsoftonline.com`
-
 - Your organization's Security Token Service (STS - federated domains)
 
 - `https://autologon.microsoftazuread-sso.com` (for Seamless SSO).

articles/active-directory/hybrid/how-to-connect-health-adds.md

@@ -3,7 +3,7 @@ title: Using Azure AD Connect Health with AD DS | Microsoft Docs
 description: This is the Azure AD Connect Health page that will discuss how to monitor AD DS.
 services: active-directory
 documentationcenter: ''
-author: zhiweiw
+author: zhiweiwangmsft
 manager: mtillman
 editor: curtand