MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 60 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 60 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/best-practices.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/best-practices.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 5 additions & 3 deletions b/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 5 additions & 3 deletions
diff --git a/‎articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md
Lines changed: 1 addition & 0 deletions b/‎articles/active-directory/authentication/active-directory-certificate-based-authentication-ios.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/concept-sspr-policy.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/concept-sspr-policy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/tutorial-enable-sspr-writeback.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/tutorial-enable-sspr-writeback.md
Lines changed: 1 addition & 1 deletion
@@ -1922,6 +1922,21 @@
       "redirect_url": "/azure/cognitive-services/bing-autosuggest/quickstarts/client-libraries?pivots=programming-language-go",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Face/Quickstarts/csharp-sdk.md",
+      "redirect_url": "/azure/cognitive-services/Face/Quickstarts/client-libraries?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Face/Quickstarts/python-sdk.md",
+      "redirect_url": "/azure/cognitive-services/Face/Quickstarts/client-libraries?pivots=programming-language-python",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Face/Quickstarts/go-sdk.md",
+      "redirect_url": "/azure/cognitive-services/Face/Quickstarts/client-libraries?pivots=programming-language-go",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/classic/rdma-cluster.md",
       "redirect_url": "/azure/virtual-machines/linux/sizes-hpc#rdma-capable-instances",
@@ -3442,6 +3457,21 @@
       "redirect_url": "/azure/iot-edge/how-to-manage-device-certificates",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/iot-edge/how-to-deploy-monitor.md",
+      "redirect_url": "/azure/iot-edge/how-to-deploy-at-scale",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/iot-edge/how-to-deploy-monitor-cli.md",
+      "redirect_url": "/azure/iot-edge/how-to-deploy-cli-at-scale",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/iot-edge/how-to-deploy-monitor-vscode.md",
+      "redirect_url": "/azure/iot-edge/how-to-deploy-vscode-at-scale",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/cognitive-services/cognitive-services-recommendations-quick-start.md",
       "redirect_url": "/azure/cognitive-services/recommendations/overview",
@@ -7571,11 +7601,36 @@
       "redirect_url": "/azure/application-gateway/quick-create-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/application-gateway/tutorial-multisite-cli.md",
+      "redirect_url": "/azure/application-gateway/tutorial-multiple-sites-cli",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/application-gateway/tutorial-create-vmss-cli.md",
       "redirect_url": "/azure/application-gateway/tutorial-url-redirect-cli",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/application-gateway/application-gateway-create-url-route-cli.md",
+      "redirect_url": "/azure/application-gateway/tutorial-url-route-cli",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/application-gateway/application-gateway-create-url-route-arm-ps.md",
+      "redirect_url": "/azure/application-gateway/tutorial-url-route-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/application-gateway/application-gateway-create-multisite-azureresourcemanager-powershell.md",
+      "redirect_url": "/azure/application-gateway/tutorial-multiple-sites-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/application-gateway/application-gateway-ssl.md",
+      "redirect_url": "/azure/application-gateway/tutorial-ssl-powershell",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/application-insights/app-insights-azure-diagnostics.md",
       "redirect_url": "/azure/azure-monitor/platform/diagnostics-extension-to-application-insights",
@@ -51544,6 +51599,11 @@
       "source_path": "articles/cognitive-services/Custom-Vision-Service/python-tutorial-od.md",
       "redirect_url": "/azure/cognitive-services/Custom-Vision-Service/quickstarts/object-detection",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/develop/active-directory-graph-api-quickstart.md",
+      "redirect_url": "/azure/active-directory/develop/microsoft-graph-intro",
+      "redirect_document_id": false
     }
   ]
 }
@@ -39,7 +39,7 @@ Define your application and service architecture, inventory current systems, and
 | Create a migration plan |Planning ahead can make migration go more smoothly. Learn more about [user migration](user-migration.md).|
 | Usability vs. security | Your solution must strike the right balance between application usability and your organization's acceptable level of risk. |
 | Move on-premises dependencies to the cloud | To help ensure a resilient solution, consider moving existing application dependencies to the cloud. |
-| Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com went into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
+| Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com will go into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
 
 ## Implementation
 
@@ -88,4 +88,4 @@ Stay up to date with the state of the service and find support options.
 |--|--|
 | [Service updates](https://azure.microsoft.com/updates/?product=active-directory-b2c) |  Stay up to date with Azure AD B2C product updates and announcements. |
 | [Microsoft Support](support-options.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
-| [Azure status](https://status.azure.com/status) | View the current health status of all Azure services. |
+| [Azure status](https://status.azure.com/status) | View the current health status of all Azure services. |
@@ -69,7 +69,7 @@ Along with this property, attribute-mappings also support the following attribut
 - **Target attribute** – The user attribute in the target system (example: ServiceNow).
 - **Default value if null (optional)** - The value that will be passed to the target system if the source attribute is null. This value will only be provisioned when a user is created. The "default value when null" will not be provisioned when updating an existing user. If, for example, you want to provision all existing users in the target system with a particular Job Title (when it is null in the source system), you can use the following [expression](../app-provisioning/functions-for-customizing-application-data.md): Switch(IsPresent([jobTitle]), "DefaultValue", "True", [jobTitle]). Make sure to replace the "Default Value" with what you would like to provision when null in the source system. 
 - **Match objects using this attribute** – Whether this mapping should be used to uniquely identify users between the source and target systems. It's typically set on the userPrincipalName or mail attribute in Azure AD, which is typically mapped to a username field in a target application.
-- **Matching precedence** – Multiple matching attributes can be set. When there are multiple, they're evaluated in the order defined by this field. As soon as a match is found, no further matching attributes are evaluated.
+- **Matching precedence** – Multiple matching attributes can be set. When there are multiple, they're evaluated in the order defined by this field. As soon as a match is found, no further matching attributes are evaluated. While you can set as many matching attributes as you would like, consider whether the attributes you are using as matching attributes are truly unique and need to be matching attributes. Generally customers have 1 or 2 matching attributes in their configuration. 
 - **Apply this mapping**
   - **Always** – Apply this mapping on both user creation and update actions.
   - **Only during creation** - Apply this mapping only on user creation actions.
@@ -312,8 +312,10 @@ Selecting this option will effectively force a resynchronization of all users wh
 - Updating attribute-mappings has an impact on the performance of a synchronization cycle. An update to the attribute-mapping configuration requires all managed objects to be reevaluated.
 - A recommended best practice is to keep the number of consecutive changes to your attribute-mappings at a minimum.
 - Adding a photo attribute to be provisioned to an app is not supported today as you cannot specify the format to sync the photo. You can request the feature on [User Voice](https://feedback.azure.com/forums/169401-azure-active-directory)
-- The attribute IsSoftDeleted is often part of the default mappings for an application. IsSoftdeleted can be true in one of four scenarios (the user is out of scope due to being unassigned from the application, the user is out of scope due to not meeting a scoping filter, the user has been soft deleted in Azure AD, or the property AccountEnabled is set to false on the user). 
-- The Azure AD provisioning service does not support provisioning null values
+- The attribute IsSoftDeleted is often part of the default mappings for an application. IsSoftdeleted can be true in one of four scenarios (the user is out of scope due to being unassigned from the application, the user is out of scope due to not meeting a scoping filter, the user has been soft deleted in Azure AD, or the property AccountEnabled is set to false on the user). It is not recommended to remove the IsSoftDeleted attribute from your attribute mappings.
+- The Azure AD provisioning service does not support provisioning null values.
+- They primary key, typically "ID", should not be included as a target attribute in your attribute mappings. 
+- The role attribute typically needs to be mapped using an expression, rather than a direct mapping. See section above for more details on role mapping. 
 
 ## Next steps
 
 
@@ -32,6 +32,7 @@ This article details the requirements and the supported scenarios for configurin
 | Azure Information Protection app |![Check mark signifying support for this application][1] |
 | Intune Company Portal |![Check mark signifying support for this application][1] |
 | Microsoft Teams |![Check mark signifying support for this application][1] |
+| Office (mobile) |![Check mark signifying support for this application][1] |
 | OneNote |![Check mark signifying support for this application][1] |
 | OneDrive |![Check mark signifying support for this application][1] |
 | Outlook |![Check mark signifying support for this application][1] |
 
@@ -75,7 +75,7 @@ There are two modes of combined registration: interrupt and manage.
 - **Interrupt mode** is a wizard-like experience, presented to users when they register or refresh their security info at sign-in.
 - **Manage mode** is part of the user profile and allows users to manage their security info.
 
-For both modes, users who have previously registered a method that can be used for Multi-Factor Authentication will need to perform Multi-Factor Authentication before they can access their security info.
+For both modes, users who have previously registered a method that can be used for Multi-Factor Authentication will need to perform Multi-Factor Authentication before they can access their security info. Users must confirm their information before continuing to use their previously registered methods. 
 
 ### Interrupt mode
 
 
@@ -98,7 +98,7 @@ This guidance applies to other providers, such as Intune and Office 365, which a
 
 ## Set or check the password policies by using PowerShell
 
-To get started, [download and install the Azure AD PowerShell module](https://docs.microsoft.com/powershell/module/Azuread/?view=azureadps-2.0). After the module is installed, use the following steps to configure each field.
+To get started, [download and install the Azure AD PowerShell module](https://docs.microsoft.com/powershell/module/Azuread/?view=azureadps-2.0) and [connect it to your Azure AD tenant](https://docs.microsoft.com/powershell/module/azuread/connect-azuread?view=azureadps-2.0#examples). After the module is installed, use the following steps to configure each field.
 
 ### Check the expiration policy for a password
 
 
@@ -131,7 +131,7 @@ The Microsoft Azure AD Connect Agent Updater service is installed side by side w
 * The Microsoft Azure AD Connect Agent Updater service also requires the TLS 1.2 steps specified in [TLS requirements](https://docs.microsoft.com/azure/active-directory/manage-apps/application-proxy-add-on-premises-application#tls-requirements).
 
 > [!WARNING]
-> Azure AD Password Protection proxy and Azure AD Application Proxy install different versions of the Microsoft Azure AD Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side, so it's not recommended to install Azure AD Password Protection Proxy and Application Proxy on the same machine.
+> Azure AD Password Protection proxy and Azure AD Application Proxy install different versions of the Microsoft Azure AD Connect Agent Updater service, which is why the instructions refer to Application Proxy content. These different versions are incompatible when installed side by side and doing so will prevent the Agent Updater service from contacting Azure for software updates, so you should never install Azure AD Password Protection Proxy and Application Proxy on the same machine.
 
 ## Download required software
 
 
@@ -56,7 +56,7 @@ To correctly work with SSPR writeback, the account specified in Azure AD Connect
    * The root object of *each domain* in that forest
    * The user organizational units (OUs) you want to be in scope for SSPR
 
-If don't assign these permissions, writeback appears to be configured correctly, but users encounter errors when they manage their on-premises passwords from the cloud.
+If don't assign these permissions, writeback appears to be configured correctly, but users encounter errors when they manage their on-premises passwords from the cloud. Permissions must be applied to **This object and all descendant objects** for "Unexpire Password" to appear.  
 
 To set up the appropriate permissions for password writeback to occur, complete the following steps: