Merge pull request #111624 from MicrosoftDocs/master

Merge Master to Live, 4 am

Author: PMEds28

.openpublishing.redirection.json

@@ -236,6 +236,11 @@
       "redirect_url": "/azure//virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster-premium-file-share",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/virtual-machines/windows/encrypt-disks.md",
+      "redirect_url": "/azure//virtual-machines/windows/disk-encryption-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-machines/linux/cli-manage-nodejs.md",
       "redirect_url": "/azure/virtual-machines/linux/create-cli-complete",
@@ -51114,6 +51119,16 @@
       "source_path": "articles/security/fundamentals/database-best-practices.md",
       "redirect_url": "/azure/sql-database/sql-database-security-best-practice",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/healthcare-apis/configure-azure-rbac.md",
+      "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir-additional-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/healthcare-apis/configure-local-rbac.md",
+      "redirect_url": "/azure/healthcare-apis/azure-api-for-fhir-additional-settings",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/identity-provider-adfs2016-custom.md

@@ -165,7 +165,7 @@ Now that you have a button in place, you need to link it to an action. The actio
 To use ADFS as an identity provider in Azure AD B2C, you need to create an ADFS Relying Party Trust with the Azure AD B2C SAML metadata. The following example shows a URL address to the SAML metadata of an Azure AD B2C technical profile:
 
 ```
-https://your-tenant-name.b2clogin.com/your-tenant-name/your-policy/samlp/metadata?idptp=your-technical-profile
+https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/your-policy/samlp/metadata?idptp=your-technical-profile
 ```
 
 Replace the following values:

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -1,40 +1,39 @@
 ---
 title: Combined registration for SSPR and MFA - Azure Active Directory
-description: Azure AD Multi-Factor Authentication and self-service password reset registration (preview)
+description: Azure AD Multi-Factor Authentication and self-service password reset registration
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/06/2020
+ms.date: 04/15/2020
 
 ms.author: iainfou
 author: iainfoulds
 manager: daveba
-ms.reviewer: sahenry
+ms.reviewer: rhicock
 
 ms.collection: M365-identity-device-management
 ---
-# Combined security information registration (preview)
+# Combined security information registration overview
 
 Before combined registration, users registered authentication methods for Azure Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for Multi-Factor Authentication and SSPR but they had to register for both features. Now, with combined registration, users can register once and get the benefits of both Multi-Factor Authentication and SSPR.
 
+This article outlines what combined security registration is. To get started with combined security registration, see the following article:
+
+> [!div class="nextstepaction"]
+> [Enable combined security regiration](howto-registration-mfa-sspr-combined.md)
+
 ![My Profile showing registered Security info for a user](media/concept-registration-mfa-sspr-combined/combined-security-info-defualts-registered.png)
 
 Before enabling the new experience, review this administrator-focused documentation and the user-focused documentation to ensure you understand the functionality and effect of this feature. Base your training on the [user documentation](../user-help/user-help-security-info-overview.md) to prepare your users for the new experience and help to ensure a successful rollout.
 
 Azure AD combined security information registration is not currently available to national clouds like Azure US Government, Azure Germany, or Azure China 21Vianet.
 
-|     |
-| --- |
-| Combined security information registration for Multi-Factor Authentication and Azure Active Directory (Azure AD) self-service password reset is a public preview feature of Azure AD. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).|
-|     |
-
 > [!IMPORTANT]
 > Users who are enabled for both the original preview and the enhanced combined registration experience will see the new behavior. Users who are enabled for both experiences will see only the new My Profile experience. The new My Profile aligns with the look and feel of combined registration and provides a seamless experience for users. Users can see My Profile by going to [https://myprofile.microsoft.com](https://myprofile.microsoft.com).
-
-> [!NOTE] 
-> You might encounter an error message while trying to access the Security info option. For example, "Sorry, we can't sign you in". In this case, confirm that you don't have any configuration or group policy object that blocks third-party cookies on the web browser. 
+>
+> You might encounter an error message while trying to access the Security info option. For example, "Sorry, we can't sign you in". In this case, confirm that you don't have any configuration or group policy object that blocks third-party cookies on the web browser.
 
 My Profile pages are localized based on the language settings of the computer accessing the page. Microsoft stores the most recent language used in the browser cache, so subsequent attempts to access the pages will continue to render in the last language used. If you clear the cache, the pages will re-render. If you want to force a specific language, you can add `?lng=<language>` to the end of the URL, where `<language>` is the code of the language you want to render.
 
@@ -74,7 +73,6 @@ As we continue to add more authentication methods to Azure AD, those methods wil
 There are two modes of combined registration: interrupt and manage.
 
 - **Interrupt mode** is a wizard-like experience, presented to users when they register or refresh their security info at sign-in.
-
 - **Manage mode** is part of the user profile and allows users to manage their security info.
 
 For both modes, users who have previously registered a method that can be used for Multi-Factor Authentication will need to perform Multi-Factor Authentication before they can access their security info.
@@ -136,14 +134,8 @@ A user who has previously set up at least one method that can be used for Multi-
 
 ## Next steps
 
-[Force users to re-register authentication methods](howto-mfa-userdevicesettings.md#manage-user-authentication-options)
-
-[Enable combined registration in your tenant](howto-registration-mfa-sspr-combined.md)
-
-[SSPR and MFA usage and insights reporting](howto-authentication-methods-usage-insights.md)
-
-[Available methods for Multi-Factor Authentication and SSPR](concept-authentication-methods.md)
+To get started, see the tutorials to [enable self-service password reset](tutorial-enable-sspr.md) and [enable Azure Multi-Factor Authentication](tutorial-enable-azure-mfa.md).
 
-[Configure self-service password reset](howto-sspr-deployment.md)
+Learn how to [enable combined registration in your tenant](howto-registration-mfa-sspr-combined.md) or [force users to re-register authentication methods](howto-mfa-userdevicesettings.md#manage-user-authentication-options).
 
-[Configure Azure Multi-Factor Authentication](howto-mfa-getstarted.md)
+You can also review the [available methods for Azure Multi-Factor Authentication and SSPR](concept-authentication-methods.md).

articles/active-directory/authentication/howto-authentication-passwordless-deployment.md

@@ -64,7 +64,7 @@ Organizations must meet the following prerequisites before beginning a passwordl
 
 | Prerequisite | Authenticator app | FIDO2 Security Keys |
 | --- | --- | --- |
-| [Combined registration for Azure Multi-factor authentication and self-service password reset (SSPR)](howto-registration-mfa-sspr-combined.md) is enabled (preview feature) | √ | √ |
+| [Combined registration for Azure Multi-factor authentication and self-service password reset (SSPR)](howto-registration-mfa-sspr-combined.md) is enabled | √ | √ |
 | [Users can perform Azure Multi-factor authentication](howto-mfa-getstarted.md) | √ | √ |
 | [Users have registered for Azure Multi-factor authentication and SSPR](howto-registration-mfa-sspr-combined.md) | √ | √ |
 | [Users have registered their mobile devices to Azure Active Directory](../devices/overview.md) | √ |   |

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -38,7 +38,7 @@ Instead of seeing a prompt for a password after entering a username, a person wh
 
 ### Enable the combined registration experience
 
-Registration features for passwordless authentication methods rely on the combined registration preview. Follow the steps in the article [Enable combined security information registration (preview)](howto-registration-mfa-sspr-combined.md), to enable the combined registration preview.
+Registration features for passwordless authentication methods rely on the combined registration feature. Follow the steps in the article [Enable combined security information registration](howto-registration-mfa-sspr-combined.md), to enable combined registration.
 
 ### Enable passwordless phone sign-in authentication methods
 

articles/active-directory/authentication/howto-authentication-passwordless-security-key.md

@@ -45,7 +45,7 @@ Hybrid Azure AD joined devices must run Windows 10 Insider Build 18945 or newer.
 
 ### Enable the combined registration experience
 
-Registration features for passwordless authentication methods rely on the combined registration preview. Follow the steps in the article [Enable combined security information registration (preview)](howto-registration-mfa-sspr-combined.md), to enable the combined registration preview.
+Registration features for passwordless authentication methods rely on the combined registration feature. Follow the steps in the article [Enable combined security information registration (preview)](howto-registration-mfa-sspr-combined.md), to enable combined registration.
 
 ### Enable FIDO2 security key method
 

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -141,7 +141,7 @@ A text message that contains a verification code is sent to the user, the user i
 
 ## Plan registration policy
 
-Administrators must determine how users will register their methods. Organizations should [enable the new combined registration experience](howto-registration-mfa-sspr-combined.md) for Azure MFA and self-service password reset (SSPR). SSPR allows users to reset their password in a secure way using the same methods they use for multi-factor authentication. We recommend this combined registration, currently in public preview, because it's a great experience for users, with the ability to register once for both services. Enabling the same methods for SSPR and Azure MFA will allow your users to be registered to use both features.
+Administrators must determine how users will register their methods. Organizations should [enable the new combined registration experience](howto-registration-mfa-sspr-combined.md) for Azure MFA and self-service password reset (SSPR). SSPR allows users to reset their password in a secure way using the same methods they use for multi-factor authentication. We recommend this combined registration because it's a great experience for users, with the ability to register once for both services. Enabling the same methods for SSPR and Azure MFA will allow your users to be registered to use both features.
 
 ### Registration with Identity Protection
 

articles/active-directory/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md

@@ -1,29 +1,24 @@
 ---
 title: Troubleshoot combined registration - Azure Active Directory
-description: Troubleshoot Azure AD Multi-Factor Authentication and self-service password reset combined registration (preview)
+description: Troubleshoot Azure AD Multi-Factor Authentication and self-service password reset combined registration
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: troubleshooting
-ms.date: 11/21/2019
+ms.date: 04/15/2020
 
 ms.author: iainfou
 author: iainfoulds
 manager: daveba
-ms.reviewer: sahenry
+ms.reviewer: rhicock
 
 ms.collection: M365-identity-device-management
 ---
-# Troubleshooting combined security information registration (preview)
+# Troubleshooting combined security information registration
 
 The information in this article is meant to guide admins who are troubleshooting issues reported by users of the combined registration experience.
 
-|     |
-| --- |
-| Combined security information registration for Azure Multi-Factor Authentication and Azure Active Directory (Azure AD) self-service password reset is a public preview feature of Azure AD. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).|
-|     |
-
 ## Audit logs
 
 The events logged for combined registration are in the Authentication Methods category in the Azure AD audit logs.
@@ -48,25 +43,25 @@ The following table lists all audit events generated by combined registration:
 
 | Symptom | Troubleshooting steps |
 | --- | --- |
-| I’m not seeing the methods I expected to see. | 1. Check if the user has an Azure AD admin role. If yes, view the SSPR admin policy differences. <br> 2. Determine whether the user is being interrupted because of Multi-Factor Authentication registration enforcement or SSPR registration enforcement. See the [flowchart](../../active-directory/authentication/concept-registration-mfa-sspr-combined.md#combined-registration-modes) under "Combined registration modes" to determine which methods should be shown. <br> 3. Determine how recently the Multi-Factor Authentication or SSPR policy was changed. If the change was recent, it might take some time for the updated policy to propagate.|
+| I'm not seeing the methods I expected to see. | 1. Check if the user has an Azure AD admin role. If yes, view the SSPR admin policy differences. <br> 2. Determine whether the user is being interrupted because of Multi-Factor Authentication registration enforcement or SSPR registration enforcement. See the [flowchart](../../active-directory/authentication/concept-registration-mfa-sspr-combined.md#combined-registration-modes) under "Combined registration modes" to determine which methods should be shown. <br> 3. Determine how recently the Multi-Factor Authentication or SSPR policy was changed. If the change was recent, it might take some time for the updated policy to propagate.|
 
 ## Troubleshooting manage mode
 
 | Symptom | Troubleshooting steps |
 | --- | --- |
-| I don’t have the option to add a particular method. | 1. Determine whether the method is enabled for Multi-Factor Authentication or for SSPR. <br> 2. If the method is enabled, save the policies again and wait 1-2 hours before testing again. <br> 3. If the method is enabled, ensure that the user hasn’t already set up the maximum number of that method that they're allowed to set up.|
+| I don't have the option to add a particular method. | 1. Determine whether the method is enabled for Multi-Factor Authentication or for SSPR. <br> 2. If the method is enabled, save the policies again and wait 1-2 hours before testing again. <br> 3. If the method is enabled, ensure that the user hasn't already set up the maximum number of that method that they're allowed to set up.|
 
 ## Disable combined registration
 
 When a user registers a phone number and/or mobile app in the new combined experience, our service stamps a set of flags (StrongAuthenticationMethods) for those methods on that user. This functionality allows the user to perform Multi-Factor Authentication with those methods whenever Multi-Factor Authentication is required.
 
 If an admin enables the preview, users register through the new experience, and then the admin disables the preview, users might unknowingly be registered for Multi-Factor Authentication also.
 
-If a user who has completed combined registration goes to the current self-service password reset (SSPR) registration page at [https://aka.ms/ssprsetup](https://aka.ms/ssprsetup), the user will be prompted to perform Multi-Factor Authentication before they can access that page. This step is expected from a technical standpoint, but it's new for users who were previously registered for SSPR only. Though this extra step does improve the user’s security posture by providing another level of security, admins might want to roll back their users so that they're no longer able to perform Multi-Factor Authentication.  
+If a user who has completed combined registration goes to the current self-service password reset (SSPR) registration page at [https://aka.ms/ssprsetup](https://aka.ms/ssprsetup), the user will be prompted to perform Multi-Factor Authentication before they can access that page. This step is expected from a technical standpoint, but it's new for users who were previously registered for SSPR only. Though this extra step does improve the user's security posture by providing another level of security, admins might want to roll back their users so that they're no longer able to perform Multi-Factor Authentication.  
 
 ### How to roll back users
 
-If you, as an admin, want to reset a user's Multi-Factor Authentication settings, you can use the PowerShell script provided in the next section. The script will clear the StrongAuthenticationMethods property for a user’s mobile app and/or phone number. If you run this script for your users, they'll need to re-register for Multi-Factor Authentication if they need it. We recommend testing rollback with one or two users before rolling back all affected users.
+If you, as an admin, want to reset a user's Multi-Factor Authentication settings, you can use the PowerShell script provided in the next section. The script will clear the StrongAuthenticationMethods property for a user's mobile app and/or phone number. If you run this script for your users, they'll need to re-register for Multi-Factor Authentication if they need it. We recommend testing rollback with one or two users before rolling back all affected users.
 
 The steps that follow will help you roll back a user or group of users.
 
@@ -147,16 +142,16 @@ In a PowerShell window, run the following command, providing the script and user
 
 `<script location> -path <user file location>`
 
-### Disable the preview experience
+### Disable the updated experience
 
-To disable the preview experience for your users, complete these steps:
+To disable the updated experience for your users, complete these steps:
 
 1. Sign in to the Azure portal as a user administrator.
 2. Go to **Azure Active Directory** > **User settings** > **Manage settings for access panel preview features**.
 3. Under **Users can use preview features for registering and managing security info**, set the selector to **None**, and then select **Save**.
 
-Users will no longer be prompted to register by using the preview experience.
+Users will no longer be prompted to register by using the updated experience.
 
 ## Next steps
 
-* [Learn more about the public preview of combined registration for self-service password reset and Azure Multi-Factor Authentication](concept-registration-mfa-sspr-combined.md)
+* [Learn more about combined registration for self-service password reset and Azure Multi-Factor Authentication](concept-registration-mfa-sspr-combined.md)