Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into billing-ea-portal-articles-edit

Author: Jak-MS

.openpublishing.redirection.json

@@ -12,6 +12,7 @@ ms.topic: reference
 ms.date: 12/10/2019
 ms.author: marsma
 ms.subservice: B2C
+ms.custom: fasttrack-edit
 ---
 
 # Register a SAML application in Azure AD B2C
@@ -173,7 +174,7 @@ Now that your tenant can issue SAML assertions, you need to create the SAML rely
     PublicPolicyUri="http://tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml">
     ```
 
-1. Add following XML snippet just before the `<RelyingParty>` element. This XML overwrites orchestration step number 7 of the _SignUpOrSignIn_ user journey. If you customized your user journey by adding or removing orchestration steps, make sure the number (in the `order` element) is aligned with the one specified in the user journey for the token issuer step.
+1. Add following XML snippet just before the `<RelyingParty>` element. This XML overwrites orchestration step number 7 of the _SignUpOrSignIn_ user journey. If you started from a different folder in the starter pack, or customized your user journey by adding or removing orchestration steps, make sure the number (in the `order` element) is aligned with the one specified in the user journey for the token issuer step (for example, in the other starter pack folders it's step number 4 for `LocalAccounts`, 6 for `SocialAccounts` and 9 for `SocialAndLocalAccountsWithMfa`).
 
     ```XML
     <UserJourneys>

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -33,7 +33,7 @@ The following example shows the content definition identifier and the definition
   <Metadata>
     <Item Key="DisplayName">Local account sign up page</Item>
   </Metadata>
-  <LoalizedResourcesReferences MergeBehavior="Prepend">
+  <LocalizedResourcesReferences MergeBehavior="Prepend">
     <LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.localaccountsignup.en" />
     <LocalizedResourcesReference Language="es" LocalizedResourcesReferenceId="api.localaccountsignup.es" />
     ...

articles/active-directory-b2c/contentdefinitions.md

@@ -29,6 +29,8 @@
   items:
     - name: Create a managed domain using Azure PowerShell
       href: powershell-create-instance.md
+    - name: Create a managed domain using a template
+      href: template-create-instance.md
 - name: Concepts
   items:
     - name: Administration basics

articles/active-directory-domain-services/TOC.yml

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 12/10/2019
+ms.date: 01/14/2020
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -30,15 +30,17 @@ More information about emergency access accounts and why they are important can
 
 ## Typical policies deployed by organizations
 
-* [Require MFA for administrators](howto-conditional-access-policy-admin-mfa.md)
-* [Require MFA for Azure management](howto-conditional-access-policy-azure-management.md)
-* [Require MFA for all users](howto-conditional-access-policy-all-users-mfa.md)
-* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)
+* [Require MFA for administrators](howto-conditional-access-policy-admin-mfa.md)\*
+* [Require MFA for Azure management](howto-conditional-access-policy-azure-management.md)\*
+* [Require MFA for all users](howto-conditional-access-policy-all-users-mfa.md)\*
+* [Block legacy authentication](howto-conditional-access-policy-block-legacy.md)\*
 * [Risk-based Conditional Access (Requires Azure AD Premium P2)](howto-conditional-access-policy-risk.md)
 * [Require trusted location for MFA registration](howto-conditional-access-policy-registration.md)
 * [Block access by location](howto-conditional-access-policy-location.md)
 * [Require compliant device](howto-conditional-access-policy-compliant-device.md)
 
+\* These four policies when configured together, would mimic functionality enabled by [security defaults](../fundamentals/concept-fundamentals-security-defaults.md).
+
 ## Next steps
 
 - [Simulate sign in behavior using the Conditional Access What If tool.](troubleshoot-conditional-access-what-if.md)

articles/active-directory-domain-services/template-create-instance.md

@@ -39,7 +39,7 @@ Conditional Access policies are powerful tools, we recommend excluding the follo
 
 * **Emergency access** or **break-glass** accounts to prevent tenant-wide account lockout. In the unlikely scenario all administrators are locked out of your tenant, your emergency-access administrative account can be used to log into the tenant take steps to recover access.
    * More information can be found in the article, [Manage emergency access accounts in Azure AD](../users-groups-roles/directory-emergency-access.md).
-* **Service accounts** and **service principles**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services and allow programmatic access to applications. Service accounts should be excluded since MFA can’t be completed programmatically.
+* **Service accounts** and **service principals**, such as the Azure AD Connect Sync Account. Service accounts are non-interactive accounts that are not tied to any particular user. They are normally used by back-end services and allow programmatic access to applications. Service accounts should be excluded since MFA can’t be completed programmatically.
    * If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md). As a temporary workaround, you can exclude these specific accounts from the baseline policy.
 
 ## Create a Conditional Access policy

articles/active-directory/conditional-access/concept-conditional-access-policy-common.md

@@ -82,6 +82,8 @@
         href: tutorial-v2-windows-uwp.md
       - name: Windows Desktop .NET
         href: tutorial-v2-windows-desktop.md
+      - name: Use shared-device mode in your Android app
+        href: tutorial-v2-shared-device-mode.md
     - name: Daemon apps
       items:
       - name: ASP.NET daemon web app
@@ -208,6 +210,8 @@
           href: scenario-mobile-app-configuration.md
         - name: Mobile platforms specific config
           items:
+          - name: Shared device mode for Android devices
+            href: shared-device-mode.md
           - name: Xamarin Android
             href: msal-net-xamarin-android-considerations.md
           - name: System browser on Android