Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-synapse-current

Author: v-alje

.openpublishing.publish.config.json

@@ -26,7 +26,7 @@
     "[email protected]"
   ],
   "sync_notification_subscribers": [
-    "tysonn@microsoft.com"
+    "angrobe_extended_dir@microsoft.com"
   ],
   "branches_to_filter": [],
   "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/azure-docs",

.openpublishing.redirection.json

@@ -17552,16 +17552,6 @@
       "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-load-with-data-factory",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-security-threat-detection.md",
-      "redirect_url": "/azure/sql-database/sql-database-threat-detection-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-auditing-overview.md",
-      "redirect_url": "/azure/sql-database/sql-database-auditing",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/sql-data-warehouse/sql-data-warehouse-migrate-code.md",
       "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-overview-develop",
@@ -17827,26 +17817,6 @@
       "redirect_url": "/azure/synapse-analytics/quickstart-create-sql-pool-portal",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/sql-database/sql-database-auditing-get-started.md",
-      "redirect_url": "/azure/sql-database/sql-database-auditing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/sql-database/sql-database-auditing-portal.md",
-      "redirect_url": "/azure/sql-database/sql-database-auditing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/sql-database/sql-database-auditing-powershell.md",
-      "redirect_url": "/azure/sql-database/sql-database-auditing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/sql-database/sql-database-auditing-rest.md",
-      "redirect_url": "/azure/sql-database/sql-database-auditing",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/sql-database/sql-database-build-multi-tenant-apps.md",
       "redirect_url": "/azure/sql-database/saas-tenancy-app-design-patterns",
@@ -18557,16 +18527,6 @@
       "redirect_url": "/azure/sql-database/sql-database-advanced-data-security",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/sql-database/sql-database-threat-detection-get-started.md",
-      "redirect_url": "/azure/sql-database/sql-database-threat-detection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/sql-database/sql-database-threat-detection-portal.md",
-      "redirect_url": "/azure/sql-database/sql-database-threat-detection",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/sql-database/sql-database-troubleshoot-backup-and-restore.md",
       "redirect_url": "/azure/sql-database/sql-database-recovery-using-backups",
@@ -19302,11 +19262,6 @@
       "redirect_url": "/azure/load-balancer/load-balancer-get-started-internet-portal",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/virtual-machines/windows/sql/virtual-machines-windows-sql-register-with-rp.md",
-      "redirect_url": "/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-register-with-resource-provider",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/load-balancer/load-balancer-configure-sqlao.md",
       "redirect_url": "/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-alwayson-int-listener",
@@ -29647,11 +29602,6 @@
       "redirect_url": "/azure/data-factory/v1/data-factory-amazon-redshift-connector",
       "redirect_document_id": true
     },
-    {
-      "source_path": "articles/data-factory/connector-azure-sql-database-managed-insance.md",
-      "redirect_url": "/azure/data-factory/connector-azure-sql-database-managed-instance",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/data-factory/how-to-read-write-partitioned-data.md",
       "redirect_url": "/azure/data-factory/tutorial-incremental-copy-overview",
@@ -32857,11 +32807,6 @@
       "redirect_url": "/azure/service-fabric/service-fabric-security-controls",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/sql-database/sql-database-security-attributes.md",
-      "redirect_url": "/azure/sql-database/sql-database-security-controls",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/storage/common/storage-security-attributes.md",
       "redirect_url": "/azure/storage/common/storage-security-controls",
@@ -52299,11 +52244,6 @@
       "redirect_url": "/azure/developer/terraform/",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/sql-database/sql-database-auditing-and-threat-detection-powershell.md",
-      "redirect_url": "/azure/sql-database/scripts/sql-database-auditing-and-threat-detection-powershell",
-      "redirect_document_id": true
-    },
     {
       "source_path": "articles/media-services/azure-media-player/azure-media-player-license.md",
       "redirect_url": "/legal/azure-media-player/azure-media-player-license",
@@ -52428,6 +52368,72 @@
       "source_path":"articles/azure-monitor/app/alerts.md",
       "redirect_url":"/azure/azure-monitor/platform/alerts-log",
       "redirect_document_id": false 		
+    },
+    {
+      "source_path": "articles/virtual-machines/windows/sql/virtual-machines-windows-sql-register-with-rp.md",
+      "redirect_url": "/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-register-with-resource-provider",
+      "redirect_document_id": false
+    },    
+    {   
+      "source_path": "articles/sql-database/sql-database-security-attributes.md",
+      "redirect_url": "/azure/sql-database/sql-database-security-controls",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path": "articles/data-factory/connector-azure-sql-database-managed-insance.md",
+      "redirect_url": "/azure/data-factory/connector-azure-sql-database-managed-instance",
+      "redirect_document_id": false
+    },          
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-security-threat-detection.md",
+      "redirect_url": "/azure/sql-database/sql-database-threat-detection-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sql-database/sql-database-threat-detection-get-started.md",
+      "redirect_url": "/azure/sql-database/sql-database-threat-detection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sql-database/sql-database-threat-detection-portal.md",
+      "redirect_url": "/azure/sql-database/sql-database-threat-detection",
+      "redirect_document_id": false
+    },
+    {
+        "source_path": "articles/sql-data-warehouse/sql-data-warehouse-auditing-overview.md",
+        "redirect_url": "/azure/sql-database/sql-database-auditing",
+        "redirect_document_id": false
+    },  
+    {
+        "source_path": "articles/sql-database/sql-database-auditing-get-started.md",
+        "redirect_url": "/azure/sql-database/sql-database-auditing",
+        "redirect_document_id": false
+    },
+    {
+        "source_path": "articles/sql-database/sql-database-auditing-portal.md",
+        "redirect_url": "/azure/sql-database/sql-database-auditing",
+        "redirect_document_id": false
+    },
+    {
+        "source_path": "articles/sql-database/sql-database-auditing-powershell.md",
+        "redirect_url": "/azure/sql-database/sql-database-auditing",
+        "redirect_document_id": false
+    },
+    {
+        "source_path": "articles/sql-database/sql-database-auditing-rest.md",
+        "redirect_url": "/azure/sql-database/sql-database-auditing",
+        "redirect_document_id": false
+    },    
+    {
+        "source_path": "articles/sql-database/sql-database-auditing-and-threat-detection-powershell.md",
+        "redirect_url": "/azure/sql-database/scripts/sql-database-auditing-and-threat-detection-powershell",
+        "redirect_document_id": true
+      },
+      {
+        "source_path": "articles/cdn/endpoint-multiorigin.md",
+        "redirect_url": "/azure/cdn/cdn-overview",
+        "redirect_document_id": false
     }
-  ]
+
+]
 }

articles/active-directory-b2c/custom-policy-get-started.md

@@ -134,7 +134,7 @@ Next, specify that the application should be treated as a public client:
 
 1. Under **Manage**, select **Authentication**.
 1. Select **Try out the new experience** (if shown).
-1. Under **Advanced settings**, enable **Treat application as a public client** (select **Yes**).
+1. Under **Advanced settings**, enable **Treat application as a public client** (select **Yes**). Ensure that **"allowPublicClient": true** is set in the application manifest. 
 1. Select **Save**.
 
 Now, grant permissions to the API scope you exposed earlier in the *IdentityExperienceFramework* registration:

articles/active-directory-b2c/tokens-overview.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 05/12/2020
+ms.date: 05/21/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -33,8 +33,8 @@ The following tokens are used in communication with Azure AD B2C:
 
 A [registered application](tutorial-register-applications.md) receives tokens and communicates with Azure AD B2C by sending requests to these endpoints:
 
-- `https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/authorize`
-- `https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/token`
+- `https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize`
+- `https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token`
 
 Security tokens that your application receives from Azure AD B2C can come from the `/authorize` or `/token` endpoints. When ID tokens are acquired from the `/authorize` endpoint, it's done using the [implicit flow](implicit-flow-single-page-application.md), which is often used for users signing in to JavaScript-based web applications. When ID tokens are acquired from the `/token` endpoint, it's done using the [authorization code flow](openid-connect.md#get-a-token), which keeps the token hidden from the browser.
 

articles/active-directory/authentication/concept-authentication-methods.md

@@ -30,14 +30,15 @@ A user in Azure AD can choose to authenticate using one of the following authent
 
 Many accounts in Azure AD are enabled for self-service password reset (SSPR) or Azure Multi-Factor Authentication. These features include additional verification methods, such as a phone call or security questions. It's recommended that you require users to register multiple verification methods. When one method isn't available for a user, they can choose to authenticate with another method.
 
-The following table outlines what authentication or verification methods are available for the different scenarios:
+The following table outlines what methods are available for primary or secondary authentication:
 
-| Method | Use at sign-in | Use during verification |
+| Method | Primary authentication | Secondary authentication |
 | --- | --- | --- |
-| [Password](#password) | Yes | MFA and SSPR |
+| [Password](#password) | Yes | |
 | [Microsoft Authenticator app](#microsoft-authenticator-app) | Yes (preview) | MFA and SSPR |
 | [FIDO2 security keys (preview)](#fido2-security-keys) | Yes | MFA-only |
-| [OATH hardware tokens (preview)](#oath-hardware-tokens) | Yes | SSPR and MFA |
+| [OATH software tokens](#oath-software-tokens) | No | MFA |
+| [OATH hardware tokens (preview)](#oath-hardware-tokens-preview) | Yes | MFA |
 | [SMS](#phone-options) | Yes (preview) | MFA and SSPR |
 | [Voice call](#phone-options) | No | MFA and SSPR |
 | [Security questions](#security-questions) | No | SSPR-only |
@@ -95,15 +96,29 @@ Users can register and then select a FIDO2 security key at the sign-in interface
 
 FIDO2 security keys in Azure AD are currently in preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-## OATH hardware tokens
+## OATH tokens
 
-OATH is an open standard that specifies how one-time password (OTP) codes are generated. Azure AD supports the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety. Customers can purchase these tokens from the vendor of their choice.
+OATH TOTP (Time-based One Time Password) is an open standard that specifies how one-time password (OTP) codes are generated. OATH TOTP can be implemented using either software or hardware to generate the codes. Azure AD doesn't support OATH HOTP, a different code generation standard.
 
-Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret key can only contain the characters *a-z* or *A-Z* and digits *1-7*, and must be encoded in *Base32*.
+### OATH software tokens
 
-OATH hardware tokens in Azure AD are currently in preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+Software OATH tokens are typically applications such as the Microsoft Authenticator app and other authenticator apps. Azure AD generates the secret key, or seed, that's input into the app and used to generate each OTP.
 
-![Uploading OATH tokens to the MFA OATH tokens window](media/concept-authentication-methods/mfa-server-oath-tokens-azure-ad.png)
+The Authenticator app automatically generates codes when set up to do push notifications so a user has a backup even if their device doesn't have connectivity. Third-party applications that use OATH TOTP to generate codes can also be used.
+
+Some OATH TOTP hardware tokens are programmable, meaning they don't come with a secret key or seed pre-programmed. These programmable hardware tokens can be set up using the secret key or seed obtained from the software token setup flow. Customers can purchase these tokens from the vendor of their choice and use the secret key or seed in their vendor's setup process.
+
+### OATH hardware tokens (preview)
+
+Azure AD supports the use of OATH-TOTP SHA-1 tokens that refresh codes every 30 or 60 seconds. Customers can purchase these tokens from the vendor of their choice.
+
+OATH TOTP hardware tokens typically come with a secret key, or seed, pre-programmed in the token. These keys must be input into Azure AD as described in the following steps. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret key can only contain the characters *a-z* or *A-Z* and digits *1-7*, and must be encoded in *Base32*.
+
+Programmable OATH TOTP hardware tokens that can be reseeded can also be set up with Azure AD in the software token setup flow.
+
+OATH hardware tokens are supported as part of a public preview. For more information about previews, see  [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)
+
+![Uploading OATH tokens to the MFA OATH tokens blade](media/concept-authentication-methods/mfa-server-oath-tokens-azure-ad.png)
 
 Once tokens are acquired they must be uploaded in a comma-separated values (CSV) file format including the UPN, serial number, secret key, time interval, manufacturer, and model as shown in the following example:
 
@@ -115,7 +130,7 @@ [email protected],1234567,1234567abcdef1234567abcdef,60,Contoso,HardwareKey
 > [!NOTE]
 > Make sure you include the header row in your CSV file.
 
-Once properly formatted as a CSV file, an administrator can then sign in to the Azure portal, navigate to **Azure Active Directory** > **Security** > **MFA** > **OATH tokens**, and upload the resulting CSV file.
+Once properly formatted as a CSV file, an administrator can then sign in to the Azure portal, navigate to **Azure Active Directory > Security > MFA > OATH tokens**, and upload the resulting CSV file.
 
 Depending on the size of the CSV file, it may take a few minutes to process. Select the **Refresh** button to get the current status. If there are any errors in the file, you can download a CSV file that lists any errors for you to resolve. The field names in the downloaded CSV file are different than the uploaded version.
 

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/20/2020
+ms.date: 05/20/2020
 
 ms.author: iainfou
 author: iainfoulds
@@ -28,9 +28,9 @@ Azure Multi-Factor Authentication can be used, and licensed, in a few different
 | If you're a user of | Capabilities and use cases |
 | --- | --- |
 | EMS or Microsoft 365 E3 and E5 | EMS E3 or Microsoft 365 E3 (that includes EMS and Office 365), includes Azure AD Premium P1. EMS E5 or Microsoft 365 E5 includes Azure AD Premium P2. You can use the same Conditional Access features noted in the following sections to provide multi-factor authentication to users. |
-| Azure AD Premium P1 | You can use [Azure AD Conditional Access](../conditional-access/overview.md) to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements. |
+| Azure AD Premium P1 | You can use [Azure AD Conditional Access](../conditional-access/howto-conditional-access-policy-all-users-mfa.md) to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements. |
 | Azure AD Premium P2 | Provides the strongest security position and improved user experience. Adds [risk-based Conditional Access](../conditional-access/howto-conditional-access-policy-risk.md) to the Azure AD Premium P1 features that adapts to user's patterns and minimizes multi-factor authentication prompts. |
-| Office 365 Business Premium, E3, or E5 | Azure Multi-Factor Authentication is either enabled or disabled for all users, for all sign-in events. There is no ability to only enable multi-factor authentication for a subset of users, or only under certain scenarios. Management is through the Office 365 portal. For an improved user experience, upgrade to Azure AD Premium P1 or P2 and use Conditional Access. For more information, see [secure Office 365 resources with multi-factor authentication](https://support.office.com/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6). |
+| Office 365 Business Premium, E3, or E5 | Azure Multi-Factor Authentication can be [enabled on a per-user basis](howto-mfa-userstates.md), or enabled or disabled for all users, for all sign-in events, using security defaults. Management of Azure Multi-Factor Authentication is through the Office 365 portal. For an improved user experience, upgrade to Azure AD Premium P1 or P2 and use Conditional Access. For more information, see [secure Office 365 resources with multi-factor authentication](https://support.office.com/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6). |
 | Azure AD free | You can use [security defaults](../fundamentals/concept-fundamentals-security-defaults.md) to enable multi-factor authentication for all users, every time an authentication request is made. You don't have granular control of enabled users or scenarios, but it does provide that additional security step.<br /> Even when security defaults aren't used to enable multi-factor authentication for everyone, users assigned the *Azure AD Global Administrator* role can be configured to use multi-factor authentication. This feature of the free tier makes sure the critical administrator accounts are protected by multi-factor authentication. |
 
 ## Feature comparison of versions
@@ -82,4 +82,6 @@ If you don't want to enable Azure Multi-Factor Authentication for all users and
 
 ## Next steps
 
-For more information on costs, see [Azure Multi-Factor Authentication pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/).
+* For more information on costs, see [Azure Multi-Factor Authentication pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/).
+* [What is Conditional Access](../conditional-access/overview.md)
+