Merge pull request #103089 from dominicbetts/release-ga-iotcentral

Fix merge conflict with master

Author: rmca14

articles/active-directory-b2c/access-tokens.md

@@ -68,7 +68,7 @@ GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy
 client_id=<application-ID>
 &nonce=anyRandomValue
 &redirect_uri=https://jwt.ms
-&scope=https://tenant-name>.onmicrosoft.com/api/read
+&scope=https://<tenant-name>.onmicrosoft.com/api/read
 &response_type=code
 ```
 

articles/active-directory-domain-services/media/tutorial-create-instance-advanced/create-vnet-expanded.png

@@ -103,9 +103,9 @@ Complete the fields in the *Basics* window of the Azure portal to create an Azur
 
 1. To manually configure additional options, choose **Next - Networking**. Otherwise, select **Review + create** to accept the default configuration options, then skip to the section to [Deploy your managed domain](#deploy-the-managed-domain). The following defaults are configured when you choose this create option:
 
-* Creates a virtual network named *aadds-vnet* that uses the IP address range of *10.0.1.0/24*.
-* Creates a subnet named *aadds-subnet* using the IP address range of *10.0.1.0/24*.
-* Synchronizes *All* users from Azure AD into the Azure AD DS managed domain.
+    * Creates a virtual network named *aadds-vnet* that uses the IP address range of *10.0.1.0/24*.
+    * Creates a subnet named *aadds-subnet* using the IP address range of *10.0.1.0/24*.
+    * Synchronizes *All* users from Azure AD into the Azure AD DS managed domain.
 
 ## Create and configure the virtual network
 
@@ -126,7 +126,7 @@ Complete the fields in the *Network* window as follows:
     1. If you choose to create a virtual network, enter a name for the virtual network, such as *myVnet*, then provide an address range, such as *10.0.1.0/24*.
     1. Create a dedicated subnet with a clear name, such as *DomainServices*. Provide an address range, such as *10.0.1.0/24*.
 
-    ![Create a virtual network and subnet for use with Azure AD Domain Services](./media/tutorial-create-instance-advanced/create-vnet.png)
+    [![](./media/tutorial-create-instance-advanced/create-vnet.png "Create a virtual network and subnet for use with Azure AD Domain Services")](./media/tutorial-create-instance-advanced/create-vnet-expanded.png#lightbox)
 
     Make sure to pick an address range that is within your private IP address range. IP address ranges you don't own that are in the public address space cause errors within Azure AD DS.
 

articles/active-directory-domain-services/tutorial-create-instance-advanced.md

@@ -106,7 +106,7 @@ To quickly create an Azure AD DS managed domain, you can select **Review + creat
 * Creates a subnet named *aadds-subnet* using the IP address range of *10.0.1.0/24*.
 * Synchronizes *All* users from Azure AD into the Azure AD DS managed domain.
 
-1. Select **Review + create** to accept these default configuration options.
+Select **Review + create** to accept these default configuration options.
 
 ## Deploy the managed domain
 

articles/active-directory-domain-services/tutorial-create-instance.md

@@ -38,9 +38,9 @@ To complete this tutorial, you need the following resources and privileges:
 * An Azure Active Directory tenant associated with your subscription, either synchronized with an on-premises directory or a cloud-only directory.
     * If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
 * An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
-    * If needed, the first tutorial [creates and configures an Azure Active Directory Domain Services instance][create-azure-ad-ds-instance].
+    * If needed, see the first tutorial to [create and configure an Azure Active Directory Domain Services instance][create-azure-ad-ds-instance].
 * A Windows Server VM that is joined to the Azure AD DS managed domain.
-    * If needed, the previous tutorial [creates a Windows Server VM and joins it to a managed domain][create-join-windows-vm].
+    * If needed, see the previous tutorial to [create a Windows Server VM and join it to a managed domain][create-join-windows-vm].
 * A user account that's a member of the *Azure AD DC administrators* group in your Azure AD tenant.
 
 ## Sign in to the Azure portal

articles/active-directory-domain-services/tutorial-create-management-vm.md

@@ -81,8 +81,8 @@ The following table describes the password policy settings applied to user accou
 | Characters not allowed | Unicode characters. |
 | Password restrictions |<ul><li>A minimum of 8 characters and a maximum of 256 characters.</li><li>Requires three out of four of the following:<ul><li>Lowercase characters.</li><li>Uppercase characters.</li><li>Numbers (0-9).</li><li>Symbols (see the previous password restrictions).</li></ul></li></ul> |
 | Password expiry duration (Maximum password age) |<ul><li>Default value: **90** days.</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet from the Azure Active Directory Module for Windows PowerShell.</li></ul> |
-| Password expiry notification (When are users notified of password expiration) |<ul><li>Default value: **14** days (before password expires).</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet.</li></ul> |
-| Password expiry (Do passwords ever expire) |<ul><li>Default value: **false** days (indicates that password expiry is enabled).</li><li>The value can be configured for individual user accounts by using the `Set-MsolUser` cmdlet.</li></ul> |
+| Password expiry notification (When users are notified of password expiration) |<ul><li>Default value: **14** days (before password expires).</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet.</li></ul> |
+| Password expiry (Let password's never expire) |<ul><li>Default value: **false** (indicates that password's have an expiration date).</li><li>The value can be configured for individual user accounts by using the `Set-MsolUser` cmdlet.</li></ul> |
 | Password change history | The last password *can't* be used again when the user changes a password. |
 | Password reset history | The last password *can* be used again when the user resets a forgotten password. |
 | Account lockout | After 10 unsuccessful sign-in attempts with the wrong password, the user is locked out for one minute. Further incorrect sign-in attempts lock out the user for increasing durations of time. [Smart lockout](howto-password-smart-lockout.md) tracks the last three bad password hashes to avoid incrementing the lockout counter for the same password. If someone enters the same bad password multiple times, this behavior will not cause the account to lockout. |

articles/active-directory/authentication/concept-sspr-policy.md

@@ -127,6 +127,6 @@ In the Azure app registration for the client application:
 ## Code sample
 
 > [!NOTE]
-> You must calculate the X5T header by using the certificate's hash and  converting it to a base64 string. In C# it would look something similar to that of : `System.Convert.ToBase64String(cert.GetCertHash());`
+> You must calculate the X5T header by converting it to a base 64 string using the certificate's hash. The code to perform this in C# is : `System.Convert.ToBase64String(cert.GetCertHash());`
 
 The code sample on [Authenticating to Microsoft identity platform in daemon apps with certificates](https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential) shows how an application uses its own credentials for authentication. It also shows how you can [create a self-signed certificate](https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential#create-a-self-signed-certificate) using the `New-SelfSignedCertificate` Powershell command. You can also take advantage and use the [app creation scripts](https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential/blob/master/AppCreationScripts/AppCreationScripts.md) to create the certificates, compute the thumbprint, and so on.