Merge pull request #134711 from MicrosoftDocs/master

10/20 PM Publish

Author: huypub

.openpublishing.redirection.json

@@ -1246,6 +1246,11 @@
       "redirect_url": "/azure/machine-learning/how-to-debug-pipelines",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/machine-learning/how-to-use-parallel-run-step.md",
+      "redirect_url": "/azure/machine-learning/tutorial-pipeline-batch-scoring-classification",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/batch-ai/cli-samples.md",
       "redirect_url": "/previous-versions/azure/batch-ai/cli-samples",
@@ -8935,7 +8940,7 @@
     },
     {
       "source_path": "articles/connectors/connectors-create-api-twitter",
-      "redirect_url": "/connectors/twitterconnector/",
+      "redirect_url": "/connectors/twitter/",
       "redirect_document_id": true
     },
     {
@@ -24344,8 +24349,13 @@
     },
     {
       "source_path": "articles/active-directory/develop/howto-v1-debug-saml-sso-issues.md",
-      "redirect_url": "/azure/active-directory/azuread-dev/howto-v1-debug-saml-sso-issues",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory/manage-apps/debug-saml-sso-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/azuread-dev/howto-v1-debug-saml-sso-issues.md",
+      "redirect_url": "/azure/active-directory/manage-apps/debug-saml-sso-issues",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/active-directory/develop/howto-v1-enable-sso-android.md",
@@ -25614,8 +25624,8 @@
     },
     {
       "source_path": "articles/active-directory/develop/active-directory-saml-debugging.md",
-      "redirect_url": "/azure/active-directory/develop/howto-v1-debug-saml-sso-issues",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory/manage-apps/debug-saml-sso-issues",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/active-directory/develop/active-directory-devhowto-appsource-certified.md",

articles/active-directory-b2c/access-tokens.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 05/12/2020
+ms.date: 10/19/2020
 ms.custom: project-no-code
 ms.author: mimart
 ms.subservice: B2C
@@ -46,10 +46,15 @@ The following example shows scopes encoded in a URL:
 scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2Fread%20openid%20offline_access
 ```
 
-If you request more scopes than what is granted for your client application, the call succeeds if at least one permission is granted. The **scp** claim in the resulting access token is populated with only the permissions that were successfully granted. The OpenID Connect standard specifies several special scope values. The following scopes represent the permission to access the user's profile:
+If you request more scopes than what is granted for your client application, the call succeeds if at least one permission is granted. The **scp** claim in the resulting access token is populated with only the permissions that were successfully granted. 
+
+### OpenID Connect scopes
+
+The OpenID Connect standard specifies several special scope values. The following scopes represent the permission to access the user's profile:
 
 - **openid** - Requests an ID token.
 - **offline_access** - Requests a refresh token using [Auth Code flows](authorization-code-flow.md).
+- **00000000-0000-0000-0000-000000000000** - Using the client ID as the scope indicates that your app needs an access token that can be used against your own service or web API, represented by the same client ID.
 
 If the **response_type** parameter in an `/authorize` request includes `token`, the **scope** parameter must include at least one resource scope other than `openid` and `offline_access` that will be granted. Otherwise, the `/authorize` request fails.
 

articles/active-directory-b2c/conditional-access-identity-protection-setup.md

@@ -38,10 +38,12 @@ The following risk detections are currently supported for Azure AD B2C:
 |Risk detection type  |Description  |
 |---------|---------|
 | Atypical travel     | Sign in from an atypical location based on the user's recent sign-ins.        |
-|Anonymous IP address     | Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs)        |
+|Anonymous IP address     | Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs).        |
+|Malware linked IP address     | Sign in from a malware linked IP address.         |
 |Unfamiliar sign-in properties     | Sign in with properties we've not seen recently for the given user.        |
-|Malware linked IP address     | Sign in from a malware linked IP address         |
-|Azure AD threat intelligence     | Microsoft's internal and external threat intelligence sources have identified a known attack pattern        |
+|Admin confirmed user compromised    | An admin has indicated that a user was compromised.             |
+|Password spray     | Sign in through a password spray attack.      |
+|Azure AD threat intelligence     | Microsoft's internal and external threat intelligence sources have identified a known attack pattern.        |
 
 ## View risk events for your Azure AD B2C tenant
 

articles/active-directory-b2c/data-residency.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 06/06/2020
+ms.date: 10/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ms.custom: references_regions
@@ -55,6 +55,14 @@ The following countries/regions are in the process of being added to the list. F
 
 > Argentina, Australia, Brazil, Chile, Colombia, Ecuador, Iraq, New Zealand, Paraguay, Peru, Uruguay, and Venezuela.
 
+## Remote profile solution
+
+With Azure AD B2C [custom policies](custom-policy-overview.md), you can integrate with [RESTful API services](custom-policy-rest-api-intro.md), which allow you to store and read user profiles from a remote database (such as a marketing database, CRM system, or any line-of-business application).  
+- During the sign-up and profile editing flows, Azure AD B2C calls a custom REST API to persist the user profile to the remote data source. The user's credentials are stored in Azure AD B2C directory. 
+- Upon sign-in, after credentials validation with a local or social account, Azure AD B2C invokes the REST API, which sends the user's unique identifier as a user primary key (email address or user objectId). The REST API reads the data from the remote database and returns the user profile.  
+
+After sign-up, profile editing, or sign-in is complete, Azure AD B2C includes the user profile in the access token that is returned to the application. For more information, see the [Azure AD B2C Remote profile sample solution](https://github.com/azure-ad-b2c/samples/tree/master/policies/remote-profile) in GitHub.
+
 ## Preview tenant
 
 If you had created a B2C tenant during Azure AD B2C's preview period, it's likely that your **Tenant type** says **Preview tenant**.
@@ -65,4 +73,8 @@ If this is the case, you must use your tenant ONLY for development and testing p
 
 There are known issues when you delete a preview B2C tenant and create a production-scale B2C tenant with the same domain name. *You must create a production-scale B2C tenant with a different domain name*.
 
-![Screenshot of a tenant type, as preview tenant.](./media/data-residency/preview-b2c-tenant.png)
+![Screenshot of a tenant type, as preview tenant.](./media/data-residency/preview-b2c-tenant.png)
+
+## Next steps
+
+- [Create an Azure AD B2C tenant](tutorial-create-tenant.md).

articles/active-directory/azuread-dev/TOC.yml

@@ -97,8 +97,6 @@
         href: howto-v1-enable-sso-android.md
       - name: Enable SSO on iOS
         href: howto-v1-enable-sso-ios.md
-      - name: Debug SAML-based SSO
-        href: howto-v1-debug-saml-sso-issues.md
     - name: Configure claims
       items:
       - name: Configure role claims

articles/active-directory/fundamentals/active-directory-faq.md

@@ -158,7 +158,7 @@ For a complete list of the pre-integrated applications, see the [Active Director
 
 For more information, see:
 
-* [Configuring single sign-on to applications that are not in the Azure Active Directory application gallery](../manage-apps/configure-federated-single-sign-on-non-gallery-applications.md)
+* [Configuring single sign-on to applications that are not in the Azure Active Directory application gallery](../manage-apps/configure-saml-single-sign-on.md)
 * [Using SCIM to enable automatic provisioning of users and groups from Azure Active Directory to applications](../app-provisioning/use-scim-to-provision-users-and-groups.md)
 
 ---

articles/active-directory/fundamentals/active-directory-ops-guide-ops.md

@@ -86,7 +86,7 @@ Some identity and access management services require on-premises agents to enabl
 #### On-premises agents logs recommended reading
 
 - [Troubleshoot Application Proxy](../manage-apps/application-proxy-troubleshoot.md)
-- [Self-service password reset troubleshooting- Azure Active Directory](../authentication/active-directory-passwords-troubleshoot.md#password-writeback-event-log-error-codes)
+- [Self-service password reset troubleshooting- Azure Active Directory](../authentication/troubleshoot-sspr.md)
 - [Understand Azure AD Application Proxy connectors](../manage-apps/application-proxy-connectors.md)
 - [Azure AD Connect: Troubleshoot Pass-through Authentication](../hybrid/tshoot-connect-pass-through-authentication.md#collecting-pass-through-authentication-agent-logs)
 - [Troubleshoot error codes for the Azure MFA NPS extension](../authentication/howto-mfa-nps-extension-errors.md)