Merge branch 'master' into 1669724-update-documents-with-correct-azure-cli-tags-02-14

Author: john-par

.openpublishing.publish.config.json

@@ -419,6 +419,11 @@
       "url": "https://github.com/Azure/azure-cosmosdb-java",
       "branch": "master"
     },
+    {
+      "path_to_root": "azure-cosmosdb-graph-dotnet",
+      "url": "https://github.com/Azure-Samples/azure-cosmos-db-graph-gremlindotnet-getting-started",
+      "branch": "master"
+    },
     {
       "path_to_root": "azure-cosmosdb-java-v4-getting-started",
       "url": "https://github.com/Azure-Samples/azure-cosmos-java-getting-started",

.openpublishing.redirection.json

@@ -81,6 +81,9 @@
     - name: Register a SAML service provider
       href: connect-with-saml-service-providers.md
       displayName: SP, RP, service provider, connect
+    - name: Register a Graph application
+      href: microsoft-graph-get-started.md
+      displayName: migrate, migration, microsoft graph
     - name: Add a web API application
       href: add-web-application.md
     - name: Add a native client application
@@ -101,7 +104,7 @@
         href: user-flow-self-service-password-reset.md
     - name: UX customization
       items:
-      - name: User interface customization
+      - name: Customize the UI
         href: customize-ui-overview.md
       - name: JavaScript and page layouts
         href: user-flow-javascript-overview.md
@@ -177,8 +180,6 @@
       - name: Customize the UI
         href: custom-policy-ui-customization.md
         displayName: ux, input, cors, html, css
-      - name: Customize the UI dynamically
-        href: custom-policy-ui-customization-dynamic.md
       - name: Custom email
         href: custom-email.md
         displayName: verification
@@ -349,10 +350,14 @@
     - name: Azure Monitor
       href: azure-monitor.md
       displayName: log, logs, logging, usage, events
-    - name: Export usage report
-      href: view-usage-reports.md
     - name: Account management
       href: manage-user-accounts-graph-api.md
+    - name: Deploy with Azure Pipelines
+      href: deploy-custom-policies-devops.md
+      displayName: azure devops, ci/cd, cicd, custom policy, policies
+    - name: Manage policies with PowerShell
+      href: manage-custom-policies-powershell.md
+      displayName: scripting, scripts, psh, custom policy
   - name: Audit logs
     href: view-audit-logs.md
   - name: Manage users - Azure portal
@@ -373,8 +378,6 @@
     items:
     - name: Migrate users
       href: user-migration.md
-    - name: Migrate users with external identities
-      href: migrate-social-identities.md
 - name: Reference
   items:
   - name: Identity Experience Framework release notes
@@ -388,9 +391,11 @@
     displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
+  - name: Microsoft Graph API operations
+    href: microsoft-graph-operations.md
   - name: Region availability & data residency
     href: data-residency.md
-  - name: Enable billing
+  - name: Billing model
     href: billing.md
   - name: Threat management
     href: threat-management.md

articles/active-directory-b2c/TOC.yml

@@ -121,7 +121,7 @@ To set up client credential flow, see [Azure Active Directory v2.0 and the OAuth
 
 #### Web API chains (on-behalf-of flow)
 
-Many architectures include a web API that needs to call another downstream web API, where both are secured by Azure AD B2C. This scenario is common in native clients that have a Web API back-end and calls a Microsoft online service such as the Microsoft Graph API or Azure AD Graph API.
+Many architectures include a web API that needs to call another downstream web API, where both are secured by Azure AD B2C. This scenario is common in native clients that have a Web API back-end and calls a Microsoft online service such as the Microsoft Graph API.
 
 This chained web API scenario can be supported by using the OAuth 2.0 JWT bearer credential grant, also known as the on-behalf-of flow.  However, the on-behalf-of flow is not currently implemented in the Azure AD B2C.
 

articles/active-directory-b2c/application-types.md

@@ -42,7 +42,7 @@ There are several modifications you might need to make to migrate your applicati
 
 * Change the redirect URL in your identity provider's applications to reference *b2clogin.com*.
 * Update your Azure AD B2C applications to use *b2clogin.com* in their user flow and token endpoint references.
-* Update any **Allowed Origins** that you've defined in the CORS settings for [user interface customization](custom-policy-ui-customization-dynamic.md).
+* Update any **Allowed Origins** that you've defined in the CORS settings for [user interface customization](custom-policy-ui-customization.md).
 
 ## Change identity provider redirect URLs
 
@@ -117,4 +117,4 @@ For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migr
 [msal-dotnet]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
 [msal-dotnet-b2c]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics
 [msal-js]: https://github.com/AzureAD/microsoft-authentication-library-for-js
-[msal-js-b2c]: ../active-directory/develop/msal-b2c-overview.md
+[msal-js-b2c]: ../active-directory/develop/msal-b2c-overview.md

articles/active-directory-b2c/b2clogin.md

@@ -136,4 +136,4 @@ Before you initiate the move, be sure to read the entire article to fully unders
 
 ## Next steps
 
-In addition to reviewing the usage and billing details within a selected Azure subscription, you can review detailed day-by-day usage reports by using the [usage reporting API](view-usage-reports.md).
+For the latest pricing information, see [Azure Active Directory B2C pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/).

articles/active-directory-b2c/billing.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/13/2020
+ms.date: 02/17/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -100,6 +100,18 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 | ----- | ----------------------- | --------|
 | {oauth2:access_token} | The access token. | N/A |
 
+
+### SAML
+
+| Claim | Description | Example |
+| ----- | ----------- | --------|
+| {SAML:AuthnContextClassReferences} | The `AuthnContextClassRef` element value, from the SAML request. | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
+| {SAML:NameIdPolicyFormat} | The `Format` attribute, from the `NameIDPolicy` element of the SAML request. | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
+| {SAML:Issuer} |  The SAML `Issuer` element value of the SAML request.| https://contoso.com |
+| {SAML:AllowCreate} | The `AllowCreate` attribute value, from the `NameIDPolicy` element of the SAML request. | True |
+| {SAML:ForceAuthn} | The `ForceAuthN` attribute value, from the `AuthnRequest` element of the SAML request. | True |
+| {SAML:ProviderName} | The `ProviderName` attribute value, from the `AuthnRequest` element of the SAML request.| Contoso.com |
+
 ## Using claim resolvers 
 
 You can use claims resolvers with the following elements: 
@@ -156,7 +168,7 @@ Using claim resolvers, you can prepopulate the sign-in name or direct sign-in to
 
 ### Dynamic UI customization
 
-Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization-dynamic.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
+Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
 
 The following example passes in the query string parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
 

articles/active-directory-b2c/claim-resolver-overview.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/12/2020
+ms.date: 02/24/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -47,14 +47,32 @@ The **ClaimType** element contains the following elements:
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
 | DisplayName | 1:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
-| DataType | 1:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection and phoneNumber can be used. Primitive data type represents the equivalent of C# variable data type. stringCollection represents a collection of strings. For more information see [C# Types and variables](https://docs.microsoft.com/dotnet/csharp/tour-of-csharp/types-and-variables). Date follows ISO 8601 convention. |
+| DataType | 1:1 | The type of the claim. |
 | DefaultPartnerClaimTypes | 0:1 | The partner default claim types to use for a specified protocol. The value can be overwritten in the **PartnerClaimType** specified in the **InputClaim** or **OutputClaim** elements. Use this element to specify the default name for a protocol.  |
 | Mask | 0:1 | An optional string of masking characters that can be applied when displaying the claim. For example, the phone number 324-232-4343 can be masked as XXX-XXX-4343. |
 | UserHelpText | 0:1 | A description of the claim type that can be helpful for users to understand its purpose. The value can be [localized](localization.md). |
 | UserInputType | 0:1 | The type of input control that should be available to the user when manually entering the claim data for the claim type. See the user input types defined later in this page. |
 | Restriction | 0:1 | The value restrictions for this claim, such as a regular expression (Regex) or a list of acceptable values. The value can be [localized](localization.md). |
 PredicateValidationReference| 0:1 | A reference to a **PredicateValidationsInput** element. The **PredicateValidationReference** elements enable you to perform a validation process to ensure that only properly formed data is entered. For more information, see [Predicates](predicates.md). |
 
+### DataType
+
+The **DataType** element supports the following values:
+
+| Type | Description |
+| ------- | ----------- | 
+|boolean|Represents a Boolean (`true` or `false`) value.|
+|date| Represents an instant in time, typically expressed as a date of a day. The value of the date follows ISO 8601 convention.|
+|dateTime|Represents an instant in time, typically expressed as a date and time of day. The value of the date follows ISO 8601 convention.|
+|duration|Represents a time interval in years, months, days, hours, minutes, and seconds. The format of is `PnYnMnDTnHnMnS`, where `P` indicates positive, or `N` for negative value. `nY` is the number of years followed by a literal `Y`. `nMo` is the number of months followed by a literal `Mo`. `nD` is the number of days followed by a literal `D`. Examples: `P21Y` represents 21 years. `P1Y2Mo` represents one year, and two months. `P1Y2Mo5D` represents one year, two months, and five days.  `P1Y2M5DT8H5M620S` represents one year, two months, five days, eight hours, five minutes, and twenty seconds.  |
+|phoneNumber|Represents a phone number. |
+|int| Represents number between -2,147,483,648 and 2,147,483,647|
+|long| Represents number between -9,223,372,036,854,775,808 to 9,223,372,036,854,775,807 |
+|string| Represents text as a sequence of UTF-16 code units.|
+|stringCollection|Represents a collection of `string`.|
+|userIdentity| Represents a user identity.|
+|userIdentityCollection|Represents a collection of `userIdentity`.|
+
 ### DefaultPartnerClaimTypes
 
 The **DefaultPartnerClaimTypes** may contain the following element:
@@ -151,7 +169,9 @@ The **Restriction** element contains the following elements:
 | Enumeration | 1:n | The available options in the user interface for the user to select for a claim, such as a value in a dropdown. |
 | Pattern | 1:1 | The regular expression to use. |
 
-### Enumeration
+#### Enumeration
+
+The **Enumeration** element defines available options for the user to select for a claim in the user interface, such as a value in a `CheckboxMultiSelect`, `DropdownSingleSelect`, or `RadioSingleSelect`. Alternatively, you can define and localize available options with [LocalizedCollections](localization.md#localizedcollections) element. To look up an item from a claim **Enumeration** collection, use [GetMappedValueFromLocalizedCollection](string-transformations.md#getmappedvaluefromlocalizedcollection) claims transformation.
 
 The **Enumeration** element contains the following attributes:
 
@@ -187,7 +207,7 @@ The **Pattern** element can contain the following attributes:
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
 | RegularExpression | Yes | The regular expression that claims of this type must match in order to be valid. |
-| HelpText | No | The pattern or regular expression for this claim. |
+| HelpText | No | An error message for users if the regular expression check fails. |
 
 The following example configures an **email** claim with regular expression input validation and help text:
 
@@ -210,11 +230,26 @@ The Identity Experience Framework renders the email address claim with email for
 
 ![TextBox showing error message triggered by regex restriction](./media/claimsschema/pattern.png)
 
-## UserInputType
+### UserInputType
 
-Azure AD B2C supports a variety of user input types, such as a textbox, password, and dropdown list that can be used when manually entering claim data for the claim type. You must specify the **UserInputType** when you collect information from the user by using a [self-asserted technical profile](self-asserted-technical-profile.md).
+Azure AD B2C supports a variety of user input types, such as a textbox, password, and dropdown list that can be used when manually entering claim data for the claim type. You must specify the **UserInputType** when you collect information from the user by using a [self-asserted technical profile](self-asserted-technical-profile.md) and [display controls](display-controls.md).
 
-### TextBox
+The **UserInputType** element available user input types:
+
+| UserInputType | Supported ClaimType | Description |
+| --------- | -------- | ----------- |
+|CheckboxMultiSelect| `string` |Multi select drop-down box. The claim value is represented in a comma delimiter string of the selected values. |
+|DateTimeDropdown | `date`, `dateTime` |Drop-downs to select a day, month, and year. |
+|DropdownSingleSelect |`string` |Single select drop-down box. The claim value is the selected value.|
+|EmailBox | `string` |Email input field. |
+|Paragraph | `boolean`, `date`, `dateTime`, `duration`, `int`, `long`, `string`|A field that shows text only in a paragraph tag. |
+|Password | `string` |Password text box.|
+|RadioSingleSelect |`string` | Collection of radio buttons. The claim value is the selected value.|
+|Readonly | `boolean`, `date`, `dateTime`, `duration`, `int`, `long`, `string`| Read-only text box. |
+|TextBox |`boolean`, `int`, `string` |Single-line text box. |
+
+
+#### TextBox
 
 The **TextBox** user input type is used to provide a single-line text box.
 
@@ -229,7 +264,7 @@ The **TextBox** user input type is used to provide a single-line text box.
 </ClaimType>
 ```
 
-### EmailBox
+#### EmailBox
 
 The **EmailBox** user input type is used to provide a basic email input field.
 
@@ -247,7 +282,7 @@ The **EmailBox** user input type is used to provide a basic email input field.
 </ClaimType>
 ```
 
-### Password
+#### Password
 
 The **Password** user input type is used to record a password entered by the user.
 
@@ -262,7 +297,7 @@ The **Password** user input type is used to record a password entered by the use
 </ClaimType>
 ```
 
-### DateTimeDropdown
+#### DateTimeDropdown
 
 The **DateTimeDropdown** user input type is used to provide a set of drop-downs to select a day, month, and year. You can use Predicates and PredicateValidations elements to control the minimum and maximum date values. For more information, see the **Configure a date range** section of [Predicates and PredicateValidations](predicates.md).
 
@@ -277,7 +312,7 @@ The **DateTimeDropdown** user input type is used to provide a set of drop-downs
 </ClaimType>
 ```
 
-### RadioSingleSelect
+#### RadioSingleSelect
 
 The **RadioSingleSelect** user input type is used to provide a collection of radio buttons that allows the user to select one option.
 
@@ -296,7 +331,7 @@ The **RadioSingleSelect** user input type is used to provide a collection of rad
 </ClaimType>
 ```
 
-### DropdownSingleSelect
+#### DropdownSingleSelect
 
 The **DropdownSingleSelect** user input type is used to provide a drop-down box that allows the user to select one option.
 
@@ -315,7 +350,7 @@ The **DropdownSingleSelect** user input type is used to provide a drop-down box
 </ClaimType>
 ```
 
-### CheckboxMultiSelect
+#### CheckboxMultiSelect
 
 The **CheckboxMultiSelect** user input type is used to provide a collection of checkboxes that allows the user to select multiple options.
 
@@ -334,7 +369,7 @@ The **CheckboxMultiSelect** user input type is used to provide a collection of c
 </ClaimType>
 ```
 
-### Readonly
+#### Readonly
 
 The **Readonly** user input type is used to provide a readonly field to display the claim and value.
 
@@ -350,9 +385,9 @@ The **Readonly** user input type is used to provide a readonly field to display
 ```
 
 
-### Paragraph
+#### Paragraph
 
-The **Paragraph** user input type is used to provide a field that shows text only in a paragraph tag. For example, &lt;p&gt;text&lt;/p&gt;.
+The **Paragraph** user input type is used to provide a field that shows text only in a paragraph tag.  For example, &lt;p&gt;text&lt;/p&gt;. A **Paragraph** user input type `OutputClaim` of self-asserted technical profile, must set the `Required` attribute `false` (default).
 
 ![Using claim type with paragraph](./media/claimsschema/paragraph.png)
 
@@ -370,5 +405,3 @@ The **Paragraph** user input type is used to provide a field that shows text onl
   </Restriction>
 </ClaimType>
 ```
-
-To display one of the **Enumeration** values in a **responseMsg** claim, use `GetMappedValueFromLocalizedCollection` or `CreateStringClaim` claims transformation. For more information, see [String Claims Transformations](string-transformations.md)

articles/active-directory-b2c/claimsschema.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/10/2019
+ms.date: 02/24/2020
 ms.author: marsma
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -255,7 +255,7 @@ Your final relying party policy file should look like the following:
 
 Save your changes and upload the new policy file. After you've uploaded both policies (the extension and the relying party files), open a web browser and navigate to the policy metadata.
 
-The Azure AD B2C policy metadata is available at the following URL. Replace `tenant-name` with the name of your Azure AD B2C tenant, and `policy-name` with the name (ID) of the policy:
+Azure AD B2C policy IDP metadata is information used in the SAML protocol to expose the configuration of a SAML identity provider. Metadata defines the location of the services, such as sign-in and sign-out, certificates, sign-in method, and more. The Azure AD B2C policy metadata is available at the following URL. Replace `tenant-name` with the name of your Azure AD B2C tenant, and `policy-name` with the name (ID) of the policy:
 
 `https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name/Samlp/metadata`