Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/security-alert-schema

Author: yelevin

.openpublishing.redirection.json

@@ -2463,6 +2463,16 @@
       "redirect_url": "/azure/machine-learning/reference-yaml-overview.md",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/machine-learning/tutorial-train-models-with-aml.md",
+      "redirect_url": "/azure/machine-learning/tutorial-train-deploy-notebook",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/machine-learning/tutorial-deploy-models-with-aml.md",
+      "redirect_url": "/azure/machine-learning/tutorial-train-deploy-notebook",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/machine-learning/how-to-create-labeling-projects.md",
       "redirect_url": "/azure/machine-learning/how-to-create-image-labeling-projects",
@@ -34398,6 +34408,11 @@
       "redirect_url": "https://azure.microsoft.com/blog/dear-documentdb-customers-welcome-to-azure-cosmos-db/",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/documentdb/sql-query-operators.md",
+      "redirect_url": "sql-query-logical-operators",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/search/search-case-studies.md",
       "redirect_url": "https://azure.microsoft.com/case-studies",

articles/active-directory-b2c/claim-resolver-overview.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/12/2021
+ms.date: 1/11/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -133,8 +133,30 @@ The following table lists the [OAuth2 identity provider](oauth2-technical-profil
 
 | Claim | Description | Example |
 | ----- | ----------------------- | --------|
-| {oauth2:access_token} | The access token. | N/A |
-| {oauth2:refresh_token} | The refresh token. | N/A |
+| {oauth2:access_token} | The OAuth2 identity provider access token. The `access_token` attribute. | `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni...` |
+| {oauth2:token_type}   | The type of the access token. The `token_type` attribute. | Bearer  |
+| {oauth2:expires_in}   | The length of time that the access token is valid in seconds. The `expires_in` attribute. The output claim [DataType](claimsschema.md#datatype) must be `int` or `long`. | 960000 |
+| {oauth2:refresh_token} | The OAuth2 identity provider refresh token. The `refresh_token` attribute. | `eyJraWQiOiJacW9pQlp2TW5pYVc2MUY...` |
+
+To use the OAuth2 identity provider claim resolvers, set the output claim's `PartnerClaimType` attribute to the claim resolver.  The following example demonstrates how the get the external identity provider claims:
+
+```xml
+<ClaimsProvider>
+  <DisplayName>Contoso</DisplayName>
+  <TechnicalProfiles>
+    <TechnicalProfile Id="Contoso-OAUTH">
+      <OutputClaims>
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessToken" PartnerClaimType="{oauth2:access_token}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessTokenType" PartnerClaimType="{oauth2:token_type}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderAccessTokenExpiresIn" PartnerClaimType="{oauth2:expires_in}" />
+        <OutputClaim ClaimTypeReferenceId="identityProviderRefreshToken" PartnerClaimType="{oauth2:refresh_token}" />
+      </OutputClaims>
+      ...
+    </TechnicalProfile>
+  </TechnicalProfiles>
+</ClaimsProvider>
+```
+
 
 ## Using claim resolvers
 

articles/active-directory-b2c/saml-identity-provider-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/20/2021
+ms.date: 01/11/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -166,6 +166,7 @@ The **OutputClaimsTransformations** element may contain a collection of **Output
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 |SingleLogoutEnabled| No| Indicates whether during sign-in the technical profile attempts to sign out from federated identity providers. For more information, see [Azure AD B2C session sign-out](session-behavior.md#sign-out).  Possible values: `true` (default), or `false`.|
 |ForceAuthN| No| Passes the ForceAuthN value in the SAML authentication request to determine if the external SAML IDP will be forced to prompt the user for authentication. By default, Azure AD B2C sets the ForceAuthN value to false on initial login. If the session is then reset (for example by using the `prompt=login` in OIDC) then the ForceAuthN value will be set to `true`. Setting the metadata item as shown below will force the value for all requests to the external IDP.  Possible values: `true` or `false`.|
+|ProviderName| No| Passes the ProviderName value in the SAML authentication request.|
 
 
 ## Cryptographic keys

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -52,7 +52,7 @@ You learn how to register an application in the next tutorial.
 
         ![Directories + subscriptions with Switch button](media/tutorial-create-tenant/switch-directory.png)
 
-1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription your're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
+1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription you're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
 
     1. On the Azure portal, search for and select **Subscriptions**.
     2. Select your subscription, and then in the left menu, select **Resource providers**. If you don't see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to expand it.

articles/active-directory-b2c/user-profile-attributes.md

@@ -166,7 +166,7 @@ In user migration scenarios, if the accounts you want to migrate have weaker pas
 
 ## MFA phone number attribute
 
-When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
+When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
 
 In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number is available through `strongAuthenticationPhoneNumber` claim type.
 

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -274,6 +274,8 @@ Returns a date/time string representing a date to which a specified time interva
 | **value** |Required | Number | The number of units you want to add. It can be positive (to get dates in the future) or negative (to get dates in the past). |
 | **dateTime** |Required | DateTime | DateTime representing date to which the interval is added. |
 
+When passing a date string as input use [CDate](#cdate) function to wrap the datetime string. To get system time in UTC use the [Now](#now) function. 
+
 The **interval** string must have one of the following values: 
  * yyyy Year 
  * m Month
@@ -283,30 +285,17 @@ The **interval** string must have one of the following values:
  * n Minute
  * s Second
 
-**Example 1: Add 7 days to hire date**  
+**Example 1: Generate a date value based on incoming StatusHireDate from Workday** <br>
 `DateAdd("d", 7, CDate([StatusHireDate]))`
-* **INPUT** (StatusHireDate): 2012-03-16-07:00
-* **OUTPUT**: 3/23/2012 7:00:00 AM
-
-**Example 2: Get a date ten days prior to hire date**  
-`DateAdd("d", -10, CDate([StatusHireDate]))`
-* **INPUT** (StatusHireDate): 2012-03-16-07:00
-* **OUTPUT**: 3/6/2012 7:00:00 AM
-
-**Example 3: Add two weeks to hire date**  
-`DateAdd("ww", 2, CDate([StatusHireDate]))`
-* **INPUT** (StatusHireDate): 2012-03-16-07:00
-* **OUTPUT**: 3/30/2012 7:00:00 AM
-
-**Example 4: Add ten months to hire date**  
-`DateAdd("m", 10, CDate([StatusHireDate]))`
-* **INPUT** (StatusHireDate): 2012-03-16-07:00
-* **OUTPUT**: 1/16/2013 7:00:00 AM
-
-**Example 5: Add two years to hire date**  
-`DateAdd("yyyy", 2, CDate([StatusHireDate]))`
-* **INPUT** (StatusHireDate): 2012-03-16-07:00
-* **OUTPUT**: 3/16/2014 7:00:00 AM
+
+| Example | interval | value | dateTime (value of variable StatusHireDate) | output |
+| --- | --- | --- | --- | --- |
+| Add 7 days to hire date | "d" | 7 | 2012-03-16-07:00 | 3/23/2012 7:00:00 AM |
+| Get a date ten days prior to hire date | "d" | -10 | 2012-03-16-07:00 | 3/6/2012 7:00:00 AM |
+| Add two weeks to hire date | "ww" | 2 | 2012-03-16-07:00 | 3/30/2012 7:00:00 AM |
+| Add ten months to hire date | "m" | 10 | 2012-03-16-07:00 | 1/16/2013 7:00:00 AM |
+| Add two years to hire date | "yyyy" | 10 | 2012-03-16-07:00 | 3/16/2014 7:00:00 AM |
+
 ---
 ### DateDiff
 **Function:**  
@@ -326,6 +315,8 @@ This function uses the *interval* parameter to return a number that indicates th
 | **date1** |Required | DateTime | DateTime representing a valid date. |
 | **date2** |Required | DateTime | DateTime representing a valid date. |
 
+When passing a date string as input use [CDate](#cdate) function to wrap the datetime string. To get system time in UTC use the [Now](#now) function. 
+
 The **interval** string must have one of the following values: 
  * yyyy Year 
  * m Month
@@ -464,9 +455,30 @@ The IIF function returns one of a set of possible values based on a specified co
 | **valueIfTrue** |Required |Variable or String | If the condition evaluates to true, the returned value. |
 | **valueIfFalse** |Required |Variable or String |If the condition evaluates to false, the returned value.|
 
-**Example:**
+The following comparison operators can be used in the *condition*: 
+* Equal to (=) and not equal to (<>)  
+* Greater than (>) and greater than equal to (>=) 
+* Less than (<) and less than equal to (<=)
+
+**Example:** Set the target attribute value to source country attribute if country="USA", else set target attribute value to source department attribute.
 `IIF([country]="USA",[country],[department])`
 
+#### Known limitations and workarounds for IIF function
+* The IIF function currently does not support AND and OR logical operators. 
+* To implement AND logic, use nested IIF statement chained along the *trueValue* path. 
+  Example: If country="USA" and state="CA", return value "True", else return "False".
+  `IIF([country]="USA",IIF([state]="CA","True","False"),"False")`
+* To implement OR logic, use nested IIF statement chained along the *falseValue* path. 
+  Example: If country="USA" or state="CA", return value "True", else return "False".
+  `IIF([country]="USA","True",IIF([state]="CA","True","False"))`
+* If the source attribute used within the IIF function is empty or null, the condition check fails. 
+   * Unsupported IIF expression examples: 
+     * `IIF([country]="","Other",[country])`
+     * `IIF(IsNullOrEmpty([country]),"Other",[country])`
+     * `IIF(IsPresent([country]),[country],"Other")`
+   * Recommended workaround: Use the [Switch](#switch) function to check for empty/null values. Example: If country attribute is empty, set value "Other". If it is present, pass the country attribute value to target attribute. 
+     * `Switch([country],[country],"","Other")` 
+<br>   
 ---
 ### InStr
 **Function:** 

articles/active-directory/app-proxy/application-proxy-faq.yml

@@ -9,7 +9,7 @@ metadata:
   ms.subservice: app-proxy
   ms.workload: identity
   ms.topic: reference
-  ms.date: 12/17/2021
+  ms.date: 01/10/2022
   ms.author: kenwith
   ms.reviewer: ashishj
 
@@ -18,7 +18,7 @@ summary: This page answers frequently asked questions about Azure Active Directo
 
 
 sections:
-  - name: Ignored
+  - name: General
     questions:
       - question: |
          Can I delete an App Proxy app from the App registrations page in the Azure portal? 
@@ -62,8 +62,8 @@ sections:
         answer: |
           No, this scenario isn't supported. The default settings are:
           
-          - Microsoft AAD Application Proxy Connector - WAPCSvc - Network Service
-          - Microsoft AAD Application Proxy Connector Updater - WAPCUpdaterSvc - NT Authority\System
+          - Microsoft Azure Active Directory Application Proxy Connector - WAPCSvc - Network Service
+          - Microsoft Azure Active Directory Application Proxy Connector Updater - WAPCUpdaterSvc - NT Authority\System
           
       - question: |
          Can a guest user with the Global Administrator or the Application Administrator role register the connector for the (guest) tenant?
@@ -102,7 +102,7 @@ sections:
           
           1. Select **Start**, type "Perfmon", and press ENTER.
           2. Select **Performance Monitor** and click the green **+** icon.
-          3. Add the **Microsoft AAD Application Proxy Connector** counters you want to monitor.
+          3. Add the **Microsoft Azure Active Directory Application Proxy Connector** counters you want to monitor.
           
       - question: |
          Does the Azure AD Application Proxy connector have to be on the same subnet as the resource?

articles/active-directory/conditional-access/concept-conditional-access-policies.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 10/26/2021
+ms.date: 01/11/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -84,7 +84,7 @@ The behavior of the client apps condition was updated in August 2020. If you hav
 
 This control is used to exclude devices that are hybrid Azure AD joined, or marked a compliant in Intune. This exclusion can be done to block unmanaged devices. 
 
-#### Filters for devices (preview)
+#### Filter for devices
 
 This control allows targeting specific devices based on their attributes in a policy.
 

articles/active-directory/develop/v2-oauth2-client-creds-grant-flow.md

@@ -231,7 +231,7 @@ A successful response from any method looks like this:
 
 ### Error response
 
-An error response looks like this:
+An error response (400 Bad Request) looks like this:
 
 ```json
 {

articles/active-directory/fundamentals/active-directory-deployment-checklist-p2.md

@@ -40,7 +40,7 @@ In this phase, administrators enable baseline security features to create a more
 
 | Task | Detail | Required license |
 | ---- | ------ | ---------------- |
-| [Create more than one global administrator](../roles/security-emergency-access.md) | Assign at least two cloud-only permanent global administrator accounts for use in an emergency. These accounts aren't be used daily and should have long and complex passwords. | Azure AD Free |
+| [Create more than one global administrator](../roles/security-emergency-access.md) | Assign at least two cloud-only permanent global administrator accounts for use in an emergency. These accounts aren't to be used daily and should have long and complex passwords. | Azure AD Free |
 | [Use non-global administrative roles where possible](../roles/permissions-reference.md) | Give your administrators only the access they need to only the areas they need access to. Not all administrators need to be global administrators. | Azure AD Free |
 | [Enable Privileged Identity Management for tracking admin role use](../privileged-identity-management/pim-getting-started.md) | Enable Privileged Identity Management to start tracking administrative role usage. | Azure AD Premium P2 |
 | [Roll out self-service password reset](../authentication/howto-sspr-deployment.md) | Reduce helpdesk calls for password resets by allowing staff to reset their own passwords using policies you as an administrator control. | Azure AD Premium P1 |
@@ -100,4 +100,4 @@ Phase 4 sees administrators enforcing least privilege principles for administrat
 
 [Identity and device access configurations](/microsoft-365/enterprise/microsoft-365-policies-configurations)
 
-[Common recommended identity and device access policies](/microsoft-365/enterprise/identity-access-policies)
+[Common recommended identity and device access policies](/microsoft-365/enterprise/identity-access-policies)