Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-b2c/identity-provider-adfs.md

@@ -40,8 +40,8 @@ To create an Application Group, follow theses steps:
     1. Select **Next**.
 1. On the Application Group Wizard **Native Application** screen:
     1. Copy the **Client Identifier** value. The client identifier is your AD FS **Application ID**. You will need the application ID later in this article.
-    1. In **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain.
-    1. Select **Next**, and then **Next** to complete the app registration wizard. 
+    1. In **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`, and then **Add**. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant, and `your-domain-name` with your custom domain.
+    1. Select **Next**, and then **Next**, and then **Next** again to complete the app registration wizard. 
     1. Select **Close**.
 
 
@@ -53,8 +53,8 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 1. In the application properties window, under the **Applications**, select the **Web Application**. Then select **Edit**.
     :::image type="content" source="./media/identity-provider-adfs/ad-fs-edit-app.png" alt-text="Screenshot that shows how to edit a web application.":::
 1. Select the **Issuance Transformation Rules** tab. Then select **Add Rule**.
-1. In **Claim rule template**, select **Send LDAP attributes as claims**.
-1. Provide a **Claim rule name**. For the **Attribute store**, select **Select Active Directory**, add the following claims.
+1. In **Claim rule template**, select **Send LDAP attributes as claims**, and then **Next**.
+1. Provide a **Claim rule name**. For the **Attribute store**, select **Active Directory**, add the following claims.
 
     | LDAP attribute | Outgoing claim type |
     | -------------- | ------------------- |
@@ -63,9 +63,11 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
     | Given-Name | given_name |
     | Display-Name | name |
 
-    Note some of the names will not display in the outgoing claim type dropdown. You need to manually type them in. (The dropdown is editable).
+    Note some of the names will not display in the outgoing claim type dropdown. You need to manually type them in (the dropdown is editable).
 
-1. Select **Finish**, then select **Close**.
+1. Select **Finish**.
+1. Select **Apply**, and then **OK**.
+1. Select **OK** again to finish.
 
 
 ::: zone pivot="b2c-user-flow"
@@ -86,7 +88,7 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 
 1. For **Client ID**, enter the application ID that you previously recorded.
 1. For the **Scope**, enter the `openid`.
-1. For **Response type**, select **id_token**.
+1. For **Response type**, select **id_token**, which makes the **Client secret** optional. Learn more about use of [Client ID and secret](identity-provider-generic-openid-connect.md#client-id-and-secret) when adding a generic OpenID Connect identity provider.
 1. (Optional) For the **Domain hint**, enter `contoso.com`. For more information, see [Set up direct sign-in using Azure Active Directory B2C](direct-signin.md#redirect-sign-in-to-a-social-provider).
 1. Under **Identity provider claims mapping**, select the following claims:
 

articles/active-directory/develop/userinfo.md

@@ -73,6 +73,7 @@ Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Il…
     "name": "Mikah Ollenburg", // names all require the “profile” scope.
     "family_name": " Ollenburg",
     "given_name": "Mikah",
+    "picture": "https://graph.microsoft.com/v1.0/me/photo/$value",
     "email": "[email protected]" //requires the “email” scope.
 }
 ```

articles/aks/TOC.yml

@@ -65,6 +65,13 @@
           href: ./security-controls-policy.md
         - name: Security Hardening in host OS
           href: security-hardened-vm-host-image.md
+        - name: Compliance
+          items:
+            - name: CIS Baseline overview
+              href: /compliance/regulatory/offering-CIS-Benchmark
+              maintainContext: True
+            - name: CIS Kubernetes benchmark
+              href: cis-kubernetes.md
     - name: Access and identity
       href: concepts-identity.md
     - name: Networking

articles/aks/azure-disk-csi.md

@@ -135,7 +135,7 @@ $ kubectl describe volumesnapshot azuredisk-volume-snapshot
 Name:         azuredisk-volume-snapshot
 Namespace:    default
 Labels:       <none>
-Annotations:  API Version:  snapshot.storage.k8s.io/v1beta1
+Annotations:  API Version:  snapshot.storage.k8s.io/v1
 Kind:         VolumeSnapshot
 Metadata:
   Creation Timestamp:  2020-08-27T05:27:58Z
@@ -144,7 +144,7 @@ Metadata:
     snapshot.storage.kubernetes.io/volumesnapshot-bound-protection
   Generation:        1
   Resource Version:  714582
-  Self Link:         /apis/snapshot.storage.k8s.io/v1beta1/namespaces/default/volumesnapshots/azuredisk-volume-snapshot
+  Self Link:         /apis/snapshot.storage.k8s.io/v1/namespaces/default/volumesnapshots/azuredisk-volume-snapshot
   UID:               dd953ab5-6c24-42d4-ad4a-f33180e0ef87
 Spec:
   Source:
@@ -292,7 +292,7 @@ metadata:
   name: managed-csi-shared
 provisioner: disk.csi.azure.com
 parameters:
-  skuname: Premium_LRS  # Currently shared disk is only available with premium SSD
+  skuname: Premium_LRS
   maxShares: "2"
   cachingMode: None  # ReadOnly cache is not available for premium SSD with maxShares>1
 reclaimPolicy: Delete