Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into erbgpportal

Author: duongau

.openpublishing.redirection.active-directory.json

@@ -32,7 +32,7 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/registration-config-multi-tenant-application-add-to-gallery-how-to.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
@@ -3170,34 +3170,39 @@
             "redirect_url": "/azure/active-directory/develop/v2-conditional-access-dev-guide",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/v2-howto-app-gallery-listing.md",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/azuread-dev/howto-app-gallery-listing.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/howto-app-gallery-listing.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/manage-apps/isv-choose-multi-tenant-federation.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/manage-apps/isv-create-sso-documentation.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/manage-apps/isv-sso-content.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/manage-apps/isv-tenant-multi-tenant-app.md",
-            "redirect_url": "/azure/active-directory/develop/v2-howto-app-gallery-listing",
+            "redirect_url": "/azure/active-directory/manage-apps/v2-howto-app-gallery-listing",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.json

@@ -25258,6 +25258,11 @@
       "redirect_url": "/azure/spring-cloud/expose-apps-gateway",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/spring-cloud/tutorial-dump-jvm-options.md",
+      "redirect_url": "/azure/spring-cloud/how-to-dump-jvm-options",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/spring-cloud/how-to-provision-azure-spring-cloud-instance-terraform.md",
       "redirect_url": "/azure/spring-cloud/quickstart-deploy-infrastructure-vnet-terraform",

articles/active-directory-b2c/force-password-reset.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/16/2021
+ms.date: 01/24/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -19,8 +19,6 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-::: zone pivot="b2c-user-flow"
-
 ## Overview
 
 As an administrator, you can [reset a user's password](manage-users-portal.md#reset-a-users-password) if the user forgets their password. Or you would like to force them to reset the password. In this article, you'll learn how to force a password reset in these scenarios.
@@ -31,13 +29,6 @@ When an administrator resets a user's password via the Azure portal, the value o
 
 The password reset flow is applicable to local accounts in Azure AD B2C that use an [email address](sign-in-options.md#email-sign-in) or [username](sign-in-options.md#username-sign-in) with a password for sign-in.
 
-::: zone-end
-
-::: zone pivot="b2c-custom-policy"
-
-This feature is currently only available for User Flows. For setup steps, choose **User Flow** above. For custom policies, use the force password reset first logon [GitHub sample](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon) with prerequisites below.
-
-::: zone-end
 
 ## Prerequisites
 
@@ -75,6 +66,36 @@ To enable the **Forced password reset** setting in a sign-up or sign-in user flo
 1. Sign in with the user account for which you reset the password.
 1. You now must change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you.
 
+::: zone-end
+
+::: zone pivot="b2c-custom-policy"
+
+## Configure your custom policy
+
+Get the example of the force password reset policy on [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset). In each file, replace the string `yourtenant` with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is *contosob2c*, all instances of `yourtenant.onmicrosoft.com` become `contosob2c.onmicrosoft.com`.
+
+## Upload and test the policy
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
+1. Select **Identity Experience Framework**.
+1. In **Custom Policies**, select **Upload Policy**.
+1. Select the *TrustFrameworkExtensionsCustomForcePasswordReset.xml* file.
+1. Select **Upload**.
+1. Repeat steps 6 through 8 for the relying party file *TrustFrameworkExtensionsCustomForcePasswordReset.xml*.
+
+## Run the policy
+
+1. Open the policy that you uploaded *B2C_1A_TrustFrameworkExtensions_custom_ForcePasswordReset*.
+1. For **Application**, select the application that you registered earlier. To see the token, the **Reply URL** should show `https://jwt.ms`.
+1. Select **Run now**. 
+1. Sign in with the user account for which you reset the password.
+1. You now must change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you.
+
+::: zone-end
+
 ## Force password reset on next login
 
 To force reset the password on next login, update the account password profile using MS Graph [Update user](/graph/api/user-update) operation. The following example updates the password profile [forceChangePasswordNextSignIn](user-profile-attributes.md#password-profile-property) attribute to `true`, which forces the user to reset the password on next login.
@@ -123,8 +144,6 @@ Once a password expiration policy has been set, you must also configure force pa
 
 The password expiry duration default value is **90** days. The value is configurable by using the [Set-MsolPasswordPolicy](/powershell/module/msonline/set-msolpasswordpolicy) cmdlet from the Azure Active Directory Module for Windows PowerShell. This command updates the tenant, so that all users' passwords expire after number of days you configure.
 
-::: zone-end
-
 ## Next steps
 
 Set up a [self-service password reset](add-password-reset-policy.md).

articles/active-directory-b2c/oauth2-error-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 05/26/2021
+ms.date: 01/25/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -41,7 +41,7 @@ https://jwt.ms/#error=access_denied&error_description=AAD_Custom_1234%3a+My+cust
 
 ## Protocol
 
-The **Name** attribute of the **Protocol** element needs to be set to `None`. Set the **OutputTokenFormat** element to `OAuth2Error`.
+The **Name** attribute of the **Protocol** element needs to be set to `OAuth2`. Set the **OutputTokenFormat** element to `OAuth2Error`.
 
 The following example shows a technical profile for `ReturnOAuth2Error`:
 
@@ -53,7 +53,7 @@ The following example shows a technical profile for `ReturnOAuth2Error`:
     <TechnicalProfiles>
       <TechnicalProfile Id="ReturnOAuth2Error">
         <DisplayName>Return OAuth2 error</DisplayName>
-        <Protocol Name="None" />
+        <Protocol Name="OAuth2" />
         <OutputTokenFormat>OAuth2Error</OutputTokenFormat>
         <CryptographicKeys>
           <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
@@ -121,4 +121,4 @@ In the following example:
 
 ## Next steps
 
-Learn about [UserJourneys](userjourneys.md)
+Learn about [UserJourneys](userjourneys.md)

articles/active-directory-b2c/publish-app-to-azure-ad-app-gallery.md

@@ -72,10 +72,10 @@ In production environments, the app registration redirect URI is ordinarily a pu
 
 ## Step 4: Publish your Azure AD B2C app
 
-Finally, add the multitenant app to the Azure AD app gallery. Follow the instructions in [Publish your app to the Azure AD app gallery](../active-directory/develop/v2-howto-app-gallery-listing.md). To add your app to the app gallery, do the following:
+Finally, add the multitenant app to the Azure AD app gallery. Follow the instructions in [Publish your app to the Azure AD app gallery](../active-directory/manage-apps/v2-howto-app-gallery-listing.md). To add your app to the app gallery, do the following:
 
-1. [Create and publish documentation](../active-directory/develop/v2-howto-app-gallery-listing.md#step-5---create-and-publish-documentation).
-1. [Submit your app](../active-directory/develop/v2-howto-app-gallery-listing.md#step-6---submit-your-app) with the following information:
+1. [Create and publish documentation](../active-directory/manage-apps/v2-howto-app-gallery-listing.md#create-and-publish-documentation).
+1. [Submit your app](../active-directory/manage-apps/v2-howto-app-gallery-listing.md#submit-your-application) with the following information:
 
     |Question  |Answer you should provide  |
     |---------|---------|
@@ -89,4 +89,4 @@ Finally, add the multitenant app to the Azure AD app gallery. Follow the instruc
 
 ## Next steps
 
-- Learn how to [Publish your app to the Azure AD app gallery](../active-directory/develop/v2-howto-app-gallery-listing.md).
+- Learn how to [Publish your app to the Azure AD app gallery](../active-directory/manage-apps/v2-howto-app-gallery-listing.md).

articles/active-directory/app-provisioning/how-provisioning-works.md

@@ -33,7 +33,7 @@ The **Azure AD Provisioning Service** provisions users to SaaS apps and other sy
 
 The Azure AD provisioning service uses the [SCIM 2.0 protocol](https://techcommunity.microsoft.com/t5/Identity-Standards-Blog/bg-p/IdentityStandards) for automatic provisioning. The service connects to the SCIM endpoint for the application, and uses SCIM user object schema and REST APIs to automate the provisioning and de-provisioning of users and groups. A SCIM-based provisioning connector is provided for most applications in the Azure AD gallery. When building apps for Azure AD, developers can use the SCIM 2.0 user management API to build a SCIM endpoint that integrates Azure AD for provisioning. For details, see [Build a SCIM endpoint and configure user provisioning](../app-provisioning/use-scim-to-provision-users-and-groups.md).
 
-To request an automatic Azure AD provisioning connector for an app that doesn't currently have one, see [Azure Active Directory Application Request](../develop/v2-howto-app-gallery-listing.md).
+To request an automatic Azure AD provisioning connector for an app that doesn't currently have one, see [Azure Active Directory Application Request](../manage-apps/v2-howto-app-gallery-listing.md).
 
 ## Authorization
 

articles/active-directory/app-provisioning/isv-automatic-provisioning-multi-tenant-apps.md

@@ -106,7 +106,7 @@ SAML JIT uses the claims information in the SAML token to create and update user
 
 ## Next Steps
 
-* [Enable Single Sign-on for your application](../develop/v2-howto-app-gallery-listing.md)
+* [Enable Single Sign-on for your application](../manage-apps/v2-howto-app-gallery-listing.md)
 
 * [Submit your application listing](https://microsoft.sharepoint.com/teams/apponboarding/Apps/SitePages/Default.aspx) and partner with Microsoft to create documentation on Microsoft’s site.
 

articles/active-directory/app-provisioning/plan-auto-user-provisioning.md

@@ -152,7 +152,7 @@ The actual steps required to enable and configure automatic provisioning vary de
 
 If not, follow the steps below:
 
-1. [Create a request](../develop/v2-howto-app-gallery-listing.md) for a pre-integrated user provisioning connector. Our team will work with you and the application developer to onboard your application to our platform if it supports SCIM.
+1. [Create a request](../manage-apps/v2-howto-app-gallery-listing.md) for a pre-integrated user provisioning connector. Our team will work with you and the application developer to onboard your application to our platform if it supports SCIM.
 
 1. Use the [BYOA SCIM](../app-provisioning/use-scim-to-provision-users-and-groups.md) generic user provisioning support for the app. This is a requirement for Azure AD to provision users to the app without a pre-integrated provisioning connector.
 

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

@@ -296,6 +296,20 @@ The SuccessFactors connector supports expansion of the position object. To expan
 | positionNameFR | $.employmentNav.results[0].jobInfoNav.results[0].positionNav.externalName_fr_FR |
 | positionNameDE | $.employmentNav.results[0].jobInfoNav.results[0].positionNav.externalName_de_DE |
 
+### Provisioning users in the Onboarding module
+Inbound user provisioning from SAP SuccessFactors to on-premises Active Directory and Azure AD now supports advance provisioning of pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. Upon encountering a new hire profile with future start date, the Azure AD provisioning service queries SAP SuccessFactors to get new hires with one of the following status codes: `active`, `inactive`, `active_external`. The status code `active_external` corresponds to pre-hires present in the SAP SuccessFactors Onboarding 2.0 module. For a description of these status codes, refer to [SAP support note 2736579](https://launchpad.support.sap.com/#/notes/0002736579).
+
+The default behavior of the provisioning service is to process pre-hires in the Onboarding module. 
+
+If you want to exclude processing of pre-hires in the Onboarding module, update your provisioning job configuration as follows: 
+1. Open the attribute-mapping blade of your SuccessFactors provisioning app.
+1. Under show advanced options, edit the SuccessFactors attribute list to add a new attribute called `userStatus`.
+1. Set the JSONPath API expression for this attribute as: `$.employmentNav.results[0].userNav.status`
+1. Save the schema to return back to the attribute mapping blade. 
+1. Edit the Source Object scope to apply a scoping filter `userStatus NOT EQUALS active_external`
+1. Save the mapping and validate that the scoping filter works using provisioning on demand. 
+
+
 ## Writeback scenarios
 
 This section covers different write-back scenarios. It recommends configuration approaches based on how email and phone number is setup in SuccessFactors.

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -1326,7 +1326,7 @@ Once the initial cycle has started, you can select **Provisioning logs** in the
 
 ## Publish your application to the AAD application gallery
 
-If you're building an application that will be used by more than one tenant, you can make it available in the Azure AD application gallery. This will make it easy for organizations to discover the application and configure provisioning. Publishing your app in the Azure AD gallery and making provisioning available to others is easy. Check out the steps [here](../develop/v2-howto-app-gallery-listing.md). Microsoft will work with you to integrate your application into our gallery, test your endpoint, and release onboarding [documentation](../saas-apps/tutorial-list.md) for customers to use.
+If you're building an application that will be used by more than one tenant, you can make it available in the Azure AD application gallery. This will make it easy for organizations to discover the application and configure provisioning. Publishing your app in the Azure AD gallery and making provisioning available to others is easy. Check out the steps [here](../manage-apps/v2-howto-app-gallery-listing.md). Microsoft will work with you to integrate your application into our gallery, test your endpoint, and release onboarding [documentation](../saas-apps/tutorial-list.md) for customers to use.
 
 ### Gallery onboarding checklist
 Use the checklist to onboard your application quickly and customers have a smooth deployment experience. The information will be gathered from you when onboarding to the gallery.