Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into digital-twins-includes-refactor

Author: KingdomOfEnds

.openpublishing.publish.config.json

@@ -224,11 +224,29 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "samples-qnamaker-go",
+      "url": "https://github.com/Azure-Samples/cognitive-services-qnamaker-go",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-qnamaker-csharp",
       "url": "https://github.com/Azure-Samples/cognitive-services-qnamaker-csharp",
       "branch": "master",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "samples-qnamaker-java",
+      "url": "https://github.com/Azure-Samples/cognitive-services-qnamaker-java",
+      "branch": "master",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "samples-qnamaker-python",
+      "url": "https://github.com/Azure-Samples/cognitive-services-qnamaker-python",
+      "branch": "master",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

.openpublishing.redirection.json

@@ -1271,6 +1271,16 @@
             "redirect_url": "/azure/iot-edge/quickstart",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/iot-edge/quickstart.experimental.md",
+            "redirect_url": "/azure/iot-edge/quickstart",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/iot-edge/quickstart-linux.experimental.md",
+            "redirect_url": "/azure/iot-edge/quickstart-linux",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/iot-edge/how-iot-edge-works.md",
             "redirect_url": "/azure/iot-edge/about-iot-edge",
@@ -13765,6 +13775,11 @@
             "redirect_url": "./end-user/microsoft-authenticator-app-how-to",
             "redirect_document_id": false
         },
+        {
+            "source_path": "articles/service-fabric/service-fabric-patterns-and-scenarios.md",
+            "redirect_url": "/azure/service-fabric/service-fabric-application-scenarios",
+            "redirect_document_id": false
+        },
         {
             "source_path": "articles/service-fabric-mesh/service-fabric-mesh-howto-deploy-app-private-registry.md",
             "redirect_url": "/azure/service-fabric-mesh/service-fabric-mesh-tutorial-template-deploy-app",

articles/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.md

@@ -8,7 +8,7 @@ manager: mtillman
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/20/2018
+ms.date: 11/05/2018
 ms.author: davidmu
 ms.component: B2C
 ---
@@ -60,6 +60,7 @@ You can define an ADFS account as a claims provider by adding it to the **Claims
           <Metadata>
             <Item Key="WantsEncryptedAssertions">false</Item>
             <Item Key="PartnerEntity">https://your-ADFS-domain/federationmetadata/2007-06/federationmetadata.xml</Item>
+            <Item Key=" XmlSignatureAlgorithm">Sha256</Item>
           </Metadata>
           <CryptographicKeys>
             <Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_ADFSSamlCert"/>
@@ -161,6 +162,15 @@ Open a browser and navigate to the URL. Make sure you type the correct URL and t
 9. Select **Add Rule**.  
 10. In **Claim rule template**, select **Send LDAP attributes as claims**.
 11. Provide a **Claim rule name**. For the **Attribute store**, select **Select Active Directory**, add the following claims, then click **Finish** and **OK**.
+
+    | LDAP attrubute | Outgoing claim type |
+    | -------------- | ------------------- |
+    | User-Principal-Name | userPricipalName |
+    | Surname | family_name |
+    | Given-Name | given_name |
+    | E-Mail-Address | email |
+    | Display-Name | name |
+    
 12.  Based on your certificate type, you may need to set the HASH algorithm. On the relying party trust (B2C Demo) properties window, select the **Advanced** tab and change the **Secure hash algorithm** to `SHA-1` or `SHA-256`, and click **Ok**.  
 13. In Server Manager, select **Tools**, and then select **ADFS Management**.
 14. Select the relying party trust you created, select **Update from Federation Metadata**, and then click **Update**. 

articles/active-directory-b2c/active-directory-b2c-support-create-directory.md

@@ -24,7 +24,7 @@ If you encounter issues when you [create an Azure Active Directory B2C (Azure AD
 * If the Azure AD B2C tenant doesn't show up in your list of tenants, try again to create the tenant.
 * If the Azure AD B2C tenant does show up in your list of tenants and you see the following  error message, delete the tenant and create it again:
 
-    "Could not complete the creation of the B2C tenant 'contosob2c'. Please visit this [link](http://go.microsoft.com/fwlink/?LinkID=624192&clcid=0x409) for more guidance."
+    "Could not complete the creation of the B2C tenant 'contosob2c'. Please visit this [link](https://go.microsoft.com/fwlink/?LinkID=624192&clcid=0x409) for more guidance."
 * There are known issues when you delete an existing Azure AD B2C tenant and re-create it by using the same domain name. When you create a new Azure AD B2C tenant, you must use a different domain name.
 * If these resolutions don't work, contact Azure Support. For more information, see [File support requests for Azure AD B2C](active-directory-b2c-support.md).
 

articles/active-directory-b2c/b2clogin.md

@@ -58,7 +58,16 @@ Your Azure AD B2C application probably refers to `login.microsoftonline.com` in
 
 If you're using MSAL, set the **ValidateAuthority** to `false`. The following example shows how you might set the property:
 
+In [MSAL for .Net](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet):
+
 ```CSharp
+ ConfidentialClientApplication client = new ConfidentialClientApplication(...); // can also be PublicClientApplication
+ client.ValidateAuthority = false;
+```
+
+And in [MSAL for Javascript](https://github.com/AzureAD/microsoft-authentication-library-for-js):
+
+```Javascript
 this.clientApplication = new UserAgentApplication(
   env.auth.clientId,
   env.auth.loginAuthority,
@@ -68,5 +77,3 @@ this.clientApplication = new UserAgentApplication(
   }
 );
 ```
-
- For more information, see [ClientApplicationBase Class ](https://docs.microsoft.com/dotnet/api/microsoft.identity.client.clientapplicationbase?view=azure-dotnet).

articles/active-directory-b2c/solution-articles.md

@@ -4,7 +4,7 @@ description: This article gives you links to solution and training information t
 services: active-directory-b2c
 author: davidmu1
 ms.author: davidmu
-ms.date: 10/11/2018
+ms.date: 11/05/2018
 ms.topic: conceptual
 ms.service: active-directory
 ms.component: b2c
@@ -22,3 +22,4 @@ Azure Active Directory (Azure AD) B2C enables organizations to implement busines
 | [Enabling partners, Suppliers, and Customers to Access Applications with Azure active Directory](https://aka.ms/aadexternalidentities) | Every organization’s success, regardless of its size, industry, or compliance and security posture, relies on organizational ability to collaborate with other organizations and connect with customers.<br><br>Bringing together Azure AD, Azure AD B2C, and Azure AD B2B Collaboration, this guide details the business value and the mechanics of building an application or web experience that provides a consolidated authentication experience tailored to the contexts of your employees, business partners and suppliers, and customers. |
 | [Migrating Application Authentication to Azure AD B2C in a Hybrid Environment](https://aka.ms/MigratetoAADB2C) | In today’s modern organizations, digital transformation and moving to the cloud happens in stages, requiring most organizations to at least temporarily operate in a hybrid identity environment.<br><br>This guide focuses on creating the migration plan for moving your first application to Azure AD B2C, and covers the considerations for doing so while in a hybrid identity environment. |
 | [General Data protection Regulation (GDPR) Considerations for Customer Facing Applications](https://aka.ms/AADB2CandGDPR) | For any customer facing applications, GDPR must be taken into consideration by all organizations that embark on projects that hold personal data and serve EU citizens.<br><br>This solution guide focuses on how Azure AD B2C can be used as a flexible component of your overall GDPR compliance approach, including how Azure AD B2C components support each of the key GDPR rights for individuals. |
+| Working with custom policies:<br><ul><li>[Custom policies introduction](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Introduction.pdf)</li><li>[Leverage custom policies in your tenant](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Leveraging%20Custom%20Policies%20for%20your%20Tenant.pdf)</li><li>[Structure policies and manage keys](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Structuring%20Policies%20and%20Managing%20Keys.pdf)</li><li>[Bring your own identity and migrate users](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Bring-your-own-identity%20and%20Migrating%20Users.pdf)</li><li>[Troubleshoot policies and audit access](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Troubleshooting%20Policies%20and%20Auditing.pdf)</li><li>[Deep dive on custom policy schema](http://download.microsoft.com/download/3/6/1/36187D50-A693-4547-848A-176F17AE1213/Deep%20Dive%20on%20Azure%20AD%20B2C%20Custom%20Policies/Azure%20AD%20B2C%20Custom%20Policies%20-%20Deep%20Dive%20on%20Custom%20Policy%20Schema.pdf)</li><br>| This series of documents provides an end-to-end journey with the custom policies in Azure AD B2C, presenting in-depth the most common advanced identity scenarios.<br><br> It includes how to implement and manage custom policies for these scenarios and how to diagnose them with the available tooling. It also provides an in-depth understanding of how custom policies work and details how to fine-tune them to accommodate your own specific requirements. |

articles/active-directory-domain-services/TOC.md

@@ -2,6 +2,7 @@
 
 # Overview
 ## [What is Azure AD Domain Services?](active-directory-ds-overview.md)
+## [FAQs](active-directory-ds-faqs.md)
 ## Is it right for you?
 ### [Compare with Windows Server AD](active-directory-ds-comparison.md)
 ### [Compare with Azure AD join](active-directory-ds-compare-with-azure-ad-join.md)
@@ -55,7 +56,6 @@
 ## [Troubleshoot secure LDAP](active-directory-ds-ldaps-troubleshoot.md)
 
 # Troubleshoot
-## [FAQs](active-directory-ds-faqs.md)
 ## [Troubleshooting guide](active-directory-ds-troubleshooting.md)
 ## [Troubleshoot alerts](active-directory-ds-troubleshoot-alerts.md)
 ### [Fix a broken NSG configuration](active-directory-ds-troubleshoot-nsg.md)

articles/active-directory-domain-services/active-directory-ds-admin-guide-administer-domain.md

@@ -59,7 +59,7 @@ The first step is to set up a Windows Server virtual machine that is joined to t
 ### Remotely administer the managed domain from a client computer (for example, Windows 10)
 The instructions in this article use a Windows Server virtual machine to administer the AAD-DS managed domain. However, you can also choose to use a Windows client (for example, Windows 10) virtual machine to do so.
 
-You can [install Remote Server Administration Tools (RSAT)](http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx) on a Windows client virtual machine by following the instructions on TechNet.
+You can [install Remote Server Administration Tools (RSAT)](https://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx) on a Windows client virtual machine by following the instructions on TechNet.
 
 ## Task 2 - Install Active Directory administration tools on the virtual machine
 Complete the following steps to install the Active Directory Administration tools on the domain joined virtual machine. See Technet for more [information on installing and using Remote Server Administration Tools](https://technet.microsoft.com/library/hh831501.aspx).

articles/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap.md

@@ -14,7 +14,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 09/25/2018
+ms.date: 11/02/2018
 ms.author: ergreenl
 
 ---
@@ -41,7 +41,7 @@ Acquire a valid certificate per the following guidelines, before you enable secu
 
 1. **Trusted issuer** - The certificate must be issued by an authority trusted by computers connecting to the managed domain using secure LDAP. This authority may be a public certification authority (CA) or an Enterprise CA trusted by these computers.
 2. **Lifetime** - The certificate must be valid for at least the next 3-6 months. Secure LDAP access to your managed domain is disrupted when the certificate expires.
-3. **Subject name** - The subject name on the certificate must be your managed domain name. For instance, if your domain is named 'contoso100.com', the certificate's subject name must be 'contoso100.com'. 
+3. **Subject name** - The subject name on the certificate must be your managed domain. For instance, if your domain is named 'contoso100.com', the certificate's subject name must be 'contoso100.com'. Set the DNS name (subject alternate name) to a wildcard name for your managed domain.
 4. **Key usage** - The certificate must be configured for the following uses - Digital signatures and key encipherment.
 5. **Certificate purpose** - The certificate must be valid for SSL server authentication.
 
@@ -79,7 +79,7 @@ On your Windows computer, open a new PowerShell window as **Administrator** and
 $lifetime=Get-Date
 New-SelfSignedCertificate -Subject contoso100.com `
   -NotAfter $lifetime.AddDays(365) -KeyUsage DigitalSignature, KeyEncipherment `
-  -Type SSLServerAuthentication -DnsName *.contoso100.com
+  -Type SSLServerAuthentication -DnsName *.contoso100.com, contoso100.com
 ```
 
 In the preceding sample, replace 'contoso100.com' with the DNS domain name of your managed domain. For example, if you created a managed domain called 'contoso100.onmicrosoft.com', replace 'contoso100.com' in the Subject attribute with 'contoso100.onmicrosoft.com' and '*.contoso100.com' in the DnsName attribute with '*.contoso100.onmicrosoft.com').

articles/active-directory-domain-services/active-directory-ds-getting-started-password-sync-synced-tenant.md

@@ -46,7 +46,7 @@ A synced Azure AD tenant is set to synchronize with your organization's on-premi
 ### Install or update Azure AD Connect
 Install the latest recommended release of Azure AD Connect on a domain joined computer. If you have an existing instance of Azure AD Connect setup, you need to update it to use the latest version of Azure AD Connect. To avoid known issues/bugs that may have already been fixed, always use the latest version of Azure AD Connect.
 
-**[Download Azure AD Connect](http://www.microsoft.com/download/details.aspx?id=47594)**
+**[Download Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594)**
 
 Recommended version: **1.1.614.0** - published on September 5, 2017.