resolving merge conflicts

Author: uhabiba04

.openpublishing.redirection.json

@@ -1942,11 +1942,6 @@
       "redirect_url": "/azure/cosmos-db/sql-api-get-started",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/search/search-traffic-analytics.md",
-      "redirect_url": "/azure/search/search-monitor-usage",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/search/knowledge-store-howto.md",
       "redirect_url": "/azure/search/knowledge-store-create-rest",
@@ -34106,6 +34101,21 @@
       "redirect_url": "/azure/active-directory-b2c/tutorial-create-tenant",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/authentication/concept-mfa-get-started.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-mfa-get-started",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/concept-conditional-access-block-legacy-authentication.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/concept-conditional-access-security-defaults.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/multi-factor-authentication/end-user/multi-factor-authentication-end-user-app-passwords.experimental.md",
       "redirect_url": "/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords",

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -360,6 +360,5 @@ By using `B2CGraphClient`, you have a service application that can manage your B
 As you incorporate this functionality into your own application, remember a few key points for B2C applications:
 
 * Grant the application the required permissions in the tenant.
-* For now, you need to use ADAL (not MSAL) to get access tokens. (You can also send protocol messages directly, without using a library.)
 * When you call the Graph API, use `api-version=1.6`.
 * When you create and update consumer users, a few properties are required, as described above.

articles/active-directory-b2c/b2clogin.md

@@ -1,5 +1,5 @@
 ---
-title: Set redirect URLs to b2clogin.com - Azure Active Directory B2C
+title: Migrate applications and APIs to b2clogin.com - Azure AD B2C
 description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/17/2019
+ms.date: 12/04/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -17,6 +17,16 @@ ms.subservice: B2C
 
 When you set up an identity provider for sign-up and sign-in in your Azure Active Directory B2C (Azure AD B2C) application, you need to specify a redirect URL. You should no longer reference *login.microsoftonline.com* in your applications and APIs. Instead, use *b2clogin.com* for all new applications, and migrate existing applications from *login.microsoftonline.com* to *b2clogin.com*.
 
+## Deprecation of login.microsoftonline.com
+
+On 04 December 2019, we announced the scheduled retirement of login.microsoftonline.com support in Azure AD B2C on **04 December 2020**:
+
+[Azure Active Directory B2C is deprecating login.microsoftonline.com](https://azure.microsoft.com/updates/b2c-deprecate-msol/)
+
+The deprecation of login.microsoftonline.com goes into effect for all Azure AD B2C tenants on 04 December 2020, providing existing tenants one (1) year to migrate to b2clogin.com. New tenants created after 04 December 2019 will not accept requests from login.microsoftonline.com. All functionality remains the same on the b2clogin.com endpoint.
+
+The deprecation of login.microsoftonline.com does not impact Azure Active Directory tenants. Only Azure Active Directory B2C tenants are affected by this change.
+
 ## Benefits of b2clogin.com
 
 When you use *b2clogin.com* as your redirect URL:
@@ -68,6 +78,10 @@ For example, the authority endpoint for Contoso's sign-up/sign-in policy would n
 https://contosob2c.b2clogin.com/00000000-0000-0000-0000-000000000000/B2C_1_signupsignin1
 ```
 
+For information about migrating OWIN-based web applications to b2clogin.com, see [Migrate an OWIN-based web API to b2clogin.com](multiple-token-endpoints.md).
+
+For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migrate to b2clogin.com](secure-api-management.md#migrate-to-b2clogincom) section of [Secure an Azure API Management API with Azure AD B2C](secure-api-management.md).
+
 ## Microsoft Authentication Library (MSAL)
 
 ### ValidateAuthority property
@@ -92,6 +106,12 @@ this.clientApplication = new UserAgentApplication(
 );
 ```
 
+## Next steps
+
+For information about migrating OWIN-based web applications to b2clogin.com, see [Migrate an OWIN-based web API to b2clogin.com](multiple-token-endpoints.md).
+
+For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migrate to b2clogin.com](secure-api-management.md#migrate-to-b2clogincom) section of [Secure an Azure API Management API with Azure AD B2C](secure-api-management.md).
+
 <!-- LINKS - External -->
 [msal-dotnet]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
 [msal-dotnet-b2c]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics

articles/active-directory/authentication/TOC.yml

@@ -43,8 +43,6 @@
     items:
     - name: How MFA works
       href: concept-mfa-howitworks.md
-    - name: Enable MFA
-      href: concept-mfa-get-started.md
     - name: License your users
       href: concept-mfa-licensing.md
     - name: Manage an Auth Provider

articles/active-directory/authentication/howto-mfa-userstates.md

@@ -49,7 +49,10 @@ User accounts in Azure Multi-Factor Authentication have the following three dist
 
 A user's state reflects whether an admin has enrolled them in Azure MFA, and whether they completed the registration process.
 
-All users start out *Disabled*. When you enroll users in Azure MFA, their state changes to *Enabled*. When enabled users sign in and complete the registration process, their state changes to *Enforced*.  
+All users start out *Disabled*. When you enroll users in Azure MFA, their state changes to *Enabled*. When enabled users sign in and complete the registration process, their state changes to *Enforced*.
+
+> [!NOTE]
+> If MFA is re-enabled on a user object that already has registration details, such as phone or email, then administrators need to have that user re-register MFA via Azure portal or PowerShell. If the user doesn't re-register, their MFA state doesn't transition from *Enabled* to *Enforced* in MFA management UI.
 
 ### View the status for a user
 
@@ -176,6 +179,8 @@ Get-MsolUser -All | Set-MfaState -State Disabled
 
 > [!NOTE]
 > We recently changed the behavior and PowerShell script above accordingly. Previously, the script saved off the MFA methods, disabled MFA, and restored the methods. This is no longer necessary now that the default behavior for disable doesn't clear the methods.
+>
+> If MFA is re-enabled on a user object that already has registration details, such as phone or email, then administrators need to have that user re-register MFA via Azure portal or PowerShell. If the user doesn't re-register, their MFA state doesn't transition from *Enabled* to *Enforced* in MFA management UI.
 
 ## Next steps
 

articles/active-directory/cloud-provisioning/what-is-cloud-provisioning.md

@@ -29,7 +29,7 @@ With Azure AD Connect cloud provisioning, provisioning from AD to Azure AD is or
 
 The following table provides a comparison between Azure AD Connect and Azure AD Connect cloud provisioning:
 
-| Feature | Azure Active Directory Connect synch| Azure Active Directory Connect cloud provisioning |
+| Feature | Azure Active Directory Connect sync| Azure Active Directory Connect cloud provisioning |
 |:--- |:---:|:---:|
 |Connect to single on-premises AD forest|● |● |
 | Connect to multiple on-premises AD forests |● |● |

articles/active-directory/conditional-access/TOC.yml

@@ -17,8 +17,6 @@
   items:
   - name: Common Conditional Access policies
     href: concept-conditional-access-policy-common.md
-  - name: Security defaults
-    href: concept-conditional-access-security-defaults.md
   - name: Conditional Access policy components
     href: concept-conditional-access-policies.md
   - name: Conditions

articles/active-directory/develop/active-directory-claims-mapping.md

@@ -1,5 +1,5 @@
 ---
-title: Customize claims for an Azure AD tenant app (Public Preview) 
+title: Customize claims for Azure AD tenant apps
 titleSuffix: Microsoft identity platform
 description: This page describes Azure Active Directory claims mapping.
 services: active-directory

articles/active-directory/develop/active-directory-configurable-token-lifetimes.md

@@ -1,5 +1,5 @@
 ---
-title: Configurable token lifetimes in Azure Active Directory 
+title: Configurable Azure AD token lifetimes
 titleSuffix: Microsoft identity platform
 description: Learn how to set lifetimes for tokens issued by Azure AD.
 services: active-directory

articles/active-directory/develop/active-directory-enterprise-app-role-management.md

@@ -1,5 +1,5 @@
 ---
-title: Configure the role claim for enterprise applications in Azure AD 
+title: Configure role claim for enterprise Azure AD apps | Azure
 titleSuffix: Microsoft identity platform
 description: Learn how to configure the role claim issued in the SAML token for enterprise applications in Azure Active Directory
 services: active-directory