MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 25 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 25 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-technical-profile.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/active-directory-technical-profile.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/analytics-with-application-insights.md
Lines changed: 88 additions & 90 deletions b/‎articles/active-directory-b2c/analytics-with-application-insights.md
Lines changed: 88 additions & 90 deletions
diff --git a/‎articles/active-directory-b2c/custom-policy-keep-me-signed-in.md
Lines changed: 12 additions & 4 deletions b/‎articles/active-directory-b2c/custom-policy-keep-me-signed-in.md
Lines changed: 12 additions & 4 deletions
diff --git a/‎articles/active-directory-b2c/openid-connect-technical-profile.md
Lines changed: 10 additions & 0 deletions b/‎articles/active-directory-b2c/openid-connect-technical-profile.md
Lines changed: 10 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/self-asserted-technical-profile.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/self-asserted-technical-profile.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-domain-services/troubleshoot-account-lockout.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-domain-services/troubleshoot-account-lockout.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-domain-services/tutorial-create-management-vm.md
Lines changed: 0 additions & 1 deletion b/‎articles/active-directory-domain-services/tutorial-create-management-vm.md
Lines changed: 0 additions & 1 deletion
diff --git a/‎articles/active-directory/hybrid/howto-troubleshoot-upn-changes.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/hybrid/howto-troubleshoot-upn-changes.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/reports-monitoring/concept-sign-ins.md
Lines changed: 8 additions & 4 deletions b/‎articles/active-directory/reports-monitoring/concept-sign-ins.md
Lines changed: 8 additions & 4 deletions
@@ -7049,6 +7049,11 @@
       "redirect_url": "/azure/app-service-mobile",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/application-gateway/application-gateway-covid-guidelines.md",
+      "redirect_url": "/azure/application-gateway/high-traffic-support",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/application-gateway/application-gateway-backend-ssl.md",
       "redirect_url": "/azure/application-gateway/ssl-overview",
@@ -26594,6 +26599,21 @@
       "redirect_url": "/azure/virtual-machines/linux/tutorial-lamp-stack",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/vpn-gateway/nva-working-remotely-support.md",
+      "redirect_url": "/azure/vpn-gateway/nva-work-remotely-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/expressroute/working-remotely-support.md",
+      "redirect_url": "/azure/expressroute/work-remotely-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/bastion/working-remotely-support.md",
+      "redirect_url": "/azure/bastion/work-remotely-support",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/vpn-gateway/vpn-gateway-site-to-site-create.md",
       "redirect_url": "/azure/vpn-gateway/vpn-gateway-howto-site-to-site-classic-portal",
@@ -43745,6 +43765,11 @@
       "redirect_url": "/azure/cognitive-services/acoustics/what-is-acoustics",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Acoustics/index.md",
+      "redirect_url": "/azure/cognitive-services/acoustics/what-is-acoustics",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/iot-central/howto-export-data.md",
       "redirect_url": "/azure/iot-central/core/howto-export-data-event-hubs-service-bus",
 
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/16/2020
+ms.date: 03/24/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -251,7 +251,7 @@ The following technical profile deletes a social user account using **alternativ
 | ClientId | No | The client identifier for accessing the tenant as a third party. For more information, see [Use custom attributes in a custom profile edit policy](custom-policy-custom-attributes.md) |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 
-## Error messages
+### Error messages
 
 The following settings can be used to configure the error message displayed upon failure. The metadata should be configured in the [self-asserted](self-asserted-technical-profile.md) technical profile. The error messages can be [localized](localization.md).
 
 
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/27/2020
+ms.date: 03/24/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -103,7 +103,15 @@ We recommend that you set the value of SessionExpiryInSeconds to be a short peri
 </RelyingParty>
 ```
 
-4. Save your changes and then upload the file.
-5. To test the custom policy that you uploaded, in the Azure portal, go to the policy page, and then select **Run now**.
+## Test your policy
 
-You can find the sample policy [here](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/keep%20me%20signed%20in).
+1. Save your changes, and then upload the file.
+1. To test the custom policy you uploaded, in the Azure portal, go to the policy page, and then select **Run now**.
+1. Type your **username** and **password**, select **Keep me signed in**, and then click **sign-in**.
+1. Go back to the Azure portal. Go to the policy page, and then select **Copy** to copy the sign-in URL.
+1. In the browser address bar, remove the `&prompt=login` query string parameter, which forces the user to enter their credentials on that request.
+1. In the browser, click **Go**. Now Azure AD B2C will issue an access token without prompting you to sign-in again. 
+
+## Next steps
+
+Find the sample policy [here](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/keep%20me%20signed%20in).
@@ -88,6 +88,16 @@ The technical profile also returns claims that aren't returned by the identity p
 | DiscoverMetadataByTokenIssuer | No | Indicates whether the OIDC metadata should be discovered by using the issuer in the JWT token. |
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 
+### Error messages
+ 
+The following settings can be used to configure the error message displayed upon failure. The metadata should be configured in the OpenID Connect technical profile. The error messages can be [localized](localization-string-ids.md#sign-up-or-sign-in-error-messages).
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| UserMessageIfClaimsPrincipalDoesNotExist | No | The message to display to the user if an account with the provided username not found in the directory. |
+| UserMessageIfInvalidPassword | No | The message to display to the user if the password is incorrect. |
+| UserMessageIfOldPasswordUsed| No |  The message to display to the user if an old password used.|
+
 ## Cryptographic keys
 
 The **CryptographicKeys** element contains the following attribute:
 
@@ -174,7 +174,7 @@ The following example demonstrates the use of a self-asserted technical profile
 
 ## Persist claims
 
-If the **PersistedClaims** element is absent, the self-asserted technical profile doesn't persist the data to Azure AD B2C. Instead, a call is made to a validation technical profile that's responsible for persisting the data. For example, the sign-up policy uses the `LocalAccountSignUpWithLogonEmail` self-asserted technical profile to collect the new user profile. The `LocalAccountSignUpWithLogonEmail` technical profile calls the validation technical profile to create the account in Azure AD B2C.
+The PersistedClaims element is not used. The self-asserted technical profile doesn't persist the data to Azure AD B2C. Instead, a call is made to a validation technical profile that's responsible for persisting the data. For example, the sign-up policy uses the `LocalAccountSignUpWithLogonEmail` self-asserted technical profile to collect the new user profile. The `LocalAccountSignUpWithLogonEmail` technical profile calls the validation technical profile to create the account in Azure AD B2C.
 
 ## Validation technical profiles
 
 
@@ -52,7 +52,7 @@ The most common reasons for an account to be locked out, without any malicious i
 
 ## Troubleshoot account lockouts with security audits
 
-To troubleshoot when account lockout events occur and where they're coming from, [enable security audits for Azure AD DS (currently in preview)][security-audit-events]. Audit events are only captured from the time you enable the feature. Ideally, you should enable security audits *before* there's an account lockout issue to troubleshoot. If a user account repeatedly has lockout issues, you can enable security audits ready for the next time the situation occurs.
+To troubleshoot when account lockout events occur and where they're coming from, [enable security audits for Azure AD DS][security-audit-events]. Audit events are only captured from the time you enable the feature. Ideally, you should enable security audits *before* there's an account lockout issue to troubleshoot. If a user account repeatedly has lockout issues, you can enable security audits ready for the next time the situation occurs.
 
 Once you have enabled security audits, the following sample queries show you how to review *Account Lockout Events*, code *4740*.
 
 
@@ -87,7 +87,6 @@ To get started, connect to the Windows Server VM as follows:
 
     ![Connect to Windows virtual machine using Bastion in the Azure portal](./media/join-windows-vm/connect-to-vm.png)
 
-    You can also [create and use an Azure Bastion host (currently in preview)][azure-bastion] to allow access only through the Azure portal over TLS.
 1. Enter the credentials for your VM, then select **Connect**.
 
    ![Connect through the Bastion host in the Azure portal](./media/join-windows-vm/connect-to-bastion.png)
 
@@ -105,7 +105,7 @@ Create a defined procedure for changing UPNs on individual users as part of norm
 
 The following sections detail potential known issues and workarounds when UPNs are changed.
 
-## App provisioning known issues and workarounds
+## user provisioning known issues and workarounds
 
 [Software as a service (SaaS)](https://azure.microsoft.com/overview/what-is-saas/) and Line of Business (LoB) applications often rely on UPNs to find users and store user profile information, including roles. Applications that use [Just in Time provisioning](https://docs.microsoft.com/azure/active-directory/app-provisioning/user-provisioning) to create a user profile when users sign in to the app for the first time can be affected by UPN changes.
 
@@ -228,10 +228,10 @@ The user needs to select the drop-down menu on the account enabled for Phone sig
 ## Security Key (FIDO2) known issues and workarounds
 
 **Known issues** <br>
-Users are not able to sign in to Windows Azure AD Join or Hybrid Join devices using a security key enrolled before the UPN change.
+When multiple users are registered on the same key, the sign in screen shows an account selection page where the old UPN is displayed. Sign ins using Security Keys are not affected by UPN changes.  
 
 **Workaround**<br>
-Users must [reset the security key and re-register](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key#known-issues).
+To remove references to old UPNs, users must [reset the security key and re-register](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key#known-issues).
 
 ## OneDrive known issues and workarounds
 
 
@@ -43,7 +43,7 @@ This article gives you an overview of the sign-ins report.
 
 ### What Azure AD license do you need to access sign-in activity?
 
-- The sign-in activity report is available in all editions of Azure AD.
+- The sign-in activity report is available in [all editions of Azure AD](reference-reports-data-retention.md#how-long-does-azure-ad-store-the-data).
 
 - If you want to access the sign-in data using an API, your tenant must have an [Azure Active Directory Premium](../fundamentals/active-directory-get-started-premium.md) license associated with it.
 
@@ -173,13 +173,17 @@ The **Location** - The location the connection was initiated from:
 **Correlation ID** - The correlation ID of the activity.
 
 
+
+
 **Conditional access** - The status of the applied conditional access rules
 
-- Not applied 
+- **Not applied**: No policy applied to the user and application during sign-in.
+
+- **Success**: One or more conditional access policies applied to the user and application (but not necessarily the other conditions) during sign-in. 
+
+- **Failure**: One or more conditional access policies applied and was not satisfied during sign-in.
 
-- Success
 
-- Failure