Merge pull request #90422 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory-b2c/active-directory-b2c-reference-sspr.md

@@ -26,6 +26,7 @@ By default, your directory doesn't have self-service password reset turned on. U
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the Subscription Administrator. This is the same work or school account or the same Microsoft account that you used to create your directory.
 2. Open **Azure Active Directory** (in the navigation bar on the left side).
+3. Scroll down on the options blade and select **Password reset**.
 4. Set **Self service password reset enabled**  to **All**. 
 5. Click **Save** at the top of the page. You're done!
 

articles/active-directory-b2c/date-transformations.md

@@ -25,8 +25,8 @@ Checks that one date and time claim (string data type) is later than a second da
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | leftOperand | string | First claim's type, which should be later than the second claim. |
-| inputClaim | rightOperand | string | Second claim's type, which should be earlier than the first claim. |
+| InputClaim | leftOperand | string | First claim's type, which should be later than the second claim. |
+| InputClaim | rightOperand | string | Second claim's type, which should be earlier than the first claim. |
 | InputParameter | AssertIfEqualTo | boolean | Specifies whether this assertion should pass if the left operand is equal to the right operand. |
 | InputParameter | AssertIfRightOperandIsNotPresent | boolean | Specifies whether this assertion should pass if the right operand is missing. |
 | InputParameter | TreatAsEqualIfWithinMillseconds | int | Specifies the number of milliseconds to allow between the two date times to consider the times equal (for example, to account for clock skew). |

articles/active-directory-b2c/string-transformations.md

@@ -25,8 +25,8 @@ Compare two claims, and throw an exception if they are not equal according to th
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | inputClaim1 | string | First claim's type, which is to be compared. |
-| inputClaim | inputClaim2 | string | Second claim's type, which is to be compared. |
+| InputClaim | inputClaim1 | string | First claim's type, which is to be compared. |
+| InputClaim | inputClaim2 | string | Second claim's type, which is to be compared. |
 | InputParameter | stringComparison | string | string comparison, one of the values: Ordinal, OrdinalIgnoreCase. |
 
 The **AssertStringClaimsAreEqual** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **UserMessageIfClaimsTransformationStringsAreNotEqual** self-asserted technical profile metadata controls the error message that is presented to the user.
@@ -150,8 +150,8 @@ Determine whether one string claim is equal to another. The result is a new bool
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | inputClaim1 | string | First claim type, which is to be compared. |
-| inputClaim | inputClaim2 | string | Second claim type, which is to be compared. |
+| InputClaim | inputClaim1 | string | First claim type, which is to be compared. |
+| InputClaim | inputClaim2 | string | Second claim type, which is to be compared. |
 | InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |
 | InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |
 | OutputClaim | outputClaim | boolean | The ClaimType that is produced after this claims transformation has been invoked. |
@@ -191,7 +191,7 @@ Determines whether a claim value is equal to the input parameter value.
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | inputClaim1 | string | The claim's type, which is to be compared. |
+| InputClaim | inputClaim1 | string | The claim's type, which is to be compared. |
 | InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |
 | InputParameter | compareTo | string | string comparison, one of the values: Ordinal, OrdinalIgnoreCase. |
 | InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |
@@ -500,7 +500,7 @@ Checks that a string claim and `matchTo` input parameter are equal, and sets the
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | inputClaim | string | The claim type, which is to be compared. |
+| InputClaim | inputClaim | string | The claim type, which is to be compared. |
 | InputParameter | matchTo | string | The string to be compared with `inputClaim`. |
 | InputParameter | stringComparison | string | Possible values: `Ordinal` or `OrdinalIgnoreCase`. |
 | InputParameter | stringMatchMsg | string | First value to be set if strings are equal. |
@@ -549,7 +549,7 @@ Checks that a string claim and `matchTo` input parameter are equal, and sets the
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| inputClaim | claimToMatch | string | The claim type, which is to be compared. |
+| InputClaim | claimToMatch | string | The claim type, which is to be compared. |
 | InputParameter | matchTo | string | The string to be compared with inputClaim. |
 | InputParameter | stringComparison | string | Possible values: `Ordinal` or `OrdinalIgnoreCase`. |
 | InputParameter | outputClaimIfMatched | string | The value to be set if strings are equal. |

articles/active-directory/develop/active-directory-saml-claims-customization.md

@@ -61,7 +61,6 @@ From the **Choose name identifier format** dropdown, you can select one of the f
 | **Persistent** | Azure AD will use Persistent as the NameID format. |
 | **EmailAddress** | Azure AD will use EmailAddress as the NameID format. |
 | **Unspecified** | Azure AD will use Unspecified as the NameID format. |
-| **Transient** | Azure AD will use Transient as the NameID format. |
 
 To learn more about the NameIDPolicy attribute, see [Single Sign-On SAML protocol](single-sign-on-saml-protocol.md).
 

articles/active-directory/develop/registration-config-multi-tenant-application-add-to-gallery-how-to.md

@@ -30,7 +30,7 @@ Azure Active Directory (Azure AD) is a cloud-based identity service. The [Azure
 ## If your application supports SAML or OpenIDConnect
 If you have a multitenant application that you want listed in the Azure AD application gallery, you must first make sure that your application supports one of the following single sign-on technologies:
 
-- **OpenID Connect**: To have your app listed, create the multitenant application in Azure AD and implement the [Azure AD consent framework](https://docs.microsoft.com/azure/active-directory/develop/active-directory-integrating-applications) for your application. Send the login request to a common endpoint so that any customer can provide consent to the application. You can control a user's access based on the tenant ID and the user's UPN received in the token. Submit the application by using the process outlined in [Listing your application in the Azure Active Directory application gallery](https://docs.microsoft.com/azure/active-directory/develop/active-directory-app-gallery-listing).
+- **OpenID Connect**: To have your app listed, create the multitenant application in Azure AD and implement the [Azure AD consent framework](https://docs.microsoft.com/azure/active-directory/develop/consent-framework) for your application. Send the login request to a common endpoint so that any customer can provide consent to the application. You can control a user's access based on the tenant ID and the user's UPN received in the token. Submit the application by using the process outlined in [Listing your application in the Azure Active Directory application gallery](https://docs.microsoft.com/azure/active-directory/develop/active-directory-app-gallery-listing).
 
 - **SAML**: If your application supports SAML 2.0, the app can be listed in the gallery. Follow the instructions in [Listing your application in the Azure Active Directory application gallery](https://docs.microsoft.com/azure/active-directory/develop/active-directory-app-gallery-listing).
 

articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md

@@ -107,40 +107,40 @@ In practice, the OBO flow is often used to acquire a token for a downstream API
 ```CSharp
 private void AddAccountToCacheFromJwt(IEnumerable<string> scopes, JwtSecurityToken jwtToken, ClaimsPrincipal principal, HttpContext httpContext)
 {
- try
- {
-  UserAssertion userAssertion;
-  IEnumerable<string> requestedScopes;
-  if (jwtToken != null)
-  {
-   userAssertion = new UserAssertion(jwtToken.RawData, "urn:ietf:params:oauth:grant-type:jwt-bearer");
-   requestedScopes = scopes ?? jwtToken.Audiences.Select(a => $"{a}/.default");
-  }
-  else
-  {
-   throw new ArgumentOutOfRangeException("tokenValidationContext.SecurityToken should be a JWT Token");
-  }
-
-  // Create the application
-  var application = BuildConfidentialClientApplication(httpContext, principal);
-
-  // .Result to make sure that the cache is filled-in before the controller tries to get access tokens
-  var result = application.AcquireTokenOnBehalfOf(requestedScopes.Except(scopesRequestedByMsalNet),
-                                                  userAssertion)
-                                        .ExecuteAsync()
-                                        .GetAwaiter().GetResult();
- }
- catch (MsalException ex)
- {
-  Debug.WriteLine(ex.Message);
-  throw;
- }
+    try
+    {
+        UserAssertion userAssertion;
+        IEnumerable<string> requestedScopes;
+        if (jwtToken != null)
+        {
+            userAssertion = new UserAssertion(jwtToken.RawData, "urn:ietf:params:oauth:grant-type:jwt-bearer");
+            requestedScopes = scopes ?? jwtToken.Audiences.Select(a => $"{a}/.default");
+        }
+        else
+        {
+            throw new ArgumentOutOfRangeException("tokenValidationContext.SecurityToken should be a JWT Token");
+        }
+
+        // Create the application
+        var application = BuildConfidentialClientApplication(httpContext, principal);
+
+        // .Result to make sure that the cache is filled-in before the controller tries to get access tokens
+        var result = application.AcquireTokenOnBehalfOf(requestedScopes.Except(scopesRequestedByMsalNet),
+                                                        userAssertion)
+                                .ExecuteAsync()
+                                .GetAwaiter().GetResult();
+     }
+     catch (MsalException ex)
+     {
+         Debug.WriteLine(ex.Message);
+         throw;
+     }
 }
 ```
 
 ## Protocol
 
-For more information about the on-behalf-of protocol, see [Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow)
+For more information about the on-behalf-of protocol, see [Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
 
 ## Next steps
 

articles/azure-monitor/app/javascript.md

@@ -44,7 +44,7 @@ appInsights.loadAppInsights();
 
 ### Snippet based setup
 
-If your app does not use NPM, you can directly instrument your webpages with Application Insights by pasting this snippet at the top of each your pages. Preferably, it should be the first script in your `<head>` section so that it can monitor any potential issues with all of your dependencies.
+If your app does not use NPM, you can directly instrument your webpages with Application Insights by pasting this snippet at the top of each your pages. Preferably, it should be the first script in your `<head>` section so that it can monitor any potential issues with all of your dependencies. If you are using Blazor Server App, add the snippet at the top of the file `_Host.cshtml` in the `<head>` section.
 
 ```html
 <script type="text/javascript">

articles/azure-resource-manager/resource-group-template-functions-string.md

@@ -1909,10 +1909,33 @@ Creates an absolute URI by combining the baseUri and the relativeUri string.
 
 | Parameter | Required | Type | Description |
 |:--- |:--- |:--- |:--- |
-| baseUri |Yes |string |The base uri string. |
+| baseUri |Yes |string |The base uri string. Take care to observe the behavior regarding the handling of the trailing slash ('/'), as described following this table.  |
 | relativeUri |Yes |string |The relative uri string to add to the base uri string. |
 
-The value for the **baseUri** parameter can include a specific file, but only the base path is used when constructing the URI. For example, passing `http://contoso.com/resources/azuredeploy.json` as the baseUri parameter results in a base URI of `http://contoso.com/resources/`.
+* If **baseUri** ends in a trailing slash, the result is simply
+  **baseUri** followed by **relativeUri**.
+
+* If **baseUri** does not end in a trailing slash one of two things
+  happens.  
+
+   * If **baseUri** has no slashes at all (aside from the "//" near
+     the front) the result is simply **baseUri** followed by **relativeUri**.
+
+   * If **baseUri** has some slashes, but does not end with a slash,
+     everything from the last slash onward is removed from **baseUri**
+     and the result is **baseUri** followed by **relativeUri**.
+     
+Here are some examples:
+
+```
+uri('http://contoso.org/firstpath', 'myscript.sh') -> http://contoso.org/myscript.sh
+uri('http://contoso.org/firstpath/', 'myscript.sh') -> http://contoso.org/firstpath/myscript.sh
+uri('http://contoso.org/firstpath/azuredeploy.json', 'myscript.sh') -> http://contoso.org/firstpath/myscript.sh
+uri('http://contoso.org/firstpath/azuredeploy.json/', 'myscript.sh') -> http://contoso.org/firstpath/azuredeploy.json/myscript.sh
+```
+For complete details, the **baseUri** and **relativeUri** parameters are
+resolved as specified in 
+[RFC 3986, section 5](https://tools.ietf.org/html/rfc3986#section-5).
 
 ### Return value
 

articles/data-explorer/ingest-data-event-hub.md

@@ -126,7 +126,8 @@ Now you connect to the event hub from Azure Data Explorer. When this connection
     | | |
 
     > [!NOTE]
-    > Select **My data includes routing info** to use dynamic routing, where your data includes the necessary routing information as seen in the [sample app](https://github.com/Azure-Samples/event-hubs-dotnet-ingest) comments. If both static and dynamic properties are set, the dynamic properties override the static ones. 
+    > * Select **My data includes routing info** to use dynamic routing, where your data includes the necessary routing information as seen in the [sample app](https://github.com/Azure-Samples/event-hubs-dotnet-ingest) comments. If both static and dynamic properties are set, the dynamic properties override the static ones. 
+    > * Only events enqueued after you create the data connection are ingested.
 
 ## Copy the connection string
 

articles/data-explorer/ingest-data-iot-hub.md

@@ -73,11 +73,11 @@ Now you connect to the IoT Hub from Azure Data Explorer. When this connection is
 
     **Setting** | **Field description**
     |---|---|
-    | Data connection name | The name of the connection you want to create in Azure Data Explorer
-    | IoT Hub | IoT Hub name |
-    | Shared access policy | The name of the shared access policy. Must have read permissions |
-    | Consumer group |  The consumer group defined in the IoT Hub built-in endpoint |
-	| Event system properties | The IoT Hub event system properties |
+    | Data connection name | The name of the connection you want to create in Azure Data Explorer.
+    | IoT Hub | IoT Hub name. |
+    | Shared access policy | The name of the shared access policy. Must have read permissions. |
+    | Consumer group |  The consumer group defined in the IoT Hub built-in endpoint. |
+	| Event system properties | The IoT Hub event system properties. In case that there are multiple records per event message, the system properties will be added to the first one. |
     | | 
 
     > [!NOTE]
@@ -95,8 +95,9 @@ Now you connect to the IoT Hub from Azure Data Explorer. When this connection is
     | Column mapping | *TestMapping* | The mapping you created in **testdb**, which maps incoming JSON data to the column names and data types of **testdb**. Required for JSON, MULTILINE JSON, and AVRO, and optional for other formats.|
     | | |
 
-    > [!TIP]
-    > Select **My data includes routing info** to use dynamic routing, where your data includes the necessary routing information as seen in the [sample app](https://github.com/Azure-Samples/event-hubs-dotnet-ingest) comments. If both static and dynamic properties are set, the dynamic properties override the static ones. 
+    > [!NOTE]
+    > * Select **My data includes routing info** to use dynamic routing, where your data includes the necessary routing information as seen in the [sample app](https://github.com/Azure-Samples/event-hubs-dotnet-ingest) comments. If both static and dynamic properties are set, the dynamic properties override the static ones. 
+    > * Only events enqueued after you create the data connection are ingested.
 
 ## Generate sample data for testing