Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -31018,7 +31018,7 @@
     },
     {
       "source_path": "articles/operations-management-suite/operations-management-suite-service-map-configure.md",
-      "redirect_url": "/azure/monitoring/monitoring-service-map-configure",
+      "redirect_url": "/azure/azure-monitor/insights/service-map#enable-service-map",
       "redirect_document_id": false
     },
     {
@@ -38185,6 +38185,11 @@
       "redirect_url": "/azure/azure-monitor/insights/service-map-scom",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/monitoring/monitoring-service-map-configure.md",
+      "redirect_url": "/azure/azure-monitor/insights/service-map#enable-service-map",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/video-indexer/connect-to-azure.md",
       "redirect_url": "/azure/media-services/video-indexer/connect-to-azure",
@@ -46639,6 +46644,11 @@
       "source_path": "articles/healthcare-apis/overview-open-source-server.md",
       "redirect_url": "/azure/healthcare-apis/overview",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/mysql/concepts-aad-authentication.md",
+      "redirect_url": "/azure/mysql/concepts-azure-ad-authentication",
+      "redirect_document_id": false
     }
   ]
 }

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -263,7 +263,7 @@ When you want to sign the user out of the application, it isn't enough to clear
 To sign out the user, redirect the user to the `end_session` endpoint that is listed in the OpenID Connect metadata document described earlier:
 
 ```HTTP
-GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
+GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fjwt.ms%2F
 ```
 
 | Parameter | Required | Description |

articles/active-directory-b2c/cookie-definitions.md

@@ -1,5 +1,6 @@
 ---
-title: Cookie definitions - Azure Active Directory B2C | Microsoft Docs
+title: Cookie definitions
+titleSuffix: Azure AD B2C
 description: Provides definitions for the cookies used in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,24 +9,38 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/18/2019
+ms.date: 01/23/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
 
-# Cookies definitions for Azure Active Directory B2C
+# Cookies definitions for Azure AD B2C
 
-The following table lists the cookies used in Azure Active Directory B2C.
+The following sections provide information about the cookies used in Azure Active Directory B2C (Azure AD B2C).
+
+## SameSite
+
+The Microsoft Azure AD B2C service is compatible with SameSite browser configurations, including support for `SameSite=None` with the `Secure` attribute.
+
+To safeguard access to sites, web browsers will introduce a new secure-by-default model that assumes all cookies should be protected from external access unless otherwise specified. The Chrome browser is the first to implement this change, starting with [Chrome 80 in February 2020](https://www.chromium.org/updates/same-site). For more information about preparing for the change in Chrome, see [Developers: Get Ready for New SameSite=None; Secure Cookie Settings](https://blog.chromium.org/2019/10/developers-get-ready-for-new.html) on the Chromium Blog.
+
+Developers must use the new cookie setting, `SameSite=None`, to designate cookies for cross-site access. When the `SameSite=None` attribute is present, an additional `Secure` attribute must be used so cross-site cookies can only be accessed over HTTPS connections. Validate and test all your applications, including those applications that use Azure AD B2C.
+
+For more information, see [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome).
+
+## Cookies
+
+The following table lists the cookies used in Azure AD B2C.
 
 | Name | Domain | Expiration | Purpose |
 | ----------- | ------ | -------------------------- | --------- |
-| x-ms-cpim-admin | main.b2cadmin.ext.azure.com | End of [browser session](session-behavior.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
-| x-ms-cpim-slice | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used to route requests to the appropriate production instance. |
-| x-ms-cpim-trans | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
-| x-ms-cpim-sso:{Id} | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. |
-| x-ms-cpim-cache:{id}_n | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
-| x-ms-cpim-csrf | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
-| x-ms-cpim-dc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
-| x-ms-cpim-ctx | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Context |
-| x-ms-cpim-rp | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
-| x-ms-cpim-rc | login.microsoftonline.com, b2clogin.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |
+| `x-ms-cpim-admin` | main.b2cadmin.ext.azure.com | End of [browser session](session-behavior.md) | Holds user membership data across tenants. The tenants a user is a member of and level of membership (Admin or User). |
+| `x-ms-cpim-slice` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used to route requests to the appropriate production instance. |
+| `x-ms-cpim-trans` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
+| `x-ms-cpim-sso:{Id}` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. |
+| `x-ms-cpim-cache:{id}_n` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
+| `x-ms-cpim-csrf` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
+| `x-ms-cpim-dc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
+| `x-ms-cpim-ctx` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Context |
+| `x-ms-cpim-rp` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
+| `x-ms-cpim-rc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |

articles/active-directory-b2c/technicalprofiles.md

@@ -95,6 +95,7 @@ The **TechnicalProfile** contains the following elements:
 | OutputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed after the claims are received from the claims provider. |
 | ValidationTechnicalProfiles | 0:n | A list of references to other technical profiles that the technical profile uses for validation purposes. For more information, see [validation technical profile](validation-technical-profile.md)|
 | SubjectNamingInfo | 0:1 | Controls the production of the subject name in tokens where the subject name is specified separately from claims. For example, OAuth or SAML.  |
+| IncludeInSso | 0:1 |  Whether usage of this technical profile should apply single sign-on (SSO) behavior for the session, or instead require explicit interaction. Possible values: `true` (default), or `false`. |
 | IncludeClaimsFromTechnicalProfile | 0:1 | An identifier of a technical profile from which you want all of the input and output claims to be added to this technical profile. The referenced technical profile must be defined in the same policy file. |
 | IncludeTechnicalProfile |0:1 | An identifier of a technical profile from which you want all data to be added to this technical profile. The referenced technical profile must exist in the same policy file. |
 | UseTechnicalProfileForSessionManagement | 0:1 | A different technical profile to be used for session management. |

articles/active-directory-b2c/tutorial-register-applications.md

@@ -84,7 +84,7 @@ Once the application registration is complete, enable the implicit grant flow:
 
 ## Create a client secret
 
-If your application exchanges a code for a token, you need to create an application secret.
+If your application exchanges an authorization code for an access token, you need to create an application secret.
 
 #### [Applications](#tab/applications/)
 

articles/active-directory/manage-apps/application-provisioning-config-how-to.md

@@ -37,19 +37,19 @@ If you would like to request support for automatic provisioning for a given app,
 
 ## Configuring an application for Automatic Provisioning
 
-*Automatic* means that an Azure AD provisioning connector has been developed for this application. For more information on the Azure AD provisioning service and how it works, see [Automate User Provisioning and Deprovisioning to SaaS Applications with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-saas-app-provisioning).
+*Automatic* means that an Azure AD provisioning connector has been developed for this application. For more information on the Azure AD provisioning service and how it works, see [Automate User Provisioning and Deprovisioning to SaaS Applications with Azure Active Directory](user-provisioning.md).
 
-For more information on how to provision specific users and groups to an application, see [Managing user account provisioning for enterprise apps](https://docs.microsoft.com/azure/active-directory/active-directory-enterprise-apps-manage-provisioning).
+For more information on how to provision specific users and groups to an application, see [Managing user account provisioning for enterprise apps](configure-automatic-user-provisioning-portal.md).
 
 The actual steps required to enable and configure automatic provisioning varies depending on the application.
 
 > [!NOTE]
-> You should start by finding the setup tutorial specific to setting up provisioning for your application, and following those steps to configure both the app and Azure AD to create the provisioning connection. 
+> You should start by finding the setup tutorial specific to setting up provisioning for your application, and following those steps to configure both the app and Azure AD to create the provisioning connection.
 
-App tutorials can be found at [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list).
+App tutorials can be found at [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](../saas-apps/tutorial-list.md).
 
 An important thing to consider when setting up provisioning is to review and configure the attribute mappings and workflows that define which user (or group) properties flow from Azure AD to the application. This includes setting the “matching property” that is used to uniquely identify and match users/groups between the two systems. See the link in *Next Steps* for more information on attribute mappings.
 
 ## Next steps
-[Customizing User Provisioning Attribute Mappings for SaaS Applications in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-saas-customizing-attribute-mappings)
+[Customizing User Provisioning Attribute Mappings for SaaS Applications in Azure Active Directory](customize-application-attributes.md)
 

articles/active-directory/manage-apps/application-provisioning-config-problem-scim-compatibility.md

@@ -65,15 +65,15 @@ Yes. If you are already using this application instance for single sign-on, and
 
    `GET https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs` 
 
-   ![Get Jobs](./media/application-provisioning-config-problem-scim-compatibility/get-jobs.PNG "Get Jobs") 
+   ![Get Jobs](media/application-provisioning-config-problem-scim-compatibility/get-jobs.PNG "Get Jobs") 
 
 
 6. In the results, copy the full "ID" string that begins with either "customappsso" or "scim".
 7. Run the command below to retrieve the attribute-mapping configuration, so you can make a backup. Use the same [object-id] as before, and replace [job-id] with the provisioning job ID copied from the last step.
 
    `GET https://graph.microsoft.com/beta/servicePrincipals/[object-id]/synchronization/jobs/[job-id]/schema`
 
-   ![Get Schema](./media/application-provisioning-config-problem-scim-compatibility/get-schema.PNG "Get Schema") 
+   ![Get Schema](media/application-provisioning-config-problem-scim-compatibility/get-schema.PNG "Get Schema") 
 
 8. Copy the JSON output from the last step, and save it to a text file. This contains any custom attribute-mappings that you added to your old app, and should be approximately a few thousand lines of JSON.
 9. Run the command below to delete the provisioning job:

articles/active-directory/manage-apps/application-provisioning-config-problem.md

@@ -22,9 +22,9 @@ ms.collection: M365-identity-device-management
 
 # Problem configuring user provisioning to an Azure AD Gallery application
 
-Configuring [automatic user provisioning](https://docs.microsoft.com/azure/active-directory/active-directory-saas-app-provisioning) for an app (where supported), requires that specific instructions be followed to prepare the application for automatic provisioning. Then you can use the Azure portal to configure the provisioning service to synchronize user accounts to the application.
+Configuring [automatic user provisioning](user-provisioning.md) for an app (where supported), requires that specific instructions be followed to prepare the application for automatic provisioning. Then you can use the Azure portal to configure the provisioning service to synchronize user accounts to the application.
 
-You should always start by finding the setup tutorial specific to setting up provisioning for your application. Then follow those steps to configure both the app and Azure AD to create the provisioning connection. A list of app tutorials can be found at [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-saas-tutorial-list).
+You should always start by finding the setup tutorial specific to setting up provisioning for your application. Then follow those steps to configure both the app and Azure AD to create the provisioning connection. A list of app tutorials can be found at [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](../saas-apps/tutorial-list.md).
 
 ## How to see if provisioning is working 
 
@@ -59,11 +59,11 @@ In order for provisioning to work, Azure AD requires valid credentials that allo
 
 When a user shows up as “skipped” in the provisioning logs, it is very important to read the extended details in the log message to determine the reason. Below are common reasons and resolutions:
 
-- **A scoping filter has been configured** **that is filtering the user out based on an attribute value**. For more information on scoping filters, see <https://docs.microsoft.com/azure/active-directory/active-directory-saas-scoping-filters>.
+- **A scoping filter has been configured** **that is filtering the user out based on an attribute value**. For more information, see [Attribute-based application provisioning with scoping filters](define-conditional-rules-for-provisioning-user-accounts.md).
 
-- **The user is “not effectively entitled”.** If you see this specific error message, it is because there is a problem with the user assignment record stored in Azure AD. To fix this issue, un-assign the user (or group) from the app, and re-assign it again. For more information on assignment, see <https://docs.microsoft.com/azure/active-directory/active-directory-coreapps-assign-user-azure-portal>.
+- **The user is “not effectively entitled”.** If you see this specific error message, it is because there is a problem with the user assignment record stored in Azure AD. To fix this issue, un-assign the user (or group) from the app, and re-assign it again. For more information, see [Assign a user or group to an enterprise app](assign-user-or-group-access-portal.md).
 
-- **A required attribute is missing or not populated for a user.** An important thing to consider when setting up provisioning be to review and configure the attribute mappings and workflows that define which user (or group) properties flow from Azure AD to the application. This includes setting the “matching property” that be used to uniquely identify and match users/groups between the two systems. For more information on this important process, see <https://docs.microsoft.com/azure/active-directory/active-directory-saas-customizing-attribute-mappings>.
+- **A required attribute is missing or not populated for a user.** An important thing to consider when setting up provisioning be to review and configure the attribute mappings and workflows that define which user (or group) properties flow from Azure AD to the application. This includes setting the “matching property” that be used to uniquely identify and match users/groups between the two systems. For more information on this important process, see [Customizing user provisioning attribute-mappings](customize-application-attributes.md).
 
   * **Attribute mappings for groups:** Provisioning of the group name and group details, in addition to the members, if supported for some applications. You can enable or disable this functionality by enabling or disabling the **Mapping** for group objects shown in the **Provisioning** tab. If provisioning groups is enabled, be sure to review the attribute mappings to ensure an appropriate field is being used for the “matching ID”. This can be the display name or email alias), as the group and its members not be provisioned if the matching property is empty or not populated for a group in Azure AD.