Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: DennisLee-DennisLee

.openpublishing.publish.config.json

@@ -377,6 +377,11 @@
       "url": "https://github.com/microsoft/immersive-reader-sdk",
       "branch": "master",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "azure-cosmosdb-java-v2",
+      "url": "https://github.com/Azure/azure-cosmosdb-java",
+      "branch": "master"
     }
   ],
   "branch_target_mapping": {

articles/active-directory-b2c/predicates.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 10/28/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -27,6 +27,8 @@ The following diagram shows the relationship between the elements:
 
 The **Predicate** element defines a basic validation to check the value of a claim type and returns `true` or `false`. The validation is done by using a specified **Method** element and a set of **Parameter** elements relevant to the method. For example, a predicate can check whether the length of a string claim value is within the range of minimum and maximum parameters specified, or whether a string claim value contains a character set. The **UserHelpText** element provides an error message for users if the check fails. The value of **UserHelpText** element can be localized using [language customization](localization.md).
 
+The **Predicates** element must appear directly following the **ClaimsSchema** element within the [BuildingBlocks](buildingblocks.md) element.
+
 The **Predicates** element contains the following element:
 
 | Element | Occurrences | Description |
@@ -108,6 +110,8 @@ The following example shows a `IsDateRange` method with the parameters `Minimum`
 
 While the predicates define the validation to check against a claim type, the **PredicateValidations** group a set of predicates to form a user input validation that can be applied to a claim type. Each **PredicateValidation** element contains a set of **PredicateGroup** elements that contain a set of **PredicateReference** elements that points to a **Predicate**. To pass the validation, the value of the claim should pass all of the tests of any predicate under all of the **PredicateGroup** with their set of **PredicateReference** elements.
 
+The **PredicateValidations** element must appear directly following the **Predicates** element within the [BuildingBlocks](buildingblocks.md) element.
+
 ```XML
 <PredicateValidations>
   <PredicateValidation Id="">
@@ -190,7 +194,7 @@ With **Predicates** and **PredicateValidationsInput** you can control the comple
 - **Lowercase** using the `IncludesCharacters` method, validates that the password contains a lowercase letter.
 - **Uppercase** using the `IncludesCharacters` method, validates that the password contains an uppercase letter.
 - **Number** using the `IncludesCharacters` method, validates that the password contains a digit.
-- **Symbol** using the `IncludesCharacters` method, validates that the password contains one of following symbols `@#$%^&*\-_+=[]{}|\:',?/~"();!`
+- **Symbol** using the `IncludesCharacters` method, validates that the password contains one of several symbol characters.
 - **PIN** using the `MatchesRegex` method, validates that the password contains numbers only.
 - **AllowedAADCharacters** using the `MatchesRegex` method, validates that the password only invalid character was provided.
 - **DisallowedWhitespace** using the `MatchesRegex` method, validates that the password doesn't begin or end with a whitespace character.
@@ -229,7 +233,7 @@ With **Predicates** and **PredicateValidationsInput** you can control the comple
   <Predicate Id="Symbol" Method="IncludesCharacters">
     <UserHelpText>a symbol</UserHelpText>
     <Parameters>
-      <Parameter Id="CharacterSet">@#$%^&amp;*\-_+=[]{}|\:',?/`~"();!</Parameter>
+      <Parameter Id="CharacterSet">@#$%^&amp;*\-_+=[]{}|\\:',.?/`~"();!</Parameter>
     </Parameters>
   </Predicate>
 

articles/active-directory-domain-services/compare-identity-solutions.md

@@ -94,7 +94,7 @@ On an Azure AD-joined or registered device, user authentication happens using mo
 | Representation in the directory | Device objects in the Azure AD directory            | Computer objects in the Azure AD DS managed domain                        |
 | Authentication                  | OAuth / OpenID Connect based protocols              | Kerberos and NTLM protocols                                               |
 | Management                      | Mobile Device Management (MDM) software like Intune | Group Policy                                                              |
-| Networking                      | Works over the internet                             | Requires machines to be on the same virtual network as the managed domain |
+| Networking                      | Works over the internet                             | Must be connected to, or peered with, the virtual network where the managed domain is deployed |
 | Great for...                    | End-user mobile or desktop devices                  | Server VMs deployed in Azure                                              |
 
 ## Next steps
@@ -107,4 +107,4 @@ To get started with using Azure AD DS, [create an Azure AD DS managed domain usi
 [custom-ou]: create-ou.md
 [manage-gpos]: manage-group-policy.md
 [tutorial-ldaps]: tutorial-configure-ldaps.md
-[tutorial-create]: tutorial-create-instance.md
+[tutorial-create]: tutorial-create-instance.md

articles/active-directory-domain-services/tutorial-configure-networking.md

@@ -151,7 +151,7 @@ To see this managed domain in action, create and join a virtual machine to the d
 > [!div class="nextstepaction"]
 > [Join a Windows Server virtual machine to your managed domain](join-windows-vm.md)
 
-<!-- INTERNAL LINKS -->
+<!-- INTERNAL LINKS --> 
 [create-azure-ad-tenant]: ../active-directory/fundamentals/sign-up-organization.md
 [associate-azure-ad-tenant]: ../active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md
 [create-azure-ad-ds-instance]: tutorial-create-instance.md

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/03/2019
+ms.date: 10/28/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -112,6 +112,8 @@ Configure email addresses here for users who will receive fraud alert emails.
 >[!NOTE]
 >When Multi-Factor Authentication calls are placed through the public telephone network, sometimes they are routed through a carrier that doesn't support caller ID. Because of this, caller ID is not guaranteed, even though the Multi-Factor Authentication system always sends it.
 
+In the United States, if you haven't configured MFA Caller ID, voice calls from Microsoft come from the following numbers: +1 (866) 539 4191, +1 (855) 330 8653, and +1 (877) 668 6536. If using spam filters, make sure to exclude these numbers.
+
 ### Custom voice messages
 
 You can use your own recordings or greetings for two-step verification with the _custom voice messages_ feature. These messages can be used in addition to or to replace the Microsoft recordings.
@@ -384,7 +386,7 @@ Additional details about the use of authentication methods can be found in the a
 The _remember Multi-Factor Authentication_ feature for devices and browsers that are trusted by the user is a free feature for all Multi-Factor Authentication users. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. The feature enhances usability by minimizing the number of times a user has to perform two-step verification on the same device.
 
 >[!IMPORTANT]
->If an account or device is compromised, remembering Multi-Factor Authentication for trusted devices can affect security. If a corporate account becomes compromised or a trusted device is lost or stolen, you should [restore Multi-Factor Authentication on all devices](howto-mfa-userdevicesettings.md#restore-mfa-on-all-remembered-devices-for-a-user).
+>If an account or device is compromised, remembering Multi-Factor Authentication for trusted devices can affect security. If a corporate account becomes compromised or a trusted device is lost or stolen, you should [Revoke MFA Sessions](howto-mfa-userdevicesettings.md).
 >
 >The restore action revokes the trusted status from all devices, and the user is required to perform two-step verification again. You can also instruct your users to restore Multi-Factor Authentication on their own devices with the instructions in [Manage your settings for two-step verification](../user-help/multi-factor-authentication-end-user-manage-settings.md#turn-on-two-factor-verification-prompts-on-a-trusted-device).
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -116,7 +116,7 @@ If you need to kick off a new round of synchronization, us the instructions in [
 There are two factors that affect which authentication methods are available with an NPS extension deployment:
 
 1. The password encryption algorithm used between the RADIUS client (VPN, Netscaler server, or other) and the NPS servers.
-   - **PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, one-way text message, mobile app notification, and mobile app verification code.
+   - **PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, one-way text message, mobile app notification, OATH hardware tokens, and mobile app verification code.
    - **CHAPV2** and **EAP** support phone call and mobile app notification.
 
       > [!NOTE]

articles/active-directory/authentication/howto-mfa-userdevicesettings.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 08/29/2019
+ms.date: 10/28/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -36,33 +36,9 @@ As an administrator assigned the Authentication Administrator role you can requi
    - **Require Re-register MFA** will make it so that when the user signs in next time, they will be requested to setup a new MFA authentication method.
    - **Revoke MFA Sessions** clears the user's remembered MFA sessions and requires them to perform MFA the next time it is required by the policy on the device.
 
-## Require users to provide contact methods again
-
-This setting forces the user to complete the registration process again. Non-browser apps continue to work if the user has app passwords for them.  You can delete the users app passwords by also selecting **Delete all existing app passwords generated by the selected users**.
-
-### How to require users to provide contact methods again
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **Users** > **All users**.
-3. On the right, select **Multi-Factor Authentication** on the toolbar. The multi-factor authentication page opens.
-4. Check the box next to the user or users that you wish to manage. A list of quick step options appears on the right.
-5. Select **Manage user settings**.
-6. Check the box for **Require selected users to provide contact methods again**.
-   ![Require users to provide contact methods again](./media/howto-mfa-userdevicesettings/reproofup.png)
-7. Click **save**.
-8. Click **close**.
-
-Organizations can complete these steps with PowerShell using the following as a guide to clear the `StrongAuthenticationMethods` attribute:
-
-```PowerShell
-$Upn = "[email protected]"
-$noMfaConfig = @()
-Set-MsolUser -UserPrincipalName $Upn -StrongAuthenticationMethods $noMfaConfig
-```
-
 ## Delete users existing app passwords
 
-This setting deletes all of the app passwords that a user has created. Non-browser apps that were associated with these app passwords stop working until a new app password is created.
+This setting deletes all of the app passwords that a user has created. Non-browser apps that were associated with these app passwords stop working until a new app password is created. Global administrator permissions are required to perform this action.
 
 ### How to delete users existing app passwords
 
@@ -76,26 +52,6 @@ This setting deletes all of the app passwords that a user has created. Non-brows
 7. Click **save**.
 8. Click **close**.
 
-## Restore MFA on all remembered devices for a user
-
-One of the configurable features of Azure Multi-Factor Authentication is giving your users the option to mark devices as trusted. For more information, see [Configure Azure Multi-Factor Authentication settings](howto-mfa-mfasettings.md#remember-multi-factor-authentication).
-
-Users can opt out of two-step verification for a configurable number of days on their regular devices. If an account is compromised or a trusted device is lost, you need to be able to remove the trusted status and require two-step verification again.
-
-When checked, **Restore multi-factor authentication on all remembered devices** users are required to perform two-step verification the next time they sign in, even if they marked their device as trusted.
-
-### How to restore MFA on all suspended devices for a user
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **Users** > **All users**.
-3. On the right, select **Multi-Factor Authentication** on the toolbar. The multi-factor authentication page opens.
-4. Check the box next to the user or users that you wish to manage. A list of quick step options appears on the right.
-5. Select **Manage user settings**.
-6. Check the box for **Restore multi-factor authentication on all remembered devices**
-   ![Restore multi-factor authentication on all remembered devices](./media/howto-mfa-userdevicesettings/rememberdevices.png)
-7. Click **save**.
-8. Click **close**.
-
 ## Next steps
 
 - Get more information about how to [Configure Azure Multi-Factor Authentication settings](howto-mfa-mfasettings.md)

articles/active-directory/authentication/howto-sspr-windows.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 07/17/2019
+ms.date: 10/28/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -35,7 +35,6 @@ For machines running Windows 7, 8, 8.1, and 10 you can enable users to reset the
 ## General limitations
 
 - Password reset is not currently supported from a Remote Desktop or from Hyper-V enhanced sessions.
-- Account unlock, mobile app notification, and mobile app code are not supported.
 - This feature does not work for networks with 802.1x network authentication deployed and the option “Perform immediately before user logon”. For networks with 802.1x network authentication deployed it is recommended to use machine authentication to enable this feature.
 
 ## Windows 10 password reset