Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into app-config-cd-ci

Author: jpconnock

.openpublishing.redirection.json

@@ -44955,6 +44955,11 @@
       "redirect_url": "/azure/azure-monitor/app/proactive-diagnostics",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/storage/scripts/storage-common-transfer-between-storage-accounts.md",
+      "redirect_url": "https://docs.microsoft.com/previous-versions/azure/storage/storage-common-transfer-between-storage-accounts",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/common/storage-use-azcopy.md",
       "redirect_url": "/azure/storage/common/storage-use-azcopy-v10",

CODEOWNERS

@@ -8,6 +8,9 @@ articles/chef/ @TomArcherMsft
 articles/jenkins/ @TomArcherMsft
 articles/terraform/ @TomArcherMsft
 
+# Requires Internal Review
+articles/best-practices-availability-paired-regions.md @jpconnock @arob98 @syntaxc4 @tysonn @snoviking
+
 # Governance
 articles/governance/ @DCtheGeek
 

articles/active-directory-b2c/cookie-definitions.md

@@ -26,7 +26,10 @@ To safeguard access to sites, web browsers will introduce a new secure-by-defaul
 
 Developers must use the new cookie setting, `SameSite=None`, to designate cookies for cross-site access. When the `SameSite=None` attribute is present, an additional `Secure` attribute must be used so cross-site cookies can only be accessed over HTTPS connections. Validate and test all your applications, including those applications that use Azure AD B2C.
 
-For more information, see [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome).
+For more information, see:
+
+* [Handle SameSite cookie changes in Chrome browser](../active-directory/develop/howto-handle-samesite-cookie-changes-chrome-browser.md)
+* [Effect on customer websites and Microsoft services and products in Chrome version 80 or later](https://support.microsoft.com/help/4522904/potential-disruption-to-customer-websites-in-latest-chrome)
 
 ## Cookies
 

articles/active-directory-b2c/localization-string-ids.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/10/2018
+ms.date: 01/31/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -75,7 +75,7 @@ The following example localizes the Facebook identity provider to Arabic:
 <LocalizedString ElementType="ClaimsProvider" StringId="FacebookExchange">فيس بوك</LocalizedString>
 ```
 
-## Sign-up or sign-in error messages
+### Sign-up or sign-in error messages
 
 | ID | Default value |
 | -- | ------------- |
@@ -128,7 +128,7 @@ The following are the IDs for a content definition with an ID of `api.localaccou
 | **ver_intro_msg** | Verification is necessary. Please click Send button. |
 | **ver_input** | Verification code |
 
-## Sign-up and self asserted pages error messages
+### Sign-up and self asserted pages error messages
 
 | ID | Default value |
 | -- | ------------- |
@@ -199,6 +199,29 @@ The following example shows the use of some of the user interface elements in th
 
 ![Sign-up page email verification UX elements](./media/localization-string-ids/localization-mfa2.png)
 
+## Verification display control user interface elements
+
+The following are the IDs for a [Verification display control](display-control-verification.md)
+
+| ID | Default value |
+| -- | ------------- |
+|verification_control_but_change_claims |Change |
+|verification_control_fail_send_code |Failed to send the code, please try again later. |
+|verification_control_fail_verify_code |Failed to verify the code, please try again later. |
+|verification_control_but_send_code |Send Code |
+|verification_control_but_send_new_code |Send New Code |
+|verification_control_but_verify_code |Verify Code |
+
+### Verification display control error messages
+
+| ID | Default value |
+| -- | ------------- |
+|UserMessageIfMaxRetryAttempted |One time password provided verification has exceeded maximum number of attempts |
+|UserMessageIfSessionDoesNotExist |One time password verification session has expired |
+|UserMessageIfSessionConflict |One time password verification session has conflict |
+|UserMessageIfInvalidCode |One time password provided for verification is incorrect |
+
+
 
 
 

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -190,6 +190,23 @@ If your previous computer certificate has expired, and a new certificate has bee
 > [!NOTE]
 > If you use your own certificates instead of generating certificates with the PowerShell script, make sure that they align to the NPS naming convention. The subject name must be **CN=\<TenantID\>,OU=Microsoft NPS Extension**. 
 
+### Microsoft Azure Government additional steps
+
+For customers that use Azure Government cloud, the following additional configuration steps are required on each NPS server:
+
+1. Open **Registry Editor** on the NPS server.
+1. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa`. Set the following key values:
+
+    | Registry key       | Value |
+    |--------------------|-----------------------------------|
+    | AZURE_MFA_HOSTNAME | adnotifications.windowsazure.us   |
+    | STS_URL            | https://login.microsoftonline.us/ |
+
+1. Repeat the previous two steps to set the registry key values for each NPS server.
+1. Restart the NPS service for each NPS server.
+
+    For minimal impact, take each NPS server out of the NLB rotation one at a time and wait for all connections to drain.
+
 ### Certificate rollover
 
 With release 1.0.1.32 of the NPS extension, reading multiple certificates is now supported. This capability will help facilitate rolling certificate updates prior to their expiration. If your organization is running a previous version of the NPS extension, you should upgrade to version 1.0.1.32 or higher.

articles/active-directory/cloud-provisioning/tutorial-pilot-aadc-aadccp.md

@@ -64,6 +64,7 @@ Azure AD Connect sync synchronizes changes occurring in your on-premises directo
 
     **Name:** Give the rule a meaningful name<br>
     **Description:** Add a meaningful description<br> 
+    
     **Connected System:** Choose the AD connector that you are writing the custom sync rule for<br>
     **Connected System Object Type:** User<br>
     **Metaverse Object Type:** Person<br>

articles/active-directory/develop/TOC.yml

@@ -740,18 +740,18 @@
   items:
   - name: Glossary
     href: developer-glossary.md
-  - name: Azure roadmap
-    href: https://azure.microsoft.com/roadmap/?category=security-identity
+  - name: Videos
+    href: identity-videos.md
   - name: Azure AD blog
     href: https://cloudblogs.microsoft.com/enterprisemobility/?product=azure-active-directory
   - name: Microsoft identity platform developer blog
     href: https://developer.microsoft.com/en-us/identity/blogs/
+  - name: Azure roadmap
+    href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Try Sign in with Microsoft
     href: https://azure.microsoft.com/develop/identity/signin/
+  - name: Managed identities for Azure resources
+    href: https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview
   - name: Getting help
     displayName: support, help options
     href: developer-support-help-options.md
-  - name: Managed identities for Azure resources
-    href: https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview
-  - name: Microsoft identity platform videos
-    href: identity-videos.md

articles/active-directory/develop/scenario-protected-web-api-app-configuration.md

@@ -44,7 +44,7 @@ The bearer token that's set in the header when the app is called holds informati
 Here's a C# code example that shows a client calling the API after it acquires a token with Microsoft Authentication Library for .NET (MSAL.NET):
 
 ```csharp
-var scopes = new[] {$"api://.../access_as_user}";
+var scopes = new[] {$"api://.../access_as_user"};
 var result = await app.AcquireToken(scopes)
                       .ExecuteAsync();
 

articles/active-directory/hybrid/how-to-connect-pta-user-privacy.md

@@ -68,7 +68,7 @@ To view logs related to the Pass-through Authentication Agent, open the **Event
 
 ### Delete Authentication Agent trace log files
 
-You should regularly check the contents of <strong>%ProgramData%\Microsoft\Azure AD Connect Authentication Agent\Trace\</strong> and delete the contents of this folder every 48 hours. 
+You should regularly check the contents of **%ProgramData%\Microsoft\Azure AD Connect Authentication Agent\Trace** and delete the contents of this folder every 48 hours. 
 
 >[!IMPORTANT]
 >If the Authentication Agent service is running, you'll not be able to delete the current log file in the folder. Stop the service before trying again. To avoid user sign-in failures, you should have already configured Pass-through Authentication for [high availability](how-to-connect-pta-quick-start.md#step-4-ensure-high-availability).

articles/aks/azure-disk-customer-managed-keys.md

@@ -12,7 +12,7 @@ ms.author: mlearned
 
 # Bring your own keys (BYOK) with Azure disks in Azure Kubernetes Service (AKS)
 
-Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply [customer-managed keys][customer-managed-keys] to use for encryption of both the OS and data disks for your AKS clusters.
+Azure Storage encrypts all data in a storage account at rest. By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply [customer-managed keys][customer-managed-keys] to use for encryption at rest for both the OS and data disks for your AKS clusters.
 
 > [!NOTE]
 > BYOK Linux and Windows based AKS clusters are available in [Azure regions][supported-regions] that support server side encryption of Azure managed disks.
@@ -101,7 +101,7 @@ Create a **new resource group** and AKS cluster, then use your key to encrypt th
 
 ```azurecli-interactive
 # Retrieve the DiskEncryptionSet value and set a variable
-diskEncryptionSetId=$(az resource show -n diskEncryptionSetName -g myResourceGroup --resource-type "Microsoft.Compute/diskEncryptionSets" --query [id] -o tsv)
+diskEncryptionSetId=$(az resource show -n mydiskEncryptionSetName -g myResourceGroup --resource-type "Microsoft.Compute/diskEncryptionSets" --query [id] -o tsv)
 
 # Create a resource group for the AKS cluster
 az group create -n myResourceGroup -l myAzureRegionName