Merge branch 'master' of https://github.com/Microsoft/azure-docs-pr into metadataupdates

Author: SnehaGunda

.openpublishing.publish.config.json

@@ -125,6 +125,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "azure-app-service-multi-container",
+      "url": "https://github.com/Azure-Samples/multicontainerwordpress",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-durable-functions",
       "url": "https://github.com/Azure/azure-functions-durable-extension",
@@ -149,6 +155,12 @@
       "branch": "GuidedSetup",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "iot-samples-node",
+      "url": "https://github.com/Azure-Samples/azure-iot-samples-node",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-cognitive-services-speech-sdk",
       "url": "https://github.com/Azure-Samples/cognitive-services-speech-sdk",
@@ -172,7 +184,19 @@
       "url": "https://github.com/Microsoft/tsiclient",
       "branch": "tutorial",
       "branch_mapping": {}
-    }
+    },
+    {
+      "path_to_root": "media-services-v3-dotnet-core-tutorials",
+      "url": "https://github.com/Azure-Samples/media-services-v3-dotnet-core-tutorials",
+      "branch": "master",
+      "branch_mapping": {}
+    },
+    {
+      "path_to_root": "media-services-v3-rest-postman",
+      "url": "https://github.com/Azure-Samples/media-services-v3-rest-postman",
+      "branch": "master",
+      "branch_mapping": {}
+    }    
   ],
   "branch_target_mapping": {
     "live": [

.openpublishing.redirection.json

@@ -58,10 +58,10 @@
         href: https://github.com/Azure-Samples/active-directory-b2c-android-native-msal
       - name: Android using App Auth
         href: active-directory-b2c-devquickstarts-android.md
-      - name: .NET
-        href: https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop
-      - name: Xamarin
-        href: https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
+    - name: .NET
+      href: https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop
+    - name: Xamarin
+      href: https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
     - name: Resource owner password credentials
       href: configure-ropc.md
   - name: Web apps
@@ -268,7 +268,7 @@
   - name: Service updates
     href: https://azure.microsoft.com/updates/?product=active-directory-b2c
   - name: Stack Overflow 
-    href: https://stackoverflow.com/questions/tagged/azure-ad-b2c
+    href: https://stackoverflow.com/questions/tagged/azure-ad-b2c+identity-experience-framework
   - name: Support
     href: active-directory-b2c-support.md
   - name: Videos

articles/active-directory-b2c/TOC.yml

@@ -76,7 +76,7 @@ When requesting an access token, the client application needs to specify the des
 > Currently, custom domains are not supported along with access tokens. You must use your tenantName.onmicrosoft.com domain in the request URL.
 
 ```
-https://login.microsoftonline.com/<tenantName>.onmicrosoft.com/oauth2/v2.0/authorize?p=<yourPolicyId>&client_id=<appID_of_your_client_application>&nonce=anyRandomValue&redirect_uri=<redirect_uri_of_your_client_application>&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fnotes%2Fread&response_type=code 
+https://login.microsoftonline.com/<tenantName>.onmicrosoft.com/<yourPolicyId>/oauth2/v2.0/authorize?client_id=<appID_of_your_client_application>&nonce=anyRandomValue&redirect_uri=<redirect_uri_of_your_client_application>&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fnotes%2Fread&response_type=code 
 ```
 
 To acquire multiple permissions in the same request, you can add multiple entries in the single **scope** parameter, separated by spaces. For example:

articles/active-directory-b2c/active-directory-b2c-access-tokens.md

@@ -18,7 +18,7 @@ ms.author: davidmu
 Your Azure Active Directory (Azure AD) B2C directory comes with a built-in set of information (attributes): Given Name, Surname, City, Postal Code, and other attributes. However, every consumer-facing application has unique requirements on what attributes to gather from consumers. With Azure AD B2C, you can extend the set of attributes stored on each consumer account. You can create custom attributes on the [Azure portal](https://portal.azure.com/) and use it in your sign-up policies, as shown below. You can also read and write these attributes by using the [Azure AD Graph API](active-directory-b2c-devquickstarts-graph-dotnet.md).
 
 > [!NOTE]
-> Custom attributes use [Azure AD Graph API Directory Schema Extensions](https://msdn.microsoft.com/library/azure/dn720459.aspx).
+> Custom attributes use [Azure AD Graph API Directory Schema Extensions](https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).
 > 
 > 
 

articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md

@@ -32,7 +32,7 @@ To use LinkedIn as an identity provider in Azure Active Directory (Azure AD) B2C
    > **Client Secret** is an important security credential.
    > 
    > 
-6. Enter `https://login.microsoftonline.com/te/{tenant}/oauth2/authresp` in the **Authorized Redirect URLs** field (under **OAuth 2.0**). Replace **{tenant}** with your tenant's name (for example, contoso.onmicrosoft.com). Click **Add**, and then click **Update**. The **{tenant}** value is case-sensitive.
+6. Enter `https://login.microsoftonline.com/te/{tenant}/oauth2/authresp` in the **Authorized Redirect URLs** field (under **OAuth 2.0**). Replace **{tenant}** with your tenant's name (for example, contoso.onmicrosoft.com). Click **Add**, and then click **Update**. The **{tenant}** value should be lowercase.
 
     ![LinkedIn - Setup app](./media/active-directory-b2c-setup-li-app/linkedin-setup.png)
 

articles/active-directory-b2c/active-directory-b2c-setup-li-app.md

@@ -25,8 +25,10 @@ To use Twitter as an identity provider in Azure Active Directory (Azure AD) B2C,
 3. In the form, provide a value for the **Name**, **Description**, and **Website**.
 4. For the **Callback URL**, enter `https://login.microsoftonline.com/te/{tenant}/oauth2/authresp`. Make sure to replace **{tenant}** with your tenant's name (for example, contosob2c.onmicrosoft.com).
 5. Check the box to agree to the **Developer Agreement** and click **Create your Twitter application**.
-6. After the app is created, click **Keys and Access Tokens**.
-7. Copy the value of **Consumer Key** and **Consumer Secret**. You will need both of them to configure Twitter as an identity provider in your tenant.
+6. After the app is created, select it in the list, and then select the **Settings** tab.
+7. Clear the **Enable Callback Locking** box, and then click **Update settings**.
+8. Select the **Keys and Access Tokens** tab.
+9. Copy the value of **Consumer Key** and **Consumer Secret**. You will need both of them to configure Twitter as an identity provider in your tenant.
 
 ## Configure Twitter as an identity provider in your tenant
 1. Log in to the [Azure portal](https://portal.azure.com/) as the Global Administrator of the Azure AD B2C tenant. 

articles/active-directory-b2c/active-directory-b2c-setup-twitter-app.md

@@ -152,21 +152,23 @@ To allow your single page app to call the ASP.NET Core web API, you need to enab
         builder.WithOrigins("http://localhost:6420").AllowAnyHeader().AllowAnyMethod());
     ```
 
+3. Open the **launchSettings.json** file under **Properties**, locate the *applicationURL* setting, and record the value for use in the next section.
+
 ### Configure the single page app
 
 The single page app uses Azure AD B2C for user sign-up, sign-in, and calls the protected ASP.NET Core web API. You need to update the single page app call the .NET Core web api.
 To change the app settings:
 
 1. Open the `index.html` file in the Node.js single page app sample.
-2. Configure the sample with the Azure AD B2C tenant registration information. Change the **b2cScopes** and **webApi** values in following lines of code:
+2. Configure the sample with the Azure AD B2C tenant registration information. In the following code, add your tenant name to **b2cScopes** and change the **webApi** value to the *applicationURL* value that you previously recorded:
 
     ```javascript
     // The current application coordinates were pre-registered in a B2C tenant.
     var applicationConfig = {
         clientID: '<Application ID for your SPA obtained from portal app registration>',
         authority: "https://login.microsoftonline.com/tfp/<your-tenant-name>.onmicrosoft.com/B2C_1_SiUpIn",
         b2cScopes: ["https://<Your tenant name>.onmicrosoft.com/HelloCoreAPI/demo.read"],
-        webApi: 'http://localhost:58553/api/values',
+        webApi: 'http://localhost:64791/api/values',
     };
     ```
 

articles/active-directory-b2c/active-directory-b2c-tutorials-spa-webapi.md

@@ -13,7 +13,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 03/08/2018
+ms.date: 05/23/2018
 ms.author: maheshu
 
 ---
@@ -79,6 +79,9 @@ Yes. Members of the 'AAD DC Administrators' group are granted 'DNS Administrator
 ### What is the password lifetime policy on a managed domain?
 The default password lifetime on an Azure AD Domain Services managed domain is 90 days. This password lifetime is not synchronized with the password lifetime configured in Azure AD. Therefore, you may have a situation where users' passwords expire in your managed domain, but are still valid in Azure AD. In such scenarios, users need to change their password in Azure AD and the new password will synchronize to your managed domain. Additionally, the 'password-does-not-expire' and 'user-must-change-password-at-next-logon' attributes for user accounts are not synchronized to your managed domain.
 
+### Does Azure AD Domain Services provide AD account lockout protection?
+Yes. 4 invalid password attempts within 2 minutes on the managed domain cause a user account to be locked out for 30 minutes. After 30 minutes, the user account is automatically unlocked. Invalid password attempts on the managed domain do not lock out the user account in Azure AD. The user account is locked out only within your Azure AD Domain Services managed domain.
+
 ## Billing and availability
 ### Is Azure AD Domain Services a paid service?
 Yes. For more information, see the [pricing page](https://azure.microsoft.com/pricing/details/active-directory-ds/).

articles/active-directory-domain-services/active-directory-ds-faqs.md

@@ -13,7 +13,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 03/06/2017
+ms.date: 05/23/2018
 ms.author: maheshu
 
 ---
@@ -35,4 +35,5 @@ The following features are available in Azure AD Domain Services managed domains
 * **Create custom Organizational Units (OUs):** Members of the 'AAD DC Administrators' group can create custom OUs in the managed domain. These users are granted full administrative privileges over custom OUs, so they can add/remove service accounts, computers, groups etc. within these custom OUs.
 * **Available in multiple Azure regions:** See the [Azure services by region](https://azure.microsoft.com/regions/#services/) page to know the Azure regions in which Azure AD Domain Services is available.
 * **High availability:** Azure AD Domain Services offers high availability for your domain. This feature offers the guarantee of higher service uptime and resilience to failures. Built-in health monitoring offers automated remediation from failures by spinning up new instances to replace failed instances and to provide continued service for your domain.
+* **AD Account lockout protection:** Users accounts are locked out for 30 minutes if 4 invalid password attempts are encountered within 2 minutes. Accounts are automatically unlocked after 30 minutes.
 * **Use familiar management tools:** You can use familiar Windows Server Active Directory management tools such as the Active Directory Administrative Center or Active Directory PowerShell to administer managed domains.

articles/active-directory-domain-services/active-directory-ds-features.md

@@ -13,7 +13,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 09/26/2017
+ms.date: 05/23/2018
 ms.author: maheshu
 
 ---
@@ -37,16 +37,19 @@ The wizard automatically creates the administrative group in your Azure AD direc
 
 3. When you are done, click **OK** to move on to the **Summary** page of the wizard.
 
-4. On the **Summary** page of the wizard, review the configuration settings for the managed domain. You can go back to any step of the wizard to make changes, if necessary. When you are done, click **OK** to create the new managed domain.
+
+## Deploy your managed domain
+
+1. On the **Summary** page of the wizard, review the configuration settings for the managed domain. You can go back to any step of the wizard to make changes, if necessary. When you are done, click **OK** to create the new managed domain.
 
     ![Summary](./media/getting-started/domain-services-blade-summary.png)
 
-5. You see a notification that shows the progress of your Azure AD Domain Services deployment. Click the notification to see detailed progress for the deployment.
+2. You see a notification that shows the progress of your Azure AD Domain Services deployment. Click the notification to see detailed progress for the deployment.
 
     ![Notification - deployment in progress](./media/getting-started/domain-services-blade-deployment-in-progress.png)
 
 
-## Provision your managed domain
+## Check the deployment status of your managed domain
 The process of provisioning your managed domain can take up to an hour.
 
 1. While your deployment is in progress, you can search for 'domain services' in the **Search resources** search box. Select **Azure AD Domain Services** from the search result. The **Azure AD Domain Services** blade lists the managed domain that is being provisioned.

articles/active-directory-domain-services/active-directory-ds-getting-started-admingroup.md

@@ -13,30 +13,22 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: get-started-article
-ms.date: 09/26/2017
+ms.date: 05/23/2018
 ms.author: maheshu
 
 ---
 # Enable Azure Active Directory Domain Services
 
 ## Task 4: update DNS settings for the Azure virtual network
-In the preceding configuration tasks, you have successfully enabled Azure Active Directory Domain Services for your directory. The next task is to ensure that computers within the virtual network can connect and consume these services. In this article, you update the DNS server settings for your virtual network to point to the two IP addresses where Azure Active Directory Domain Services is available on the virtual network.
+In the preceding configuration tasks, you have successfully enabled Azure Active Directory Domain Services for your directory. Next, enable computers within the virtual network to connect and consume these services. In this article, you update the DNS server settings for your virtual network to point to the two IP addresses where Azure Active Directory Domain Services is available on the virtual network.
 
-To update the DNS server setting for the virtual network in which you have enabled Azure Active Directory Domain Services, complete the following steps:
+To update the DNS server settings for the virtual network in which you have enabled Azure Active Directory Domain Services, complete the following steps:
 
 1. The **Overview** tab lists a set of **Required configuration steps** to be performed after your managed domain is fully provisioned. The first configuration step is **Update DNS server settings for your virtual network**.
 
-    ![Domain Services - Overview tab after fully provisioned](./media/getting-started/domain-services-provisioned-overview.png)
+    ![Domain Services - Overview tab](./media/getting-started/domain-services-provisioned-overview.png)
 
-2. When your domain is fully provisioned, two IP addresses are displayed in this tile. Each of these IP addresses represents a domain controller for your managed domain.
-
-3. To copy the first IP address to clipboard, click the copy button next to it. Then click the **Configure DNS servers** button.
-
-4. Paste the first IP address into the **Add DNS server** textbox in the **DNS servers** blade. Scroll horizontally to the left to copy the second IP address and paste it into the **Add DNS server** textbox.
-
-    ![Domain Services - update DNS](./media/getting-started/domain-services-update-dns.png)
-
-5. Click **Save** when you are done to update the DNS servers for the virtual network.
+2. Click the **Configure** button to update the DNS server settings for the virtual network.
 
 > [!NOTE]
 > Virtual machines in the network only get the new DNS settings after a restart. If you need them to get the updated DNS settings right away, trigger a restart either by the portal, PowerShell, or the CLI.

articles/active-directory-domain-services/active-directory-ds-getting-started-dns.md

@@ -13,7 +13,7 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 02/05/2018
+ms.date: 05/23/2018
 ms.author: maheshu
 
 ---
@@ -29,7 +29,7 @@ The next configuration task is to create an Azure virtual network and a dedicate
 
 1. Click **Virtual network** to select a virtual network.
     > [!NOTE]
-    > **Classic virtual networks are not supported for new deployments.** Classic virtual networks are not supported for new deployments. Existing managed domains deployed in classic virtual networks continue to be supported. We will provide the ability to migrate an existing managed domain from a classic virtual network to a Resource Manager virtual network in the near future.
+    > **Classic virtual networks are not supported for new deployments.** Classic virtual networks are not supported for new deployments. Existing managed domains deployed in classic virtual networks continue to be supported. Microsoft will enable you to migrate an existing managed domain from a classic virtual network to a Resource Manager virtual network in the near future.
     >
 
 2. On the **Choose virtual network** page, you see all existing virtual networks. You see only the virtual networks that belong to the resource group and Azure location you have selected on the **Basics** wizard page.
@@ -39,7 +39,7 @@ The next configuration task is to create an Azure virtual network and a dedicate
   > **You cannot move your managed domain to a different virtual network after you enable Azure AD Domain Services.** Pick the right virtual network to enable your managed domain. After you create a managed domain, you cannot move it to a different virtual network, without deleting the managed domain. We recommend reviewing the [networking considerations for Azure Active Directory Domain Services](active-directory-ds-networking.md) before you proceed.  
   >
 
-4. **Create virtual network:** Click **Create new** to create a new virtual network. We highly recommend using a dedicated subnet for Azure AD Domain Services. For example, create a subnet with the name 'DomainServices', making it easy for other administrators to understand what is deployed within the subnet. Click **OK** when you're done.
+4. **Create virtual network:** Click **Create new** to create a new virtual network. Use a dedicated subnet for Azure AD Domain Services. For example, create a subnet with the name 'DomainServices', making it easy for other administrators to understand what is deployed within the subnet. Click **OK** when you're done.
 
     ![Pick virtual network](./media/getting-started/domain-services-blade-network-pick-vnet.png)
 
@@ -54,7 +54,7 @@ The next configuration task is to create an Azure virtual network and a dedicate
   > **Guidelines for selecting a subnet**
   > 1. Use a dedicated subnet for Azure AD Domain Services. Do not deploy any other virtual machines to this subnet. This configuration enables you to configure network security groups (NSGs) for your workloads/virtual machines without disrupting your managed domain. For details, see [networking considerations for Azure Active Directory Domain Services](active-directory-ds-networking.md).
   2. Do not select the Gateway subnet for deploying Azure AD Domain Services, because it is not a supported configuration.
-  3. Ensure that the subnet you've selected has sufficient available address space - at least 3-5 available IP addresses and exists in the private IP address space.
+  3. The subnet you've selected must have at least 3-5 available IP addresses in its address space.
   >
 
 6. When you are done, click **OK** to proceed to the **Administrator group** page of the wizard.