etherscan-io
diff --git a/‎.openpublishing.redirection.json
Lines changed: 25 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 25 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 6 additions & 4 deletions b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 6 additions & 4 deletions
diff --git a/‎articles/active-directory-b2c/b2clogin.md
Lines changed: 54 additions & 46 deletions b/‎articles/active-directory-b2c/b2clogin.md
Lines changed: 54 additions & 46 deletions
diff --git a/‎articles/active-directory-b2c/multiple-token-endpoints.md
Lines changed: 9 additions & 7 deletions b/‎articles/active-directory-b2c/multiple-token-endpoints.md
Lines changed: 9 additions & 7 deletions
diff --git a/‎articles/active-directory/authentication/concept-authentication-methods.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/concept-authentication-methods.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/concept-baseline-protection.md
Lines changed: 5 additions & 5 deletions b/‎articles/active-directory/conditional-access/concept-baseline-protection.md
Lines changed: 5 additions & 5 deletions
@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/machine-learning/data-science-virtual-machine/provision-deep-learning-dsvm.md",
+      "redirect_url": "/azure/machine-learning/data-science-virtual-machine/dsvm-ubuntu-intro",
+      "redirect_document_id": false
+    },
     {
         "source_path": "articles/azure-government/documentation-government-get-started-connect-with-vs.md",
         "redirect_url": "/azure/azure-government/documentation-government-welcome",
@@ -25874,6 +25879,26 @@
       "redirect_url": "/azure/security-center/security-center-alerts-service-layer#azure-management-layer-azure-resource-manager-preview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/security-center/security-center-enable-encryption-for-storage-account.md",
+      "redirect_url": "/azure/storage/common/storage-service-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-enable-vm-agent.md",
+      "redirect_url": "/azure/security-center/security-center-enable-data-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-remediate-os-vulnerabilities.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/security-center/security-center-update-os-version.md",
+      "redirect_url": "/azure/security-center/security-center-virtual-machine-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-network/virtual-network-deploy-multinic-arm-cli.md",
       "redirect_url": "/azure/virtual-machines/linux/multiple-nics",
 
@@ -62,9 +62,6 @@
         href: active-directory-b2c-reference-tokens.md
       - name: Request access token
         href: active-directory-b2c-access-tokens.md
-      - name: Support multiple token issuers
-        href: multiple-token-endpoints.md
-        displayName: migrate, b2clogin, owin, jwt
   - name: User flow and policy
     items:
     - name: User flows
@@ -307,7 +304,12 @@
       - name: RelyingParty
         href: relyingparty.md
   - name: Use b2clogin.com
-    href: b2clogin.md
+    items:
+    - name: b2clogin.com overview
+      href: b2clogin.md
+    - name: Migrate web API to b2clogin.com
+      href: multiple-token-endpoints.md
+      displayName: migrate, b2clogin, owin, jwt
   - name: Automation
     items:
     - name: Export usage report
 
@@ -1,85 +1,87 @@
 ---
-title: Set redirect URLs to b2clogin.com - Azure Active Directory B2C | Microsoft Docs
-description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C. 
+title: Set redirect URLs to b2clogin.com - Azure Active Directory B2C
+description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/28/2019
+ms.date: 08/17/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
 
 # Set redirect URLs to b2clogin.com for Azure Active Directory B2C
 
-When you set up an identity provider for sign-up and sign-in in your Azure Active Directory (Azure AD) B2C application, you need to specify a redirect URL. In the past, login.microsoftonline.com was used, now you should be using b2clogin.com.
+When you set up an identity provider for sign-up and sign-in in your Azure Active Directory B2C (Azure AD B2C) application, you need to specify a redirect URL. You should no longer reference *login.microsoftonline.com* in your applications and APIs. Instead, use *b2clogin.com* for all new applications, and migrate existing applications from *login.microsoftonline.com* to *b2clogin.com*.
 
-> [!NOTE]
-> You can use JavaScript client-side code (currently in preview) in b2clogin.com. Your JavaScript code will be removed from your custom page if you use login.microsoftonline.com. Additional security restrictions are also applied to login.microsoftonline.com, such as removing HTML form elements from your custom page. 
+## Benefits of b2clogin.com
 
-Using b2clogin.com gives you additional benefits, such as:
+When you use *b2clogin.com* as your redirect URL:
 
-- Space consumed in the cookie header by Microsoft services is reduced.
-- Your URLs no longer include a reference to Microsoft. For example, `https://your-tenant-name.b2clogin.com/tenant-id/oauth2/authresp`.
+* Space consumed in the cookie header by Microsoft services is reduced.
+* Your redirect URLs no longer need to include a reference to Microsoft.
+* JavaScript client-side code is supported (currently in [preview](user-flow-javascript-overview.md)) in customized pages. Due to security restrictions, JavaScript code and HTML form elements are removed from custom pages if you use *login.microsoftonline.com*.
 
-> [!NOTE]
-> You can use both the tenant name and the tenant GUID as follows:
-> * `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com` (which still refers to `onmicrosoft.com`)
-> * `https://your-tenant-name.b2clogin.com/your-tenant-guid` (in which case there is no reference to Microsoft at all)
->
-> However, you cannot use a _custom domain_ for your Azure Active Directory B2C tenant, e.g. `https://your-tenant-name.b2clogin.com/your-custom-domain-name` would _not_ work.
+## Overview of required changes
 
-Consider these settings that might need to change when using b2clogin.com:
+There are several modifications you might need to make to migrate your applications to *b2clogin.com*:
 
-- Set the redirect URLs in your identity provider applications to use b2clogin.com. 
-- Set your Azure AD B2C application to use b2clogin.com for user flow references and token endpoints. 
-- If you are using MSAL, you need to set the **ValidateAuthority** property to `false`.
-- Make sure that you change any **Allowed Origins** that you have defined in the CORS settings for [user-interface customization](active-directory-b2c-ui-customization-custom-dynamic.md).  
+* Change the redirect URL in your identity provider's applications to reference *b2clogin.com*.
+* Update your Azure AD B2C applications to use *b2clogin.com* in their user flow and token endpoint references.
+* Update any **Allowed Origins** that you've defined in the CORS settings for [user interface customization](active-directory-b2c-ui-customization-custom-dynamic.md).
 
-## Change redirect URLs
+## Change identity provider redirect URLs
 
-To use b2clogin.com, in the settings for your identity provider application, look for and change the list of trusted URLs to redirect back to Azure AD B2C.  Currently, you probably have it set up to redirect back to some login.microsoftonline.com site. 
+On each identity provider's website in which you've created an application, change all trusted URLs to redirect to `your-tenant-name.b2clogin.com` instead of *login.microsoftonline.com*.
 
-You'll need to change the redirect URL so that `your-tenant-name.b2clogin.com` is authorized. Make sure to replace `your-tenant-name` with the name of your Azure AD B2C tenant and remove `/te` if it exists in the URL. There are slight variations to this URL for each identity provider so check the corresponding page to get the exact URL.
+There are two formats you can use for your b2clogin.com redirect URLs. The first provides the benefit of not having "Microsoft" appear anywhere in the URL by using the Tenant ID (a GUID) in place of your tenant domain name:
 
-You can find set-up information for identity providers in the following articles:
+```
+https://{your-tenant-name}.b2clogin.com/{your-tenant-id}/oauth2/authresp
+```
+
+The second option uses your tenant domain name in the form of `your-tenant-name.onmicrosoft.com`. For example:
+
+```
+https://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com/oauth2/authresp
+```
 
-- [Microsoft account](active-directory-b2c-setup-msa-app.md)
-- [Facebook](active-directory-b2c-setup-fb-app.md)
-- [Google](active-directory-b2c-setup-goog-app.md)
-- [Amazon](active-directory-b2c-setup-amzn-app.md)
-- [LinkedIn](active-directory-b2c-setup-li-app.md)
-- [Twitter](active-directory-b2c-setup-twitter-app.md)
-- [GitHub](active-directory-b2c-setup-github-app.md)
-- [Weibo](active-directory-b2c-setup-weibo-app.md)
-- [QQ](active-directory-b2c-setup-qq-app.md)
-- [WeChat](active-directory-b2c-setup-wechat-app.md)
-- [Azure AD](active-directory-b2c-setup-oidc-azure-active-directory.md)
-- [Custom OIDC](active-directory-b2c-setup-oidc-idp.md)
+For both formats:
 
-## Update your application
+* Replace `{your-tenant-name}` with the name of your Azure AD B2C tenant.
+* Remove `/te` if it exists in the URL.
 
-Your Azure AD B2C application probably refers to `login.microsoftonline.com` in several places, such as your user flow references and token endpoints.  Make sure that your authorization endpoint, token endpoint, and issuer have been updated to use `your-tenant-name.b2clogin.com`.  
+## Update your applications and APIs
 
-## Set the ValidateAuthority property
+The code in your Azure AD B2C-enabled applications and APIs may refer to `login.microsoftonline.com` in several places. For example, your code might have references to user flows and token endpoints. Update the following to instead reference `your-tenant-name.b2clogin.com`:
 
-If you're using MSAL, set the **ValidateAuthority** property to `false`. When **ValidateAuthority** is set to `false`, redirects are allowed to b2clogin.com. 
+* Authorization endpoint
+* Token endpoint
+* Token issuer
 
-The following example shows how you might set the property:
+For example, the authority endpoint for Contoso's sign-up/sign-in policy would now be:
 
-In [MSAL for .Net](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet):
+```
+https://contosob2c.b2clogin.com/00000000-0000-0000-0000-000000000000/B2C_1_signupsignin1
+```
+
+## Microsoft Authentication Library (MSAL)
+
+### ValidateAuthority property
+
+If you're using [MSAL.NET][msal-dotnet] v2 or earlier, set the **ValidateAuthority** property to `false` on client instantiation to allow redirects to *b2clogin.com*. This setting is not required for MSAL.NET v3 and above.
 
 ```CSharp
- ConfidentialClientApplication client = new ConfidentialClientApplication(...); // can also be PublicClientApplication
- client.ValidateAuthority = false;
+ConfidentialClientApplication client = new ConfidentialClientApplication(...); // Can also be PublicClientApplication
+client.ValidateAuthority = false; // MSAL.NET v2 and earlier **ONLY**
 ```
 
-And in [MSAL for Javascript](https://github.com/AzureAD/microsoft-authentication-library-for-js):
+If you're using [MSAL for JavaScript][msal-js]:
 
-```Javascript
+```JavaScript
 this.clientApplication = new UserAgentApplication(
   env.auth.clientId,
   env.auth.loginAuthority,
@@ -89,3 +91,9 @@ this.clientApplication = new UserAgentApplication(
   }
 );
 ```
+
+<!-- LINKS - External -->
+[msal-dotnet]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
+[msal-dotnet-b2c]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics
+[msal-js]: https://github.com/AzureAD/microsoft-authentication-library-for-js
+[msal-js-b2c]: ../active-directory/develop/msal-b2c-overview.md
@@ -1,6 +1,6 @@
 ---
-title: Support multiple token issuers in an OWIN-based web application - Azure Active Directory B2C
-description: Learn how to enable a .NET web application to support tokens issued by multiple domains.
+title: Migrate OWIN-based web APIs to b2clogin.com - Azure Active Directory B2C
+description: Learn how to enable a .NET web API to support tokens issued by multiple token issuers while you migrate your applications to b2clogin.com.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
@@ -13,14 +13,16 @@ ms.author: marsma
 ms.subservice: B2C
 ---
 
-# Support multiple token issuers in an OWIN-based web application
+# Migrate an OWIN-based web API to b2clogin.com
 
-This article describes a technique for enabling support for multiple token issuers in web apps and APIs that implement the [Open Web Interface for .NET (OWIN)](http://owin.org/). Supporting multiple token endpoints is useful when you're migrating Azure Active Directory (Azure AD) B2C applications from *login.microsoftonline.com* to *b2clogin.com*.
+This article describes a technique for enabling support for multiple token issuers in web APIs that implement the [Open Web Interface for .NET (OWIN)](http://owin.org/). Supporting multiple token endpoints is useful when you're migrating Azure Active Directory B2C (Azure AD B2C) APIs and their applications from *login.microsoftonline.com* to *b2clogin.com*.
 
-The following sections present an example of how to enable multiple issuers in a web application and corresponding web API that use the [Microsoft OWIN][katana] middleware components (Katana). Although the code examples are specific to the Microsoft OWIN middleware, the general technique should be applicable to other OWIN libraries.
+By adding support in your API for accepting tokens issued by both b2clogin.com and login.microsoftonline.com, you can migrate your web applications in a staged manner before removing support for login.microsoftonline.com-issued tokens from the API.
+
+The following sections present an example of how to enable multiple issuers in a web API that uses the [Microsoft OWIN][katana] middleware components (Katana). Although the code examples are specific to the Microsoft OWIN middleware, the general technique should be applicable to other OWIN libraries.
 
 > [!NOTE]
-> This article is intended for Azure AD B2C customers with currently deployed applications that reference `login.microsoftonline.com` and who want to migrate to the recommended `b2clogin.com` endpoint. If you're setting up a new application, use [b2clogin.com](b2clogin.md) as directed.
+> This article is intended for Azure AD B2C customers with currently deployed APIs and applications that reference `login.microsoftonline.com` and who want to migrate to the recommended `b2clogin.com` endpoint. If you're setting up a new application, use [b2clogin.com](b2clogin.md) as directed.
 
 ## Prerequisites
 
@@ -30,7 +32,7 @@ You need the following Azure AD B2C resources in place before continuing with th
 
 ## Get token issuer endpoints
 
-You first need to get the token issuer endpoint URIs for each issuer you want to support in your application. To get the *b2clogin.com* and *login.microsoftonline.com* endpoints supported by your Azure AD B2C tenant, use the following procedure in the Azure portal.
+You first need to get the token issuer endpoint URIs for each issuer you want to support in your API. To get the *b2clogin.com* and *login.microsoftonline.com* endpoints supported by your Azure AD B2C tenant, use the following procedure in the Azure portal.
 
 Start by selecting one of your existing user flows:
 
 
@@ -153,7 +153,7 @@ Users may have a combination of up to five OATH hardware tokens or authenticator
 
 ## OATH hardware tokens (public preview)
 
-OATH is an open standard that specifies how one-time password (OTP) codes are generated. Azure AD will support the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety. Customers can procure these tokens from the vendor of their choice. Secret keys are limited to 128 characters, which may not be compatible with all tokens.
+OATH is an open standard that specifies how one-time password (OTP) codes are generated. Azure AD will support the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety. Customers can procure these tokens from the vendor of their choice. Secret keys are limited to 128 characters, which may not be compatible with all tokens. The secret keys need to be encoded in Base32.
 
 ![Uploading OATH tokens to the MFA Server OATH tokens blade](media/concept-authentication-methods/oath-tokens-azure-ad.png)
 
 
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # What are baseline policies?
 
-Baseline policies are a set of predefined  policies that help protect organizations against many common attacks. These common attacks can include password spray, replay, and phishing. Baseline policies are available in all editions of Azure AD. Microsoft is making these baseline protection policies available to everyone because identity-based attacks have been on the rise over the last few years. The goal of these four policies is to ensure that all organizations have a baseline level of security enabled at no extra cost.  
+Baseline policies are a set of predefined  policies that help protect organizations against many common attacks. These common attacks can include password spray, replay, and phishing. Baseline policies are available in all editions of Azure AD. Microsoft is making these baseline protection policies available to everyone because identity-based attacks have been on the rise over the last few years. The goal of these four policies is to ensure that all organizations have a baseline level of security enabled at no extra cost.  
 
 Managing customized Conditional Access policies requires an Azure AD Premium license.
 
@@ -38,7 +38,7 @@ All four of these policies will impact legacy authentication flows like POP, IMA
 
 Due to the power and access that administrator accounts have, you should treat them with special care. One common method to improve the protection of privileged accounts is to require a stronger form of account verification when they are used to sign in. In Azure Active Directory, you can get a stronger account verification by requiring administrators to register for and use Azure Multi-Factor Authentication.
 
-[Require MFA for admins (preview)](howto-baseline-protect-administrators.md) is a baseline policy that requires multi-factor authentication (MFA) for the following directory roles, considered to be the most privileged Azure AD roles:
+[Require MFA for admins (preview)](howto-baseline-protect-administrators.md) is a baseline policy that requires multi-factor authentication (MFA) for the following directory roles, considered to be the most privileged Azure AD roles:
 
 * Global administrator
 * SharePoint administrator
@@ -49,7 +49,7 @@ Due to the power and access that administrator accounts have, you should treat t
 * Billing administrator
 * User administrator
 
-If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md).
+If your organization has these accounts in use in scripts or code, consider replacing them with [managed identities](../managed-identities-azure-resources/overview.md).
 
 ### End user protection (preview)
 
@@ -84,11 +84,11 @@ To protect privileged actions, this **Require MFA for service management (previe
 
 To enable a baseline policy:
 
-1. Sign in to the **Azure portal** as global administrator, security administrator, or Conditional Access administrator.
+1. Sign in to the **Azure portal** as global administrator, security administrator, or Conditional Access administrator.
 1. Browse to **Azure Active Directory** > **Conditional Access**.
 1. In the list of policies, select a baseline policy you’d like to enable.
 1. Set **Enable policy** to **On**.
-1. Click Save.
+1. Click Save.
 
 ## Next steps