Merge pull request #112778 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.redirection.json

@@ -672,6 +672,21 @@
       "redirect_url": "/azure/machine-learning/samples-notebooks",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/dotnet-sdk-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/client-libraries?pivots=programming-language-csharp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/java-sdk-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/client-libraries?pivots=programming-language-java",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/cognitive-services/Content-Moderator/python-sdk-quickstart.md",
+      "redirect_url": "/azure/cognitive-services/Content-Moderator/client-libraries?pivots=programming-language-python",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/cognitive-services/QnAMaker/Tutorials/create-publish-query-in-portal.md",
       "redirect_url": "/azure/cognitive-services/QnAMaker/Quickstarts/create-publish-knowledge-base",
@@ -17651,6 +17666,16 @@
       "redirect_url": "/azure/storage/blobs/data-lake-storage-upgrade",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/storage/common/storage-migration-to-premium-storage.md",
+      "redirect_url": "/azure/virtual-machines/windows/migrate-to-managed-disks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/storage/blobs/storage-troubleshoot-vhds.md",
+      "redirect_url": "/azure/virtual-machines/troubleshooting",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/blobs/data-lake-storage-upgrade.md",
       "redirect_url": "/azure/storage/blobs/data-lake-storage-migrate-gen1-to-gen2",
@@ -28351,6 +28376,16 @@
       "redirect_url": "/azure/storage/common/storage-java-hudson-continuous-integration-solution",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/storage/common/storage-java-hudson-continuous-integration-solution.md",
+      "redirect_url": "/azure/storage/blobs/storage-blobs-introduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/storage/common/storage-cors-support.md",
+      "redirect_url": "/azure/storage/common/storage-account-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/storage-java-jenkins-continuous-integration-solution.md",
       "redirect_url": "/azure/jenkins/storage-java-jenkins-continuous-integration-solution",
@@ -28456,6 +28491,11 @@
       "redirect_url": "/azure/storage/common/storage-powershell-guide-full",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/storage/common/storage-powershell-guide-full.md",
+      "redirect_url": "https://docs.microsoft.com/powershell/module/az.storage",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/storage/storage-premium-storage-performance.md",
       "redirect_url": "/azure/storage/common/storage-premium-storage-performance",

articles/active-directory/b2b/media/redemption-experience/invitation-redemption-flow.png

@@ -31,8 +31,8 @@ When you add a guest user to your directory, the guest user account has a consen
 When you add a guest user to your directory by [using the Azure portal](https://docs.microsoft.com/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal), an invitation email is sent to the guest in the process. You can also choose to send invitation emails when you’re [using PowerShell](https://docs.microsoft.com/azure/active-directory/b2b/b2b-quickstart-invite-powershell) to add guest users to your directory. Here’s a description of the guest’s experience when they redeem the link in the email.
 
 1. The guest receives an [invitation email](https://docs.microsoft.com/azure/active-directory/b2b/invitation-email-elements) that's sent from **Microsoft Invitations**.
-2. The guest selects **Get Started** in the email.
-3. If the guest doesn't have an Azure AD account, a Microsoft Account (MSA), or an email account in a federated organization, they're prompted to create an MSA (unless the [one-time passcode](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode) feature is enabled, which doesn’t require an MSA).
+2. The guest selects **Accept invitation** in the email.
+3. The guest will use their own credentials to sign in to your directory. If the guest does not have an account that can be federated to your directory and the [email one-time passcode (OTP)](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode) feature is not enabled; the guest is prompted to create a personal [MSA](https://support.microsoft.com/help/4026324/microsoft-account-how-to-create) or an [Azure AD self-service account](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-self-service-signup). Refer to the [invitation redemption flow](#invitation-redemption-flow) for details.
 4. The guest is guided through the [consent experience](#consent-experience-for-the-guest) described below.
 
 ## Redemption through a direct link
@@ -57,29 +57,31 @@ When a user clicks the **Accept invitation** link in an [invitation email](invit
 
 ![Screenshot showing the redemption flow diagram](media/redemption-experience/invitation-redemption-flow.png)
 
-1. The redemption process checks if the user has an existing personal [Microsoft account (MSA)](https://support.microsoft.com/help/4026324/microsoft-account-how-to-create).
+**If the user’s User principle name (UPN) matches with both an existing Azure AD and personal MSA account, the user will be prompted to choose which account they want to redeem with.*
 
-2. If an admin has enabled [direct federation](direct-federation.md), Azure AD checks if the user’s domain suffix matches the domain of a configured SAML/WS-Fed identity provider and redirects the user to the pre-configured identity provider.
+1. Azure AD performs user-based discovery to determine if the user exists in an [existing Azure AD tenant](https://docs.microsoft.com/azure/active-directory/b2b/what-is-b2b#easily-add-guest-users-in-the-azure-ad-portal).
 
-3. If an admin has enabled [Google federation](google-federation.md), Azure AD checks if the user’s domain suffix is gmail.com or googlemail.com and redirects the user to Google.
+2. If an admin has enabled [direct federation](https://docs.microsoft.com/azure/active-directory/b2b/direct-federation), Azure AD checks if the user’s domain suffix matches the domain of a configured SAML/WS-Fed identity provider and redirects the user to the pre-configured identity provider.
 
-4. Azure AD performs user-based discovery to determine if the user exists in an [existing Azure AD tenant](what-is-b2b.md#easily-add-guest-users-in-the-azure-ad-portal).
+3. If an admin has enabled [Google federation](https://docs.microsoft.com/azure/active-directory/b2b/google-federation), Azure AD checks if the user’s domain suffix is gmail.com or googlemail.com and redirects the user to Google.
+
+4. The redemption process checks if the user has an existing personal [Microsoft account (MSA)](https://support.microsoft.com/help/4026324/microsoft-account-how-to-create).
 
 5. Once the user’s **home directory** is identified, the user is sent to the corresponding identity provider to sign in.  
 
-6. If steps 1 to 4 fail to find a home directory for the invited user, Azure AD determines whether the inviting tenant has enabled the [Email one-time passcode (OTP)](one-time-passcode.md) feature for guests.
+6. If steps 1 to 4 fail to find a home directory for the invited user, then Azure AD determines whether the inviting tenant has enabled the [email one-time passcode (OTP)](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode) feature for guests.
 
-7. If [Email one-time passcode for guests is enabled](one-time-passcode.md#when-does-a-guest-user-get-a-one-time-passcode), a passcode is sent to the user through the invited email. The user will retrieve and enter this passcode in the Azure AD sign-in page.
+7. If [email one-time passcode for guests is enabled](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode), a passcode is sent to the user through the invited email. The user will retrieve and enter this passcode in the Azure AD sign-in page.
 
-8. If Email one-time passcode for guests is disabled, Azure AD checks the domain suffix against a consumer domain list maintained by Microsoft. If the domain matches any domain on the consumer domain list, the user is prompted to create a personal Microsoft account. If not, the user is prompted to create an [Azure AD self-service account](../users-groups-roles/directory-self-service-signup.md) (viral account).
+8. If email one-time passcode for guests is disabled, Azure AD checks the domain suffix to determine if it belongs to a consumer account. If so, the user is prompted to create a personal [Microsoft account](https://support.microsoft.com/help/4026324/microsoft-account-how-to-create). If not, the user is prompted to create an [Azure AD self-service account](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-self-service-signup).
 
-9. Azure AD attempts to create an Azure AD self-service account (viral account) by verifying access to the email. Verifying the account is done by sending a code to the email, and having the user retrieve and submit it to Azure AD. However, if the invited user’s tenant is federated or if the AllowEmailVerifiedUsers field is set to false in the invited user’s tenant, the user is unable to complete the redemption and the flow results in an error. For more information, refer to [Troubleshooting Azure Active Directory B2B collaboration](troubleshoot.md#the-user-that-i-invited-is-receiving-an-error-during-redemption).
+9. Azure AD attempts to create an [Azure AD self-service account](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-self-service-signup) by verifying access to the email. Verifying the account is done by sending a code to the email, and having the user retrieve and submit it to Azure AD. However, if the invited user’s tenant is federated or if the AllowEmailVerifiedUsers field is set to false in the invited user’s tenant, the user is unable to complete the redemption and the flow results in an error. For more information, see [Troubleshooting Azure Active Directory B2B collaboration](https://docs.microsoft.com/azure/active-directory/b2b/troubleshoot#the-user-that-i-invited-is-receiving-an-error-during-redemption).
 
-10. The user is prompted to create a personal Microsoft account (MSA).
+10. The user is prompted to create a personal [Microsoft account (MSA)](https://support.microsoft.com/help/4026324/microsoft-account-how-to-create).
 
-11. After authenticating to the right identity provider, the user is redirected to Azure AD to complete the [consent experience](redemption-experience.md#consent-experience-for-the-guest).  
+11. After authenticating to the right identity provider, the user is redirected to Azure AD to complete the [consent experience](https://docs.microsoft.com/azure/active-directory/b2b/redemption-experience#consent-experience-for-the-guest).  
 
-For just-in-time (JIT) redemptions, where redemption is through a tenanted application link, steps 8 through 10 are not available. If a user reaches step 6 and the Email one-time passcode feature is not enabled, the user receives an error message and is unable to redeem the invitation. To prevent this, admins should either [enable Email one-time passcode](one-time-passcode.md#when-does-a-guest-user-get-a-one-time-passcode) or ensure the user clicks an invitation link.
+For just-in-time (JIT) redemptions, where redemption is through a tenanted application link, steps 8 through 10 are not available. If a user reaches step 6 and the Email one-time passcode feature is not enabled, the user receives an error message and is unable to redeem the invitation. To prevent this error, admins should either [enable email one-time passcode](https://docs.microsoft.com/azure/active-directory/b2b/one-time-passcode#when-does-a-guest-user-get-a-one-time-passcode) or ensure the user clicks an invitation link.
 
 ## Consent experience for the guest
 

articles/active-directory/b2b/redemption-experience.md

@@ -41,6 +41,9 @@ Azure AD Conditional Access supports the following device platforms:
 - Windows
 - macOS
 
+> [!WARNING]
+> Microsoft is aware of an issue with Conditional Access policies and macOS 10.15.4 based devices. More information can be found in the the blog post, [Known Issue: Conditional access unexpectedly blocking macOS 10.15.4 native mail client/other apps](https://techcommunity.microsoft.com/t5/intune-customer-success/known-issue-conditional-access-unexpectedly-blocking-macos-10-15/ba-p/1322283).
+
 If you block legacy authentication using the **Other clients** condition, you can also set the device platform condition.
 
 ## Locations
@@ -105,7 +108,7 @@ On Windows 7, iOS, Android, and macOS Azure AD identifies the device using a cli
 
 #### Chrome support
 
-For Chrome support in **Windows 10 Creators Update (version 1703)** or later, install the [Windows 10 Accounts extension](https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji). This extension is required when a Conditional Access policy requires device specific details.
+For Chrome support in **Windows 10 Creators Update (version 1703)** or later, install the [Windows 10 Accounts extension](https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji). This extension is required when a Conditional Access policy requires device-specific details.
 
 To automatically deploy this extension to Chrome browsers, create the following registry key:
 
@@ -137,7 +140,7 @@ This setting has an impact on access attempts made from the following mobile app
 | --- | --- | --- |
 | Dynamics CRM app | Dynamics CRM | Windows 10, Windows 8.1, iOS, and Android |
 | Mail/Calendar/People app, Outlook 2016, Outlook 2013 (with modern authentication)| Office 365 Exchange Online | Windows 10 |
-| MFA and location policy for apps. Device based policies are not supported.| Any My Apps app service | Android and iOS |
+| MFA and location policy for apps. Device-based policies are not supported.| Any My Apps app service | Android and iOS |
 | Microsoft Teams Services - this controls all services that support Microsoft Teams and all its Client Apps - Windows Desktop, iOS, Android, WP, and web client | Microsoft Teams | Windows 10, Windows 8.1, Windows 7, iOS, Android, and macOS |
 | Office 2016 apps, Office 2013 (with modern authentication), [OneDrive sync client](/onedrive/enable-conditional-access) | Office 365 SharePoint Online | Windows 8.1, Windows 7 |
 | Office 2016 apps, Universal Office apps, Office 2013 (with modern authentication), [OneDrive sync client](/onedrive/enable-conditional-access) | Office 365 SharePoint Online | Windows 10 |