resolved merge conflict

Author: miriambrus

.openpublishing.publish.config.json

@@ -164,7 +164,7 @@
     {
       "path_to_root": "samples-cognitive-services-speech-sdk",
       "url": "https://github.com/Azure-Samples/cognitive-services-speech-sdk",
-      "branch": "docs",
+      "branch": "docs-201807",
       "branch_mapping": {}
     },
     {

.openpublishing.redirection.json

@@ -10,7 +10,11 @@
                 "path": [
                     "C:\\Users\\miriamb\\AppData\\Local\\Arduino15\\packages\\AZ3166\\hardware\\stm32f4\\1.1.0\\cores\\arduino"
                 ]
-            }
+            },
+            "intelliSenseMode": "msvc-x64",
+            "cStandard": "c11",
+            "cppStandard": "c++17"
         }
-    ]
+    ],
+    "version": 4
 }

.vscode/c_cpp_properties.json

@@ -8,7 +8,7 @@ manager: mtillman
 ms.service: active-directory
 ms.workload: identity
 ms.topic: quickstart
-ms.date: 2/13/2018
+ms.date: 7/13/2018
 ms.author: davidmu
 ms.component: B2C
 ---
@@ -25,7 +25,7 @@ In this quickstart, you use an Azure AD B2C enabled sample single-page app to si
 
 * [Visual Studio 2017](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
 * Install [Node.js](https://nodejs.org/en/download/)
-* A social account from either Facebook, Google, Microsoft, or Twitter.
+* A Facebook account.
 
 ## Download the sample
 
@@ -59,21 +59,17 @@ Browse to the app's URL `http://localhost:6420` in a web browser.
 
 Click the **Login** button to start the Azure AD B2C **Sign Up or Sign In** workflow based on an Azure AD B2C policy. 
 
-The sample supports several sign-up options including using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, Microsoft, or Twitter. 
+The sample is intended to support several sign-up options including creating a local account using an email address. For this quickstart, use a Facebook account. 
 
 ### Sign up using a social identity provider
 
 Azure AD B2C presents a custom login page for a fictitious brand called Wingtip Toys for the sample web app. 
 
-1. To sign up using a social identity provider, click the button of the identity provider you want to use.
-
-    ![Sign In or Sign Up provider](media/active-directory-b2c-quickstarts-spa/sign-in-or-sign-up-spa.png)
+1. To sign up using a social identity provider, click the button of the Facebook identity provider.
 
     You authenticate (sign-in) using your social account credentials and authorize the application to read information from your social account. By granting access, the application can retrieve profile information from the social account such as your name and city. 
 
-2. Finish the sign-in process for the identity provider. For example, if you chose Twitter, enter your Twitter credentials and click **Sign in**.
-
-    ![Authenticate and authorize using a social account](media/active-directory-b2c-quickstarts-spa/twitter-authenticate-authorize-spa.png)
+2. Finish the sign-in process for the identity provider by entering your credentials.
 
     Your new account profile details are pre-populated with information from your social account. 
 

articles/active-directory-b2c/active-directory-b2c-apps.md

@@ -19,14 +19,14 @@ and other identity management tasks to your mobile and desktop apps. This articl
 
 <!-- TODO: Need link to libraries -->
 
-The OAuth 2.0 authorization code flow is described in [section 4.1 of the OAuth 2.0 specification](http://tools.ietf.org/html/rfc6749). You can use it for authentication and authorization in most app types, including [web apps](active-directory-b2c-apps.md#web-apps) and [natively installed apps](active-directory-b2c-apps.md#mobile-and-native-apps). You can use the OAuth 2.0 authorization code flow to securely acquire *access tokens* for your apps, which can be used to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md#the-basics).
+The OAuth 2.0 authorization code flow is described in [section 4.1 of the OAuth 2.0 specification](http://tools.ietf.org/html/rfc6749). You can use it for authentication and authorization in most [application types](active-directory-b2c-apps.md), including web applications and natively installed applications. You can use the OAuth 2.0 authorization code flow to securely acquire access tokens for your applicationss, which can be used to access resources that are secured by an [authorization server](active-directory-b2c-reference-protocols.md).
 
-This article focuses on the **public clients** OAuth 2.0 authorization code flow. A public client is any client application that cannot be trusted to securely maintain the integrity of a secret password. This includes mobile apps, desktop apps, and essentially any application that runs on a device and needs to get access tokens. 
+This article focuses on the **public clients** OAuth 2.0 authorization code flow. A public client is any client application that cannot be trusted to securely maintain the integrity of a secret password. This includes mobile apps, desktop applications, and essentially any application that runs on a device and needs to get access tokens. 
 
 > [!NOTE]
 > To add identity management to a web app by using Azure AD B2C, use [OpenID Connect](active-directory-b2c-reference-oidc.md) instead of OAuth 2.0.
 
-Azure AD B2C extends the standard OAuth 2.0 flows to do more than simple authentication and authorization. It introduces the [policy parameter](active-directory-b2c-reference-policies.md). With built-in policies, you can use OAuth 2.0 to add user experiences to your app, such as sign-up, sign-in, and profile management. In this article, we show you how to use OAuth 2.0 and policies to implement each of these experiences in your native applications. We also show you how to get access tokens for accessing web APIs.
+Azure AD B2C extends the standard OAuth 2.0 flows to do more than simple authentication and authorization. It introduces the [policy parameter](active-directory-b2c-reference-policies.md). With built-in policies, you can use OAuth 2.0 to add user experiences to your application, such as sign-up, sign-in, and profile management. In this article, we show you how to use OAuth 2.0 and policies to implement each of these experiences in your native applications. We also show you how to get access tokens for accessing web APIs.
 
 In the example HTTP requests in this article, we use our sample Azure AD B2C directory, **fabrikamb2c.onmicrosoft.com**. We also use our sample application and policies. You can try the requests yourself by using these values, or you can replace them with your own values.
 Learn how to [get your own Azure AD B2C directory, application, and policies](#use-your-own-azure-ad-b2c-directory).
@@ -186,7 +186,7 @@ POST fabrikamb2c.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_sign_in HTTP/1.1
 Host: https://login.microsoftonline.com
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
+grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&client_secret=JqQX2PNo9bpM0uEihUPzyrh&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob
 ```
 
 | Parameter | Required? | Description |

articles/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom.md

@@ -74,7 +74,7 @@ Here are the instructions you need to provide users, so they can change their pa
 A few minutes after you have changed your password, the new password is usable in Azure Active Directory Domain Services. After about 20 minutes, you can sign in to computers joined to the managed domain using the newly changed password.
 
 ## Related Content
-* [How to update your own password](../active-directory/active-directory-passwords-update-your-own-password.md)
+* [How to update your own password](../active-directory/user-help/active-directory-passwords-update-your-own-password.md)
 * [Getting started with Password Management in Azure AD](../active-directory/authentication/quickstart-sspr.md)
 * [Enable password hash synchronization to Azure Active Directory Domain Services for a synced Azure AD tenant](active-directory-ds-getting-started-password-sync-synced-tenant.md)
 * [Administer an Azure Active Directory Domain Services-managed domain](active-directory-ds-admin-guide-administer-domain.md)

articles/active-directory-b2c/active-directory-b2c-quickstarts-spa.md

@@ -14,56 +14,92 @@ ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: article
-ms.date: 07/09/2018
+ms.date: 07/18/2018
 ms.author: ergreenl
 
 ---
 # Suspended domains
-When Azure AD Domain Services is unable to service a managed domain for a long period of time, the managed domain is put into a suspended state. This article will explain why managed domains are suspended, the length of suspension, and how to remediate a suspended domain.
+When Azure AD Domain Services is unable to service a managed domain for a long period of time, the managed domain is put into a suspended state. This article explains why managed domains are suspended, and how to remediate a suspended domain.
 
 
-## Overview of suspended domains
+## States your managed domain can be in
 
 ![Suspended domain timeline](media\active-directory-domain-services-suspension\suspension-timeline.PNG)
 
-The preceding graphic outlines how a domain is suspended, how long it will be suspended, and ultimately, the deletion of a managed domain. The following sections detail the reasons why a domain can be suspended and how to unsuspend a managed domain.
+The preceding graphic outlines the possible states an Azure AD Domain Services managed domain can be in.
 
+### 'Running' state
+A managed domain that is configured correctly and operating regularly is in the **Running** state.
 
-## Why are managed domains suspended?
+**What you can expect:**
+* Microsoft can regularly monitor the health of your managed domain.
+* Domain controllers for your managed domain are patched and updated regularly.
+* Changes from Azure Active Directory are regularly synchronized to your managed domain.
+* Regular backups are taken for your managed domain.
 
-Managed domains are suspended when they are in a state where Azure AD Domain Services is unable to manage the domain. This can be caused by a misconfiguration that blocks access to resources needed by Azure AD Domain Services, or an inactive Azure subscription. After 15 days of being unable to service a managed domain, Azure AD Domain Services will suspend the domain.
 
-The exact reasons why your domain could be suspended are listed below:
-* Having one or more of the following alerts present on your domain for 15 consecutive days:
-   * [AADDS104: Network Error](active-directory-ds-troubleshoot-nsg.md).
-* Your Azure subscription is expired or inactive
+### 'Needs Attention' state
+A managed domain is in the **Needs Attention** state, if one or more issues require an administrator to take action. The health page of your managed domain will list one or more alerts in this state. For example, if you've configured a restrictive NSG for your virtual network, Microsoft may be unable to update and monitor your managed domain. This invalid configuration results in an alert being generated and your managed domain is put in the 'Needs Attention' state.
 
+Each alert has a set of resolution steps. Some alerts are transient and will get automatically resolved by the service. You can resolve some other alerts by following the instructions in the corresponding resolution steps for that alert. To resolve some critical alerts, you need to contact Microsoft support.
 
-## What happens when a domain is suspended?
+For more information, see [how to troubleshoot alerts on a managed domain](active-directory-ds-troubleshoot-alerts.md).
 
-When a domain is suspended, Azure AD Domain Services stops the virtual machines that service your managed domain. This means that backups are no longer taken, users are unable to sign-in to your domain, and synchronization with Azure AD is no longer performed.
+**What you can expect:**
 
-The domain will only stay in a suspension state for a maximum of 15 days. In order to ensure a timely recovery, it is recommended you address the suspension as soon as possible.
+In some instances (for example, if you have an invalid network configuration), the domain controllers for your managed domain may be unreachable. Microsoft can't guarantee your managed domain is monitored, patched, updated, or backed-up on a regular basis in this state.
 
-## How do I know if my domain is suspended?
-The managed domain will receive an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD Domain Services Health page in the Azure portal that declares the domain suspended. In addition, the state of the domain will be labelled "Suspended".
+* Your managed domain is in an unhealthy state and ongoing health monitoring may stop, until the alert is resolved.
+* Domain controllers for your managed domain may not be patched or updated.
+* Changes from Azure Active Directory may not be synchronized to your managed domain.
+* Backups for your managed domain may be taken, if possible.
+* If you resolve the alerts impacting your managed domain, it may be possible to restore your managed domain to the 'Running' state.
+* Critical alerts are triggered for configuration issues where Microsoft is unable to reach your domain controllers. If such alerts aren't resolved within 15 days, your managed domain will be put in the 'Suspended' state.
 
 
-## Unsuspending and restoring domains
+### 'Suspended' state
+A managed domain is put in the **Suspended** state for the following reasons:
+* One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources needed by Azure AD Domain Services.
+    * For example, if the managed domain has alert [AADDS104: Network Error](active-directory-ds-troubleshoot-nsg.md) unresolved for over 15 days.
+* There's a billing issue with your Azure subscription or your Azure subscription has expired.
 
-To unsuspend a domain, the following steps are needed:
+Managed domains are suspended when Microsoft is unable to manage, monitor, patch, or backup the domain on an ongoing basis.
 
-1. Navigate to the [Azure AD Domain Services page](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.AAD%2FdomainServices) on the Azure portal
-2. Click on the domain you wish to unsuspend
-3. On the left-hand navigation, click **Health**
-4. Click on the suspension alert (The Alert ID will be either AADDS503 or AADDS504, depending on the cause of suspension).
-5. Click on the resolution link provided in the alert and follow the steps to resolving your suspension.
+**What you can expect:**
+* Domain controllers for your managed domain are de-provisioned and aren't reachable within the virtual network.
+* Secure LDAP access to the managed domain over the internet (if enabled) stops working.
+* You notice failures in authenticating to the managed domain, logging on to domain joined virtual machines, and connecting over LDAP/LDAPS.
+* Backups for your managed domain are no longer taken.
+* Synchronization with Azure AD stops.
+* Resolve the alert causing your managed domain to be in the 'Suspended' state and then contact support.
+* Support may restore your managed domain, only if a backup that is less than 30 days old exists.
+
+The managed domain will only stay in a suspended state for 15 days. To recover your managed domain, Microsoft recommends you resolve critical alerts immediately.
+
+
+### 'Deleted' state
+A managed domain that stays in the 'Suspended' state for 15 days is **Deleted**.
+
+**What you can expect:**
+* All resources and backups for the managed domain are deleted.
+* You can't restore the managed domain and need to create a new managed domain to use Azure AD Domain Services.
+* Once deleted, you aren't billed for the managed domain.
 
-Your domain can only be restored from the date of last backup. The date of your last backup is displayed on the Health page of your managed domain. Any changes since the last backup will not be restored upon unsuspension. In addition, Azure AD Domain Services can only store backups for up to 30 days. If the latest backup is more than 30 days old, the backup must be deleted and Azure AD Domain Services will be unable to restore from a backup.
 
-## Deleting domains
+## How do you know if your managed domain is suspended?
+You see an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD Domain Services Health page in the Azure portal that declares the domain suspended. The state of the domain also shows "Suspended".
 
-If the domain is suspended for more than 15 days, Azure AD Domain Services deletes the managed domain due to inactivity and the inability to service the domain. You will no longer be billed for Azure AD Domain Services. To restore your managed domain, you will need to recreate it.
+
+## Restore a suspended domain
+To restore a domain in the 'Suspended' state, complete the following steps:
+
+1. Navigate to the [Azure AD Domain Services page](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.AAD%2FdomainServices) on the Azure portal
+2. Click on the managed domain.
+3. On the left-hand navigation, click **Health**.
+4. Click on the alert. The alert ID will be either AADDS503 or AADDS504, depending on the cause of suspension.
+5. Click on the resolution link provided in the alert and follow the steps to resolve the alert.
+
+Your managed domain can only be restored to the date of last backup. The date of your last backup is displayed on the Health page of your managed domain. Any changes that occurred after the last backup won't be restored. Backups for a managed domain are stored for up to 30 days. Backups older than 30 days are deleted.
 
 
 ## Next steps
@@ -72,5 +108,4 @@ If the domain is suspended for more than 15 days, Azure AD Domain Services delet
 - [Contact the product team](active-directory-ds-contact-us.md)
 
 ## Contact Us
-
 Contact the Azure Active Directory Domain Services product team to [share feedback or for support](active-directory-ds-contact-us.md).

articles/active-directory-b2c/active-directory-b2c-reference-oauth-code.md

@@ -143,9 +143,9 @@
 ## Manage passwords
 ### [Passwords overview](authentication/active-directory-passwords-overview.md)
 ### User documents
-#### [Reset or change your password](active-directory-passwords-update-your-own-password.md)
+#### [Reset or change your password](user-help/active-directory-passwords-update-your-own-password.md)
 #### [Password best practices](active-directory-secure-passwords.md)
-#### [Register for self-service password reset](active-directory-passwords-reset-register.md)
+#### [Register for self-service password reset](user-help/active-directory-passwords-reset-register.md)
 ### [SSPR How it works](authentication/concept-sspr-howitworks.md)
 ### [SSPR Deployment guide](authentication/howto-sspr-deployment.md)
 ### [SSPR and Windows 10](authentication/tutorial-sspr-windows.md)
@@ -174,8 +174,8 @@
 ### [Plan Azure AD Join](active-directory-azureadjoin-deployment-aadjoindirect.md)
 ### [FAQs](device-management-faq.md)
 ### Tasks
-#### [Set up Azure AD registered Windows 10 devices](device-management-azuread-registered-devices-windows10-setup.md)
-#### [Set up Azure AD joined devices](device-management-azuread-joined-devices-setup.md)
+#### [Set up Azure AD registered Windows 10 devices](user-help/device-management-azuread-registered-devices-windows10-setup.md)
+#### [Set up Azure AD joined devices](user-help/device-management-azuread-joined-devices-setup.md)
 #### [Set up hybrid Azure AD joined devices](device-management-hybrid-azuread-joined-devices-setup.md)
 #### [Deploy on-premises](active-directory-device-registration-on-premises-setup.md)
 #### [Azure AD join during Windows 10 first-run experience](device-management-azuread-joined-devices-frx.md)