Merge pull request #192629 from MicrosoftDocs/main

3/23 AM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -10774,6 +10774,11 @@
       "source_path": "articles/active-directory/reports-monitoring/reference-azure-ad-sla-performance.md",
       "redirect_url": "/azure/active-directory/reports-monitoring/overview-monitoring",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory/manage-apps/get-it-now-azure-marketplace.md",
+      "redirect_url": "/azure/active-directory/manage-apps/add-application-portal",
+      "redirect_document_id": false
     }
 
   ]

articles/active-directory-b2c/deploy-custom-policies-devops.md

@@ -92,7 +92,8 @@ try {
                 Write-Host "Uploading the" $PolicyId "policy..."
     
                 $graphuri = 'https://graph.microsoft.com/beta/trustframework/policies/' + $PolicyId + '/$value'
-                $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $policycontent -Headers $headers
+                $content = [System.Text.Encoding]::UTF8.GetBytes($policycontent)
+                $response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers
     
                 Write-Host "Policy" $PolicyId "uploaded successfully."
             }

articles/active-directory-b2c/enable-authentication-in-node-web-app.md

@@ -1,6 +1,6 @@
 ---
 title: Enable authentication in your own Node web application using Azure Active Directory B2C
-description: This article explains how to enable authentication in your own node.js web application using Azure AD B2C 
+description: This article explains how to enable authentication in your own Node.js web application using Azure AD B2C 
 titleSuffix: Azure AD B2C
 services: active-directory-b2c
 author: kengaderdus

articles/active-directory-b2c/integrate-with-app-code-samples.md

@@ -1,5 +1,5 @@
 ---
-title: Azure Active Directory B2C integrate with app samples  
+title: Azure Active Directory B2C integrate with app samples
 description: Code samples for integrating Azure AD B2C to mobile, desktop, web, and single-page applications.
 services: active-directory-b2c
 author: kengaderdus
@@ -36,7 +36,7 @@ The following tables provide links to samples for applications including iOS, An
 | [dotnetcore-webapp-openidconnect](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-5-B2C) | An ASP.NET Core web application that uses OpenID Connect to sign in users in Azure AD B2C. |
 | [dotnetcore-webapp-msal-api](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C) | An ASP.NET Core web application that can sign in a user using Azure AD B2C, get an access token using MSAL.NET and call an API. |
 | [auth-code-flow-nodejs](https://github.com/Azure-Samples/active-directory-b2c-msal-node-sign-in-sign-out-webapp) | A Node.js app that shows how to enable authentication (sign in, sign out and profile edit) in a Node.js web application using Azure Active Directory B2C. The web app uses MSAL-node.|
-| [javascript-nodejs-webapi](https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi) | A small node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using passport.js. |
+| [javascript-nodejs-webapi](https://github.com/Azure-Samples/active-directory-b2c-javascript-nodejs-webapi) | A small Node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using passport.js. |
 | [ms-identity-python-webapp](https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/README_B2C.md) | Demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application.  |
 
 ## Single page apps

articles/active-directory-b2c/threat-management.md

@@ -60,7 +60,7 @@ When testing the smart lockout feature, use a distinctive pattern for each passw
 When the smart lockout threshold is reached, you'll see the following message while the account is locked: **Your account is temporarily locked to prevent unauthorized use. Try again later**. The error messages can be [localized](localization-string-ids.md#sign-up-or-sign-in-error-messages).
 
 > [!NOTE]
-> When you test smart lockout, your sign-in requests might be handled by different datacenters due to the geo-distributed and load-balanced nature of the Azure AD authentication service. In that scenario, because each Azure AD datacenter tracks lockout independently, it might take more than your defined lockout threshold number of attempts to cause a lockout. A user has a maximum of (threshold_limit * datacenter_count) number of bad attempts before being completely locked out.
+> When you test smart lockout, your sign-in requests might be handled by different datacenters due to the geo-distributed and load-balanced nature of the Azure AD authentication service. In that scenario, because each Azure AD datacenter tracks lockout independently, it might take more than your defined lockout threshold number of attempts to cause a lockout. A user has a maximum of (threshold_limit * datacenter_count) number of bad attempts before being completely locked out. For more information, see [Azure global infrastructure](https://azure.microsoft.com/global-infrastructure/).
 
 ## Viewing locked-out accounts
 

articles/active-directory/azuread-dev/sample-v1-code.md

@@ -88,7 +88,7 @@ The following samples illustrate public client applications (desktop/mobile appl
 The following samples show desktop or web applications that access the Microsoft Graph or a web API with no user (with the application identity).
 
 Client application | Platform | Flow/Grant | Calls an ASP.NET or ASP.NET Core 2.0 Web API
------------------- | -------- | ---------- | -------------------- 
+------------------ | -------- | ---------- | --------------------
 Daemon app (Console)          | ![This image shows the .NET Framework logo](media/sample-v2-code/logo-netframework.png) | Client Credentials with app secret or certificate | [dotnet-daemon](https://github.com/azure-samples/active-directory-dotnet-daemon)</p> [dotnet-daemon-certificate-credential](https://github.com/azure-samples/active-directory-dotnet-daemon-certificate-credential)
 Daemon app (Console)         | ![This image shows the .NET Core logo](media/sample-v2-code/logo-netcore.png) | Client Credentials with certificate| [dotnetcore-daemon-certificate-credential](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-certificate-credential)
 ASP.NET Web App  | ![This image shows the .NET Framework logo](media/sample-v2-code/logo-netframework.png) | Client credentials | [dotnet-webapp-webapi-oauth2-appidentity](https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-oauth2-appidentity)
@@ -97,7 +97,7 @@ ASP.NET Web App  | ![This image shows the .NET Framework logo](media/sample-v2-c
 
 ### Web API protected by Azure Active Directory
 
-The following sample shows how to protect a node.js web API with Azure AD.
+The following sample shows how to protect a Node.js web API with Azure AD.
 
 In the previous sections of this article, you can also find other samples illustrating a client application **calling** an ASP.NET or ASP.NET Core **Web API**. These samples are not mentioned again in this section, but you will find them in the last column of the tables above or below
 

articles/active-directory/external-identities/external-collaboration-settings-configure.md

@@ -71,10 +71,14 @@ Here's an example that shows how to use PowerShell to add a user to the Guest In
 Add-MsolRoleMember -RoleObjectId 95e79109-95c0-4d8e-aee3-d01accf2d47b -RoleMemberEmailAddress <RoleMemberEmailAddress>
 ```
 
+## Sign-in logs for B2B users
+
+When a B2B user signs into a resource tenant to collaborate, a sign-in log is generated in both the home tenant and the resource tenant. These logs include information such as the application being used, email addresses, tenant name, and tenant ID for both the home tenant and the resource tenant. 
+
 ## Next steps
 
 See the following articles on Azure AD B2B collaboration:
 
 - [What is Azure AD B2B collaboration?](what-is-b2b.md)
 - [Add B2B collaboration guest users without an invitation](add-user-without-invite.md)
-- [Adding a B2B collaboration user to a role](./add-users-administrator.md)
+- [Adding a B2B collaboration user to a role](./add-users-administrator.md)

articles/active-directory/manage-apps/get-it-now-azure-marketplace.md

@@ -82,6 +82,8 @@
       href: admin-units-members-list.md
     - name: Remove members
       href: admin-units-members-remove.md
+    - name: Manage members with dynamic membership rules
+      href: admin-units-members-dynamic.md
     - name: Assign roles with scope
       href: admin-units-assign-roles.md
   - name: Delegate

articles/active-directory/roles/TOC.yml

@@ -20,7 +20,7 @@ summary: |
   For more granular administrative control in Azure Active Directory (Azure AD), you can assign users to an Azure AD role with a scope that's limited to one or more administrative units. For sample PowerShell scripts for common tasks, see [Work with administrative units](/powershell/azure/active-directory/working-with-administrative-units).
   
 sections:
-  - name: Ignored
+  - name: General
     questions:
       - question: |
           Why am I unable to create an administrative unit?
@@ -78,6 +78,45 @@ sections:
           
           Find support for the [administrativeUnit resource type](/graph/api/resources/administrativeunit) in Microsoft Graph.
 
+  - name: Dynamic administrative units (Preview)
+    questions:
+      - question: |
+          I just saved a dynamic membership rule for an administrative unit, but I don't see any users populated yet.
+        answer: |
+          The initial update of an administrative unit can take a few minutes depending on your tenant size and the current Azure AD load.
+
+      - question: |
+          After creating a dynamic membership rule in the Azure portal using the rule builder and attempting to save, I get the error "Failed to update administrative unit properties".
+        answer: |
+          This usually means there is a problem with the supplied property values. Confirm that the property values you have supplied have a proper value type (Boolean, string, or string collection). For more information, see the allowed values for each operator for [users](../enterprise-users/groups-dynamic-membership.md#supported-properties) or [devices](../enterprise-users/groups-dynamic-membership.md#rules-for-devices).
+          
+          This error can also result if a person without an Azure AD Premium P1 license attempts to save an update to the administrative unit.
+
+      - question: |
+          How can I add a single member to an administrative unit in addition to the current dynamic membership rule?
+        answer: |
+          To add a single user, add an appropriate expression with the `OR` query operator to the dynamic membership rule.
+
+      - question: |
+          I am a Global Administrator, but I can't add or remove members for an administrative unit.
+        answer: |
+          When an administrative unit has been configured for dynamic membership, you must edit the dynamic membership rules to change membership.
+
+      - question: |
+          How many administrative units with dynamic membership rules can I create in a tenant?
+        answer: |
+          For the preview, the total number of dynamic groups and dynamic administrative units combined cannot exceed 5,000.
+
+      - question: |
+          Is there a limit to the number of characters in a dynamic membership rule?
+        answer: |
+          Yes. 3,072 characters.
+
+      - question: |
+          Can I create administrative units with dynamic membership rules in the Microsoft 365 admin center?
+        answer: |
+          No.
+
 additionalContent: |
 
   ## Next steps