Merge pull request #46556 from MicrosoftDocs/master

7/13 AM Publish

Author: huypub

articles/active-directory/b2b/add-users-administrator.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.component: B2B
 ms.topic: article
-ms.date: 05/11/2018
+ms.date: 07/10/2018
 
 ms.author: mimart
 author: msmimart
@@ -31,16 +31,16 @@ To add B2B collaboration users to the directory, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
 2. In the navigation pane, select **Azure Active Directory**.
-3. Under **Manage**, select **Users and groups** > **All users**.
+3. Under **Manage**, select **Users**.
 4. Select **New guest user**.
 
    ![Shows where New guest user is in the UI](./media/add-users-administrator/NewGuestUser-Directory.png) 
 
-7. Under **Invite a guest**, enter the email address of the external user. Optionally, include a welcome message. For example:
+5. Under **User name**, enter the email address of the external user. Optionally, include a welcome message. For example:
 
    ![Shows where New guest user is in the UI](./media/add-users-administrator/InviteGuest.png) 
 
-8. Select **Invite** to automatically send the invitation to the guest user. In the **Notification** area, look for a **Successfully invited user** message. 
+6. Select **Invite** to automatically send the invitation to the guest user. 
 
 After you send the invitation, the user account is automatically added to the directory as a guest.
 
@@ -52,18 +52,15 @@ If you need to manually add B2B collaboration users to a group as an Azure AD ad
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
 2. In the navigation pane, select **Azure Active Directory**.
-3. Under **Manage**, select **Users and groups** > **All groups**.
+3. Under **Manage**, select **Groups**.
 4. Select a group (or click **New group** to create a new one). It's a good idea to include in the group description that the group contains B2B guest users.
-5. Select **Members** > **Add members**. 
+5. Select **Members**. 
 6. Do one of the following:
-   - If the guest user already exists in the directory, search for the B2B user. Select the user > click **Select** to add the user to the group.
-   - If the guest user does not already exist in the directory, select **Invite**.
-   ![Add invite button to add guest members](./media/add-users-administrator/GroupInvite.png)
+   - If the guest user already exists in the directory, search for the B2B user. Select the user, and then click **Select** to add the user to the group.
+   - If the guest user does not already exist in the directory, invite them to the group by typing their email address in the search box, typing an optional personal message, and then clicking **Select**. The invitation automatically goes out to the invited user.
+     
+     ![Add invite button to add guest members](./media/add-users-administrator/GroupInvite.png)
 
-      Under **Invite a guest**, enter the email address, and an optional personal message > select **Invite**. Click **Select** to add the user to the group.
-
-      The invitation automatically goes out to the invited user. In the **Notification** area, look for a successful **Invited user** message. 
-
 You can also use dynamic groups with Azure AD B2B collaboration. For more information, see [Dynamic groups and Azure Active Directory B2B collaboration](use-dynamic-groups.md).
 
 ## Add guest users to an application
@@ -74,29 +71,33 @@ To add B2B collaboration users to an application as an Azure AD administrator, f
 2. In the navigation pane, select **Azure Active Directory**.
 3. Under **Manage**, select **Enterprise applications** > **All applications**.
 4. Select the application to which you want to add guest users.
-5. Under **Manage**, select **Users and groups**.
+5. On the application's dashboard, select **Total Users** to open the **Users and groups** pane.
+
+    ![Total Users button to add open Users and Groups](./media/add-users-administrator/AppUsersAndGroups.png)
+
 6. Select **Add user**.
 7. Under **Add Assignment**, select **User and groups**.
 8. Do one of the following:
-   - If the guest user already exists in the directory, search for the B2B user. Select the user, and then click **Select** to add the user to the app.
+   - If the guest user already exists in the directory, search for the B2B user. Select the user, click **Select**, and then click **Assign** to add the user to the app.
    - If the guest user does not already exist in the directory, select **Invite**.
-   ![Add invite button to add guest members](./media/add-users-administrator/AppInviteUsers.png)
+           
+       ![Add invite button to add guest members](./media/add-users-administrator/AppInviteUsers.png)
 
-      Under **Invite a guest**, enter the email address, and an optional personal message > select **Invite**. Click **Select** to add the user to the app.
-
-      The invitation automatically goes out to the invited user. In the **Notification** area, look for a successful **Invited user** message.
+      Under **Invite a guest**, enter the email address, type an optional personal message, and then select **Invite**. Click **Select**, and then click **Assign** to add the user to the app. An invitation automatically goes out to the invited user.
 
-9. Under **Add Assignment**, click **Select Role** > select a role to apply to the selected user (if applicable) > select **OK**.
-10. Click **Assign**.
+9. The guest user appears in the application's **Users and groups** list with the assigned role of **Default Access**. If you want to change the role, do the following:
+   - Select the guest user, and then select **Edit**. 
+   - Under **Edit Assignment**, click **Select Role**, and select the role you want to assign to the selected user.
+   - Click **Select**.
+   - Click **Assign**.
 
 ## Resend invitations to guest users
 
 If a guest user has not yet redeemed their invitation, you can resend the invitation email.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
 2. In the navigation pane, select **Azure Active Directory**.
-3. Under **Manage**, select **Users and groups**.
-4. Select **All users**.
+3. Under **Manage**, select **Users**.
 5. Select the user account.
 6. Under **Manage**, select **Profile**.
 7. If the user has not yet accepted the invitation, a **Resend invitation** option is available. Select this button to resend.

articles/active-directory/b2b/media/add-users-administrator/AppInviteUsers.PNG

@@ -62,7 +62,7 @@ The set of optional claims available by default for applications to use are list
 | `enfpolids`                | Enforced policy IDs. A list of the policy IDs that were evaluated for the current user.  | JWT |  |  |
 | `vnet`                     | VNET specifier information.    | JWT        |           |      |
 | `fwd`                      | IP address.| JWT    |   | Adds the original IPv4 address of the requesting client (when inside a VNET) |
-| `ctry`                     | User’s country | JWT |           | |
+| `ctry`                     | User’s country | JWT |           | Azure AD returns the `ctry` optional claim if it's present and the value of the claim is a standard two-letter country code, such as FR, JP, SZ, and so on. |
 | `tenant_ctry`              | Resource tenant’s country | JWT | | |
 | `xms_pdl`		     | Preferred data location   | JWT | | For Multi-Geo tenants, this is the 3-letter code showing which geographic region the user is in.  For more details, see the [Azure AD Connect documentation about preferred data location](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-preferreddatalocation). <br> For example: `APC` for Asia Pacific. |
 | `xms_pl`                   | User preferred language  | JWT ||The user’s preferred language, if set.  Sourced from their home tenant, in guest access scenarios.  Formatted LL-CC (“en-us”). |

articles/active-directory/b2b/media/add-users-administrator/AppUsersAndGroups.PNG

@@ -37,20 +37,20 @@ After you've enabled MSI on an Azure resource, such as an [Azure VM](qs-configur
 
 3. For an Azure virtual machine, select the **Access control (IAM)** page of the resource, and select **+ Add**. Then specify the **Role**, **Assign access to Virtual Machine**, and specify the corresponding **Subscription** and **Resource Group** where the resource resides. Under the search criteria area, you should see the resource. Select the resource, and select **Save**. 
 
-   ![Access control (IAM) screenshot](../media/msi-howto-assign-access-portal/assign-access-control-iam-blade-before.png)  
+   ![Access control (IAM) screenshot](../managed-service-identity/media/msi-howto-assign-access-portal/assign-access-control-iam-blade-before.png)  
    For an Azure virtual machine scale set, select the **Access control (IAM)** page of the resource, and select **+ Add**. Then specify the **Role**, **Assign access to**. Under the search criteria area, search for  your virtual machine scale set. Select the resource, and select **Save**.
 
-   ![Access control (IAM) screenshot](../media/msi-howto-assign-access-vmss-portal/assign-access-control-vmss-iam-blade-before.png)  
+   ![Access control (IAM) screenshot](../managed-service-identity/media/msi-howto-assign-access-vmss-portal/assign-access-control-vmss-iam-blade-before.png)  
 
 4. You are returned to the main **Access control (IAM)** page, where you see a new entry for the resource's MSI.
 
     Azure virtual machine:
 
-   ![Access control (IAM) screenshot](../media/msi-howto-assign-access-portal/assign-access-control-iam-blade-after.png)
+   ![Access control (IAM) screenshot](../managed-service-identity/media/msi-howto-assign-access-portal/assign-access-control-iam-blade-after.png)
 
     Azure virtual machine scale set:
 
-    ![Access control (IAM) screenshot](../media/msi-howto-assign-access-vmss-portal/assign-access-control-vmss-iam-blade-after.png)
+    ![Access control (IAM) screenshot](../managed-service-identity/media/msi-howto-assign-access-vmss-portal/assign-access-control-vmss-iam-blade-after.png)
 
 ## Troubleshooting