Merge pull request #219555 from cilwerner/content-health-bulk

[msid][content-health] (ADO-2011508, 2011509, 2011529 2011532)

Author: liljack17

articles/active-directory/develop/msal-net-migration.md

@@ -9,10 +9,10 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 06/08/2021
+ms.date: 11/25/2022
 ms.author: jmprieur
 ms.reviewer: saeeda
-ms.custom: "devx-track-csharp, aaddev, has-adal-ref"
+ms.custom: "devx-track-csharp, aaddev, has-adal-ref, engagement-fy23"
 #Customer intent: As an application developer, I want to learn why and how to migrate from ADAL.NET and MSAL.NET or Microsoft.Identity.Web libraries.
 ---
 
@@ -30,13 +30,13 @@ MSAL comes with benefits over ADAL. Some of these benefits are listed below:
 - You benefit from continuous innovation in term of security and resilience,
 - Your application implements the best practices in term of resilience and security.
 
-**MSAL.NET or Microsoft.Identity.Web are now the recommended auth libraries to use with the Microsoft identity platform**. No new features will be implemented on ADAL.NET. The efforts are focused on improving MSAL.NET. For details see the announcement: [Update your applications to use Microsoft Authentication Library and Microsoft Graph API](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363)
+**MSAL.NET or Microsoft.Identity.Web are now the recommended auth libraries to use with the Microsoft identity platform**. No new features will be implemented on ADAL.NET. The efforts are focused on improving MSAL.NET. For details see the announcement: [Update your applications to use Microsoft Authentication Library and Microsoft Graph API](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363).
 
 ## Should you migrate to MSAL.NET or to Microsoft.Identity.Web
 
-Before digging in the details of MSAL.NET vs ADAL.NET, you might want to check if you want to use MSAL.NET or a higher-level abstraction like [Microsoft.Identity.Web](microsoft-identity-web.md)
+Before digging in the details of MSAL.NET vs ADAL.NET, you might want to check if you want to use MSAL.NET or a higher-level abstraction like [Microsoft.Identity.Web](microsoft-identity-web.md).
 
-For details about the decision tree below, read [MSAL.NET or Microsoft.Identity.Web?](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/MSAL.NET-or-Microsoft.Identity.Web)
+For details about the decision tree below, read [MSAL.NET or Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/MSAL.NET-or-Microsoft.Identity.Web).
 
 !["Block diagram explaining how to choose if you need to use MSAL.NET and Microsoft.Identity.Web or both when migrating from ADAL.NET"](media/msal-net-migration/decision-diagram.png)
 

articles/active-directory/develop/scenario-spa-call-api.md

@@ -9,15 +9,15 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 09/27/2021
+ms.date: 11/25/2022
 ms.author: owenrichards
-ms.custom: aaddev
+ms.custom: aaddev, engagement-fy23
 #Customer intent: As an application developer, I want to know how to write a single-page application by using the Microsoft identity platform.
 ---
 
 # Single-page application: Call a web API
 
-We recommend that you call the `acquireTokenSilent` method to acquire or renew an access token before you call a web API. After you have a token, you can call a protected web API.
+We recommend that you call the `acquireTokenSilent` method to acquire or renew an access token before calling a web API. After you have a token, you can call a protected web API.
 
 ## Call a web API
 

articles/active-directory/develop/scenario-web-api-call-api-overview.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 10/24/2022
+ms.date: 11/25/2022
 ms.author: jmprieur
 ms.custom: aaddev, identityplatformtop40, engagement-fy23
 #Customer intent: As an application developer, I want to know how to write a web API that calls web APIs by using the Microsoft identity platform.

articles/active-directory/develop/single-sign-out-saml-protocol.md

@@ -8,9 +8,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/24/2021
+ms.date: 11/25/2022
 ms.author: kenwith
-ms.custom: aaddev
+ms.custom: aaddev, engagement-fy23
 ms.reviewer: paulgarn
 ---
 
@@ -24,10 +24,8 @@ The following diagram shows the workflow of the Azure AD single sign-out process
 
 ![Azure AD Single Sign Out Workflow](./media/single-sign-out-saml-protocol/active-directory-saml-single-sign-out-workflow.png)
 
-> [!NOTE]
-> Per section 3.7 of the [SAML 2.0 core specification](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf), there can be multiple participants (other applications) in a session besides your application. If one of the other participants sends a `LogoutRequest` to Microsoft identity platform (the session authority), then Microsoft identity platform will send a `LogoutRequest` back to all the session participants except the participant which sent the initial `LogoutRequest`. Additionally, if one of the other participants happened to initiate sign-out at the same time, there would be a race to see which `LogoutRequest` reaches Microsoft identity platform first. As a result, an application should always be prepared to handle a `LogoutRequest`.
-
 ## LogoutRequest
+
 The cloud service sends a `LogoutRequest` message to Azure AD to indicate that a session has been terminated. The following excerpt shows a sample `LogoutRequest` element.
 
 ```
@@ -37,14 +35,16 @@ The cloud service sends a `LogoutRequest` message to Azure AD to indicate that a
 </samlp:LogoutRequest>
 ```
 
-### LogoutRequest
 The `LogoutRequest` element sent to Azure AD requires the following attributes:
 
-* `ID` - This identifies the sign-out request. The value of `ID` should not begin with a number. The typical practice is to append **id** to the string representation of a GUID.
+* `ID` - This identifies the sign-out request. The value of `ID` shouldn't begin with a number. The typical practice is to append **id** to the string representation of a GUID.
 * `Version` - Set the value of this element to **2.0**. This value is required.
 * `IssueInstant` - This is a `DateTime` string with a Coordinate Universal Time (UTC) value and [round-trip format ("o")](/dotnet/standard/base-types/standard-date-and-time-format-strings). Azure AD expects a value of this type, but doesn't enforce it.
 
+Per section 3.7 of the [SAML 2.0 core specification](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf), there can be multiple participants (other applications) in a session besides your application. If one of the other participants sends a `LogoutRequest` to the Microsoft identity platform (the session authority), it will send a `LogoutRequest` back to all the session participants except the participant who sent the initial `LogoutRequest`. If another participant simultaneously initiated sign-out, there would be a race to see which `LogoutRequest` reaches Microsoft identity platform first. Therefore, an application should always be prepared to handle a `LogoutRequest`.
+
 ### Issuer
+
 The `Issuer` element in a `LogoutRequest` must exactly match one of the **ServicePrincipalNames** in the cloud service in Azure AD. Typically, this is set to the **App ID URI** that is specified during application registration.
 
 ### NameID
@@ -62,7 +62,6 @@ Azure AD sends a `LogoutResponse` in response to a `LogoutRequest` element. The
 </samlp:LogoutResponse>
 ```
 
-### LogoutResponse
 Azure AD sets the `ID`, `Version` and `IssueInstant` values in the `LogoutResponse` element. It also sets the `InResponseTo` element to the value of the `ID` attribute of the `LogoutRequest` that elicited the response.
 
 ### Issuer