MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/partner-nok-nok.md
Lines changed: 29 additions & 32 deletions b/‎articles/active-directory-b2c/partner-nok-nok.md
Lines changed: 29 additions & 32 deletions
diff --git a/‎articles/app-service/overview-vnet-integration.md
Lines changed: 14 additions & 8 deletions b/‎articles/app-service/overview-vnet-integration.md
Lines changed: 14 additions & 8 deletions
@@ -1,65 +1,62 @@
 ---
 title: Tutorial to configure Nok Nok S3 Authentication Suite with Azure Active Directory B2C for FIDO passkey authentication
 titleSuffix: Azure AD B2C
-description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication
+description: Configure Nok Nok S3 Authentication Suite with Azure AD B2C to enable FIDO passkey authentication.
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 06/21/2024
-
+ms.date: 12/09/2024
 ms.author: gasinh
 ms.subservice: b2c
 
-# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO Passkey authentication for my users.
+# Customer intent: I'm a developer integrating Azure AD B2C with a third-party authentication provider. I want to learn how to configure Nok Nok S3 Authentication Suite as an identity provider (IdP) in Azure AD B2C. My goal is to implement FIDO passkey authentication for my users.
 ---
-# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO Passkey Authentication
+# Tutorial: Configure Nok Nok S3 Authentication Suite with Azure AD B2C for FIDO passkey authentication
 
-Learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication such as FIDO UAF, FIDO U2F, WebAuthn, and FIDO2 for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
+In this article, you learn to integrate the Nok Nok S3 Authentication Suite into your Azure Active Directory (AD) B2C tenant. The Nok Nok solution enables FIDO-certified multifactor authentication, such as FIDO Universal Authentication Framework (UAF), FIDO Universal Second Factor (U2F), WebAuthn, and FIDO2, for mobile and web applications. The Nok Nok solution strengthens your security while maintaining an optimal user experience.
 
-Learn more at [Nok Nok](https://noknok.com/)
+Learn more at [Nok Nok](https://noknok.com/).
 
 ## Prerequisites
 
 To get started, you need:
 
 * An Azure subscription. If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/).
-* An Azure AD B2C tenant linked to the Azure subscription [Tutorial: Create an Azure AD B2C tenant](tutorial-create-tenant.md).
+* An Azure AD B2C tenant linked to the Azure subscription. Learn how to [Create an Azure AD B2C tenant](tutorial-create-tenant.md).
 * A Nok Nok Cloud evaluation tenant for FIDO registration and authentication.
 
 ## Scenario description
 
-To enable Passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
+To enable passkey authentication for your users, enable Nok Nok as an identity provider (IdP) in your Azure AD B2C tenant. The Nok Nok integration includes the following components:
 
 * **Azure AD B2C** – authorization server that verifies user credentials.
 * **Web and mobile applications** – mobile or web apps to protect with Nok Nok solutions and Azure AD B2C.
-* **Nok Nok Tutorial Web App** – application to register the passkey on your device.
-* **Nok Nok Sign in App** – application for authenticating Azure AD B2C applications using passkey.
-
+* **Nok Nok tutorial web app** – application to register the passkey on your device.
+* **Nok Nok sign-in app** – application for authenticating Azure AD B2C applications with passkey.
 
-The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for Passkey authentication.
+The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2C by using OpenID Connect (OIDC) for passkey authentication.
 
-![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for Passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
+![Diagram of Nok Nok as IdP for Azure AD B2C using OpenID Connect (OIDC) for passkey authentication.](./media/partner-nok-nok/nok-nok-architecture-diagram.png)
 
-### Scenario 1: Passkey Registration
-1. The user navigates to the Nok Nok Tutorial Web App using the link provided by Nok Nok.
+### Scenario 1: Passkey registration
+1. The user navigates to the Nok Nok tutorial web app using the link provided by Nok Nok.
 2. The user enters their Azure AD B2C username and default tutorial app password.
 3. The user receives a prompt to register the passkey.
 4. The Nok Nok server validates the passkey credential and confirms successful passkey registration to the user.
 5. The passkey on the user's device is ready for authentication.
 
-### Scenario 2: Passkey Authentication
-1. The user selects the Sign in with Nok Nok Cloud button on the Azure AD B2C Sign in page.
-2. Azure AD B2C redirects the user to the Nok Nok Signin App.
-3. User authenticates with their passkey.
+### Scenario 2: Passkey authentication
+1. The user selects the sign-in with Nok Nok Cloud button on the Azure AD B2C sign-in page.
+2. Azure AD B2C redirects the user to the Nok Nok sign-in app.
+3. The user authenticates with their passkey.
 4. The Nok Nok server validates the passkey assertion and sends an OIDC authentication response to Azure AD B2C.
 5. Based on the authentication result, Azure AD B2C either grants or denies access to the target application.
 
-
 ## Get started with Nok Nok
 
-1. [Contact](https://noknok.com/contact/) Nok Nok.
+1. [Contact Nok Nok](https://noknok.com/contact/).
 2. Fill out the form for a Nok Nok tenant.
 3. An email arrives with tenant access information and links to documentation.
 4. Use the Nok Nok integration documentation to complete the tenant OIDC configuration.
@@ -68,11 +65,11 @@ The following diagram illustrates the Nok Nok solution as an IdP for Azure AD B2
 
 Use the following instructions to add and configure an IdP, and then configure a user flow.
 
-### Add a new Identity provider
+### Add a new identity provider
 
 For the following instructions, use the directory with the Azure AD B2C tenant. To add a new IdP:
 
-1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C IEF Policy Administrator of the Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/#home) as at least as the B2C Identity Experience Framework (IEF) Policy Administrator of the Azure AD B2C tenant.
 2. In the portal toolbar, select **Directories + subscriptions**.
 3. On **Portal settings, Directories + subscriptions**, in the **Directory name** list, locate the Azure AD B2C directory.
 4. Select **Switch**.
@@ -82,13 +79,13 @@ For the following instructions, use the directory with the Azure AD B2C tenant.
 8. Select **Identity providers**.
 9. Select **Add**.
 
-### Configure an Identity provider
+### Configure an identity provider
 
 To configure an IdP:
 
 1. Select **Identity provider type** > **OpenID Connect (Preview)**.
-2. For **Name**, enter the Nok Nok Authentication Provider, or another name.
-3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID provided by Nok Nok: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
+2. For **Name**, enter the Nok Nok Authentication Provider or another name.
+3. For **Metadata URL**, enter the following URL after replacing the placeholder with the tenant ID that Nok Nok provides: `https://cloud.noknok.com/<tenant_id>/webapps/nnlfed/realms/<tenant_id>/.well-known/openid-configuration`.
 4. For **Client Secret**, use the Client Secret from Nok Nok.
 5. For **Client ID**, use the Client ID provided by Nok Nok.
 6. For **Scope**, use **openid**.
@@ -109,19 +106,19 @@ For the following instructions, Nok Nok is a new OIDC IdP in the B2C identity pr
 5. Select **Create**.
 6. Enter a policy **Name**.
 7. In **Identity providers**, select the created Nok Nok IdP.
-8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok Signin App.
+8. Check **Email signup** under **Local accounts** to display an intermediate Azure AD B2C signin/signup page with a button that redirects the user to the Nok Nok sign-in app.
 9. Leave the **Multi-factor Authentication** field.
-10. Click **Create** to save.
+10. Select **Create** to save.
 
 ## Test the user flow
 
 1. Open the Azure AD B2C tenant. Under **Policies**, select **Identity Experience Framework**.
 2. Select the created **SignUpSignIn**.
 3. Select **Run user flow**.
-4. For **Application**, select the registered app. The example is JWT.
-5. For **Reply URL**, select the redirect URL of the application that you previously selected at the previous step.
+4. For **Application**, select the registered app. The example is JSON Web Token (JWT).
+5. For **Reply URL**, select the redirect URL of the application that you selected at the previous step.
 6. Select **Run user flow**.
-7. Perform signin using the Azure AD B2C username and the passkey that you previously registered for the same user.
+7. Perform sign-in using the Azure AD B2C username and the passkey that you previously registered for the same user.
 8. Verify that you received the token after authentication.
 
 If the flow is incomplete, confirm the user is or isn't saved in the directory.
 
@@ -76,12 +76,6 @@ Because subnet size can't be changed after assignment, use a subnet that's large
 
 With multi plan subnet join (MPSJ), you can join multiple App Service plans in to the same subnet. All App Service plans must be in the same subscription but the virtual network/subnet can be in a different subscription. Each instance from each App Service plan requires an IP address from the subnet and to use MPSJ a minimum size of `/26` subnet is required. If you plan to join many and/or large scale plans, you should plan for larger subnet ranges.
 
-> [!IMPORTANT]
-> Due to a known bug, MPSJ fails if multiple sites are created and attempt to integrate with the virtual network at the same time. A fix will be deployed soon. In the meantime, you can work around the issue with either of the following methods:
-> * If you create sites manually, create and integrate the sites one by one.
-> * If you create sites programmatically, for example using Terraform or ARM templates, add a [dependsOn](/azure/azure-resource-manager/templates/resource-dependency#dependson) element to each site in your templates to depend on the creation of the previous site for all but the first site in the template. This creates a delay between the site creation and the virtual network integration for each site and therefore isn't blocked by the known bug. For more information see, [Define the order for deploying resources in ARM templates](/azure/azure-resource-manager/templates/resource-dependency).
->
-
 ### Windows Containers specific limits
 
 Windows Containers uses an extra IP address per app for each App Service plan instance, and you need to size the subnet accordingly. If you have, for example, 10 Windows Container App Service plan instances with four apps running, you need 50 IP addresses and extra addresses to support horizontal (in/out) scale.
@@ -176,9 +170,21 @@ You can use route tables to route outbound traffic from your app without restric
 
 Route tables and network security groups only apply to traffic routed through the virtual network integration. See [application routing](#application-routing) and [configuration routing](#configuration-routing) for details. Routes don't apply to replies from inbound app requests and inbound rules in an NSG don't apply to your app. Virtual network integration affects only outbound traffic from your app. To control inbound traffic to your app, use the [access restrictions](./overview-access-restrictions.md) feature or [private endpoints](./networking/private-endpoint.md).
 
-When configuring network security groups or route tables that applies to outbound traffic, you must make sure you consider your application dependencies. Application dependencies include endpoints that your app needs during runtime. Besides APIs and services the app is calling, these endpoints could also be derived endpoints like certificate revocation list (CRL) check endpoints and identity/authentication endpoint, for example Microsoft Entra ID. If you're using [continuous deployment in App Service](./deploy-continuous-deployment.md), you might also need to allow endpoints depending on type and language. Specifically for [Linux continuous deployment](https://github.com/microsoft/Oryx/blob/main/doc/hosts/appservice.md#network-dependencies), you need to allow `oryx-cdn.microsoft.io:443`. For Python you additionally need to allow `files.pythonhosted.org`, `pypi.org`.
+When configuring network security groups or route tables that applies to outbound traffic, you must make sure you consider your application dependencies. Application dependencies include endpoints that your app needs during runtime. Besides APIs and services the app is calling, these endpoints could also be derived endpoints like certificate revocation list (CRL) check endpoints and identity/authentication endpoint, for example Microsoft Entra ID. If you're using [continuous deployment in App Service](./deploy-continuous-deployment.md), you might also need to allow endpoints depending on type and language.
+
+#### Linux continuous deployment
+
+Specifically for [Linux continuous deployment](https://github.com/microsoft/Oryx/blob/main/doc/hosts/appservice.md#network-dependencies), you need to allow `oryx-cdn.microsoft.io:443`. For Python you additionally need to allow `files.pythonhosted.org`, `pypi.org`.
+
+#### Health checks
+
+Azure uses UDP port 30,000 to do network health checks. If you block this traffic, it will not directly impact your app, but it will be more difficult for Azure support to detect and troubleshoot network related issues.
+
+#### Private ports
+
+The App Service private ports feature uses ports 20,000 to 30,000 on both TCP and UDP to route traffic between instances through the integrated network. The mentioned port range need to be open both inbound and outbound.
 
-Azure uses UDP port 30,000 to do network health checks. If you block this traffic, it will not directly impact your app, but it will be more difficult for Azure support to detect and troubleshoot network related issues. 
+#### On-premises traffic
 
 When you want to route outbound traffic on-premises, you can use a route table to send outbound traffic to your Azure ExpressRoute gateway. If you do route traffic to a gateway, set routes in the external network to send any replies back. Border Gateway Protocol (BGP) routes also affect your app traffic. If you have BGP routes from something like an ExpressRoute gateway, your app outbound traffic is affected. Similar to user-defined routes, BGP routes affect traffic according to your routing scope setting.