Merge pull request #235580 from MicrosoftDocs/main

4/24 AM Publish

Author: huypub

articles/active-directory-b2c/enable-authentication-web-application.md

@@ -260,7 +260,7 @@ Azure AD B2C identity provider settings are stored in the *appsettings.json* fil
   "Instance": "https://<your-tenant-name>.b2clogin.com",
   "ClientId": "<web-app-application-id>",
   "Domain": "<your-b2c-domain>",
-  "SignedOutCallbackPath": "/signout/<your-sign-up-in-policy>",
+  "SignedOutCallbackPath": "/signout-oidc
   "SignUpSignInPolicyId": "<your-sign-up-in-policy>"
 }
 ```

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -167,7 +167,7 @@ For user flows, these extension properties are [managed by using the Azure porta
 Use the [Get organization details](/graph/api/organization-get) API to get your directory size quota. You need to add the `$select` query parameter as shown in the following HTTP request:
 
 ```http
-    GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
+GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
 ``` 
 Replace `organization-id` with your organization or tenant ID. 
 

articles/active-directory-b2c/user-profile-attributes.md

@@ -189,7 +189,7 @@ Extension attributes in the Graph API are named by using the convention `extensi
 Note that the **Application (client) ID** as it's represented in the extension attribute name includes no hyphens. For example:
 
 ```json
-    "extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
+"extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342"
 ```
 
 The following data types are supported when defining an attribute in a schema extension:

articles/active-directory/cloud-infrastructure-entitlement-management/media/partner-list/partner-ascent-solutions.png

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/26/2023
+ms.date: 04/24/2023
 ms.author: jfields
 ---
 
@@ -46,7 +46,9 @@ If you're a partner and would like to be considered for the Entra Permissions Ma
 | ![Screenshot of a invoke logo.](media/partner-list/partner-invoke.png) | [Invoke's Entra PM multicloud risk assessment](https://www.invokellc.com/offers/microsoft-entra-permissions-management-multi-cloud-risk-assessment)|
 | ![Screenshot of a Vu logo.](media/partner-list/partner-oxford-computer-group.png) | [Permissions Management implementation and remediation](https://oxfordcomputergroup.com/microsoft-entra-permissions-management-implementation/)|
 | ![Screenshot of a Onfido logo.](media/partner-list/partner-ada-quest.png) | [adaQuest Microsoft Entra Permissions Management Risk Assessment](https://adaquest.com/entra-permission-risk-assessment/)
-
+| ![Screenshot of Ascent Solutions logo.](media/partner-list/partner-ascent-solutions.png) | [Ascent Solutions Microsoft Entra Permissions Management Rapid Risk Assessment](https://www.meetascent.com/resources/microsoft-entra-permissions-rapid-risk-assessment)
+| ![Screenshot of Synergy Advisors logo.](media/partner-list/partner-synergy-advisors.png) | [Synergy Advisors Identity Optimization](https://synergyadvisors.biz/solutions-item/identity-optimization/)
+| ![Screenshot of BDO Digital logo.](media/partner-list/partner-bdo-digital.png) | [BDO Digital Managing Permissions Across Multicloud](https://www.bdodigital.com/services/security-compliance/cybersecurity/entra-permissions-management)
 ## Next steps
 
 * For an overview of Permissions Management, see [What's Permissions Management?](overview.md)

articles/active-directory/cloud-infrastructure-entitlement-management/media/partner-list/partner-bdo-digital.png

@@ -22,6 +22,9 @@ The **Azure AD Insights** tab shows you who is assigned to privileged roles in y
 > [!NOTE] 
 > Keep role assignments permanent if a user has a an additional Microsoft account (for example, an account they use to sign in to Microsoft services like Skype, or Outlook.com). If you require multi-factor authentication to activate a role assignment, a user with an additional Microsoft account will be locked out.  
 
+## Prerequisite
+To view information on the Azure AD Insights tab, you must have Permissions Management Administrator role permissions.
+
 ## View information in the Azure AD Insights tab
 
 1. From the Permissions Management home page, select the **Azure AD Insights** tab.

articles/active-directory/cloud-infrastructure-entitlement-management/media/partner-list/partner-synergy-advisors.png

@@ -29,7 +29,7 @@ To get started, download the latest [Microsoft Graph PowerShell SDK](/powershell
 In the following steps, you'll create a policy that requires users to authenticate less frequently in your web app. This policy sets the lifetime of the access/ID tokens for your web app.
 
 ```powershell
-Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration"
+Connect-MgGraph -Scopes  "Policy.ReadWrite.ApplicationConfiguration","Policy.Read.All","Application.ReadWrite.All"
 
 # Create a token lifetime policy
 $params = @{
@@ -76,4 +76,4 @@ GET https://graph.microsoft.com/v1.0/policies/tokenLifetimePolicies/4d2f137b-e8a
 ```
 
 ## Next steps
-Learn about [authentication session management capabilities](../conditional-access/howto-conditional-access-session-lifetime.md) in Azure AD Conditional Access.
+Learn about [authentication session management capabilities](../conditional-access/howto-conditional-access-session-lifetime.md) in Azure AD Conditional Access.

articles/active-directory/cloud-infrastructure-entitlement-management/partner-list.md

@@ -90,13 +90,13 @@ If a device is managed by another management authority, like Microsoft Intune, b
 
 You can use a device ID to verify the device ID details on the device or to troubleshoot via PowerShell. To access the copy option, select the device.
 
-![Screenshot that shows a device ID and the copy button.](./media/device-management-azure-portal/35.png)
+![Screenshot that shows a device ID and the copy button.](./media/device-management-azure-portal/device-details.png)
 
 ## View or copy BitLocker keys
 
 You can view and copy BitLocker keys to allow users to recover encrypted drives. These keys are available only for Windows devices that are encrypted and store their keys in Azure AD. You can find these keys when you view a device's details by selecting **Show Recovery Key**. Selecting **Show Recovery Key** will generate an audit log, which you can find in the `KeyManagement` category.
 
-![Screenshot that shows how to view BitLocker keys.](./media/device-management-azure-portal/device-details-show-bitlocker-key.png)
+![Screenshot that shows how to view BitLocker keys.](./media/device-management-azure-portal/show-bitlocker-key.png)
 
 To view or copy BitLocker keys, you need to be the owner of the device or have one of these roles:
 
@@ -115,7 +115,7 @@ In this preview, you have the ability to infinitely scroll, reorder columns, and
 - Compliant state
 - Join type (Azure AD joined, Hybrid Azure AD joined, Azure AD registered)
 - Activity timestamp
-- OS
+- OS Type and Version
 - Device type (printer, secure VM, shared device, registered device)
 - MDM
 - Autopilot