Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

articles/active-directory-b2c/partner-whoiam-rampart.md

@@ -1,80 +1,71 @@
 ---
-title: Configure Azure Active Directory B2C with WhoIAM Rampart
+title: Configure WhoIAM Rampart with Azure Active Directory B2C
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with WhoIAM Rampart
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/20/2022
+ms.date: 05/02/2023
 ms.author: gasinh
 ms.reviewer: kengaderdus
 ms.subservice: B2C
 ---
 
 # Configure WhoIAM Rampart with Azure Active Directory B2C
 
-In this sample tutorial, you'll learn how to integrate Azure Active Directory B2C (Azure AD B2C) authentication with Rampart by WhoIAM. Rampart provides features for a fully integrated helpdesk and invitation-gated user registration experience. It allows support specialists to perform tasks like resetting passwords and multi-factor authentication without using Azure. It also enables apps and role-based access control (RBAC) for end-users of Azure AD B2C.
-
+In this tutorial, learn to integrate Azure Active Directory B2C (Azure AD B2C) authentication with WhoIAM Rampart. Rampart features enable an integrated helpdesk and invitation-gated user registration experience. Support specialists can reset passwords and multifactor authentication without using Azure. There are apps and role-based access control (RBAC) for Azure AD B2C users.
 
 ## Prerequisites
 
-To get started, you'll need:
-
-- An Azure AD subscription. If you don't have one, get a [free account](https://azure.microsoft.com/free/)
-
-- An [Azure AD B2C tenant](tutorial-create-tenant.md) linked to your Azure subscription.
-
-- An Azure DevOps Server instance
-
-- A [SendGrid account](https://sendgrid.com/)
-
-- A WhoIAM [trial account](https://www.whoiam.ai/contact-us/)
+* An Azure AD subscription
+  * If you don't have one, get an [Azure free account](https://azure.microsoft.com/free/)
+* An Azure AD B2C tenant linked to the Azure subscription
+  * See, [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md)
+* An Azure DevOps Server instance
+* A SendGrid account
+  * Go to sengrid.com to [Start for Free](https://sendgrid.com/)
+* A WhoIAM trial account 
+  * Go to whoaim.ai [Contact us](https://www.whoiam.ai/contact-us/) to get started
 
 ## Scenario description
 
-WhoIAM Rampart is built entirely in Azure and runs in your Azure environment. The following components comprise the Rampart solution with Azure AD B2C:
+WhoIAM Rampart is built in Azure and runs in the Azure environment. The following components comprise the Rampart solution with Azure AD B2C:
 
-- **An Azure AD tenant**: Your Azure AD B2C tenant stores your users and manages who has access (and at what scope) to Rampart itself.
+* **An Azure AD tenant** - the Azure AD B2C tenant stores users and manages access (and scope) in Rampart
+* **Custom B2C policies** - to integrate with Rampart 
+* **A resource group** - hosts Rampart functionality
 
-- **Custom B2C policies**: To integrate with Rampart.
+   ![Diagram of the WhoIAM Rampart integration for Azure AD B2C.](./media/partner-whoiam/whoiam-rampart-integration-scenario.png)
 
-- **A resource group**: It hosts Rampart functionality.
+## Install Rampart
 
-:::image type="content" source="media/partner-whoiam/whoiam-rampart-integration-scenario.png" alt-text="Diagram showing the WhoIAM Rampart integration scenario for Azure AD B2C." loc-scope="azure-active-directory-b2c" border="false" lightbox="media/partner-whoiam/whoiam-rampart-integration-scenario.png":::
+Go to whoiam.ai [Contact us](https://www.whoiam.ai/contact-us/) to get started. 
 
-## Step 1 - Onboard with Rampart
+Automated templates deploy Azure resources. Templates configure the DevOps instance with code and configuration.
 
-Contact [WhoIAM](https://www.whoiam.ai/contact-us/) to start the onboarding process. Automated templates will deploy all necessary Azure resources, and they'll configure your DevOps instance with the required code and configuration according to your needs.
+## Configure and integrate Rampart with Azure AD B2C
 
-## Step 2 - Configure and integrate Rampart with Azure AD B2C
+The solution integration with Azure AD B2C requires custom policies. WhoIAM provides the policies and helps integrate them with applications or policies, or both.
 
-The tight integration of this solution with Azure AD B2C requires custom policies. WhoIAM provides these policies and assists with integrating them with your applications or existing policies, or both.
+For details about WhoIAM custom policies, go to docs.gatekeeper.whoiamdemos.com for [Set-up Guide, Authorization Policy Execution](https://docs.gatekeeper.whoiamdemos.com/#/setup-guide?id=authorization-policy-execution). 
 
-Follow the steps mentioned in [Authorization policy execution](https://docs.gatekeeper.whoiamdemos.com/#/setup-guide?id=authorization-policy-execution) for details on the custom policies provided by WhoIAM. 
+## Test the solution
 
-## Step 3 - Test the solution
+The following image is an example a list of app registrations in your Azure AD B2C tenant. WhoIAM validates the implementation by testing features and health check status endpoints.
 
-The image shows an example of how WhoIAM Rampart displays a list of app registrations in your Azure AD B2C tenant. WhoIAM validates the implementation by testing all features and health check status endpoints.
+   ![Screenshot of the user-created application list in the Azure AD B2C tenant.](./media/partner-whoiam/whoiam-rampart-app-registration.png)
 
-:::image type="content" source="media/partner-whoiam/whoiam-rampart-app-registration.png" alt-text="Screenshot showing the WhoIAM Rampart list of user-created applications in the Azure AD B2C tenant." loc-scope="azure-active-directory-b2c":::
+A list of user-created applications in your Azure AD B2C tenant appears. Likewise, the user sees a list of users in your Azure AD B2C directory and user management functions such as invitations, approvals, and RBAC management.
 
-The applications screen should display a list of all user-created applications in your Azure AD B2C tenant.
+   ![Screenshot of the WhoIAM Rampart user list in the Azure AD B2C tenant.](./media/partner-whoiam/whoiam-rampart-user-list.png)
 
-Likewise, the user's screen should display a list of all users in your Azure AD B2C directory and user management functions such as invitations, approvals, and RBAC management.
-
-:::image type="content" source="media/partner-whoiam/whoiam-rampart-user-list.png" alt-text="Screenshot showing the WhoIAM Rampart user list in the Azure AD B2C tenant." loc-scope="azure-active-directory-b2c":::
 
 ## Next steps
 
-For more information, review the following articles:
-
-- [WhoIAM Rampart documentation](https://docs.gatekeeper.whoiamdemos.com/#/setup-guide?id=authorization-policy-execution)
-
-- [Custom policies in Azure AD B2C overview](custom-policy-overview.md)
-
-
-- [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
+- [Set-up Guide, Authorization Policy Execution](https://docs.gatekeeper.whoiamdemos.com/#/setup-guide?id=authorization-policy-execution)
+- [Azure AD B2C custom policy overview](custom-policy-overview.md)
+- [Tutorial: Create user flows and custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy)
 

articles/active-directory/app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 01/23/2023
+ms.date: 05/02/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 zone_pivot_groups: app-provisioning-cross-tenant-synchronization
@@ -22,7 +22,7 @@ zone_pivot_groups: app-provisioning-cross-tenant-synchronization
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 ::: zone-end
 
-This article describes how to use scoping filters in the Azure Active Directory (Azure AD) provisioning service to define attribute-based rules that determine which users or groups are provisioned.
+Learn how to use scoping filters in the Azure Active Directory (Azure AD) provisioning service to define attribute based rules. The rules are used to determine which users or groups are provisioned.
 
 ## Scoping filter use cases
 
@@ -51,9 +51,9 @@ Scoping filters can be used optionally, in addition to scoping by assignment. A
 
 A scoping filter consists of one or more *clauses*. Clauses determine which users are allowed to pass through the scoping filter by evaluating each user's attributes. For example, you might have one clause that requires that a user's "State" attribute equals "New York", so only New York users are provisioned into the application. 
 
-A single clause defines a single condition for a single attribute value. If multiple clauses are created in a single scoping filter, they're evaluated together by using "AND" logic. This means all clauses must evaluate to "true" in order for a user to be provisioned.
+A single clause defines a single condition for a single attribute value. If multiple clauses are created in a single scoping filter, they're evaluated together using "AND" logic. The "AND" logic means all clauses must evaluate to "true" in order for a user to be provisioned.
 
-Finally, multiple scoping filters can be created for a single application. If multiple scoping filters are present, they're evaluated together by using "OR" logic. This means that if all the clauses in any of the configured scoping filters evaluate to "true", the user is provisioned.
+Finally, multiple scoping filters can be created for a single application. If multiple scoping filters are present, they're evaluated together by using "OR" logic. The "OR" logic means that if all the clauses in any of the configured scoping filters evaluate to "true", the user is provisioned.
 
 Each user or group processed by the Azure AD provisioning service is always evaluated individually against each scoping filter.
 
@@ -117,7 +117,7 @@ Scoping filters are configured as part of the attribute mappings for each Azure
 
    g. **REGEX MATCH**. Clause returns "true" if the evaluated attribute matches a regular expression pattern. For example: `([1-9][0-9])` matches any number between 10 and 99 (case sensitive).
 
-   h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern. It will return "false" if the attribute is null / empty.
+   h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern. It returns "false" if the attribute is null / empty.
 
    i. **Greater_Than.** Clause returns "true" if the evaluated attribute is greater than the value. The value specified on the scoping filter must be an integer and the attribute on the user must be an integer [0,1,2,...]. 
 
@@ -148,10 +148,10 @@ Scoping filters are configured as part of the attribute mappings for each Azure
 ## Common scoping filters
 | Target Attribute| Operator | Value | Description|
 |----|----|----|----|
-|userPrincipalName|REGEX MATCH|`.\*@domain.com`|All users with userPrincipal that has the domain @domain.com will be in scope for provisioning|
-|userPrincipalName|NOT REGEX MATCH|`.\*@domain.com`|All users with userPrincipal that has the domain @domain.com will be out of scope for provisioning|
+|userPrincipalName|REGEX MATCH|`.\*@domain.com`|All users with `userPrincipal` that have the domain `@domain.com` are in scope for provisioning. |
+|userPrincipalName|NOT REGEX MATCH|`.\*@domain.com`|All users with `userPrincipal` that has the domain `@domain.com` are out of scope for provisioning. |
 |department|EQUALS|`sales`|All users from the sales department are in scope for provisioning|
-|workerID|REGEX MATCH|`(1[0-9][0-9][0-9][0-9][0-9][0-9])`| All employees with workerIDs between 1000000 and 2000000 are in scope for provisioning.|
+|workerID|REGEX MATCH|`(1[0-9][0-9][0-9][0-9][0-9][0-9])`| All employees with `workerID` between 1000000 and 2000000 are in scope for provisioning.|
 
 ## Related articles
 * [Automate user provisioning and deprovisioning to SaaS applications](../app-provisioning/user-provisioning.md)

articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md

@@ -5,7 +5,7 @@ services: active-directory
 author: gargi-sinha
 ms.author: gasinh
 manager: martinco
-ms.date: 03/28/2023
+ms.date: 05/02/2023
 ms.topic: how-to
 ms.service: active-directory
 ms.subservice: enterprise-users
@@ -27,8 +27,10 @@ To learn more, see, [What is self-service sign-up for Azure AD?](./directory-sel
 
 Use the following guidance to remove unmanaged Azure AD accounts from Azure AD tenants. Tool features help identify viral users in the Azure AD tenant. You can reset the user redemption status.
 
-* Use the sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests)
-* Use PowerShell cmdlets in [AzureAD/MSIdentityTools](https://github.com/AzureAD/MSIdentityTools/wiki/)  
+* Use the sample application in [Azure-samples/Remove-unmanaged-guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests).
+* Use PowerShell cmdlets in [AzureAD/MSIdentityTools](https://github.com/AzureAD/MSIdentityTools/wiki/).  
+
+### Redeem invitations
 
 After you run a tool, users with unmanaged Azure AD accounts access the tenant, and re-redeem their invitations. However, Azure AD prevents users from redeeming with an unmanaged Azure AD account. They can redeem with another account type. Google Federation and SAML/WS-Federation aren't enabled by default. Therefore, users redeem with a Microsoft account (MSA) or email one-time password (OTP). MSA is recommended. 
 
@@ -75,6 +77,6 @@ To delete unmanaged Azure AD accounts, run:
 * `Connect-MgGraph -Scopes User.ReadWriteAll`
 * `Get-MsIdUnmanagedExternalUser | Remove-MgUser`
 
-## Resources
+## Resource
 
-See, [Get-MSIdUnmanagedExternalUser](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MsIdUnmanagedExternalUser). The tool returns a list of external unmanaged users, or viral users, in the tenant.
+The following tool returns a list of external unmanaged users, or viral users, in the tenant. </br> See, [Get-MSIdUnmanagedExternalUser](https://github.com/AzureAD/MSIdentityTools/wiki/Get-MsIdUnmanagedExternalUser).