You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/azuread-dev/active-directory-acs-migration.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,13 +64,13 @@ Follow the steps in this section to find out which of your apps will be impacted
64
64
### Download and install ACS PowerShell
65
65
66
66
1. Go to the PowerShell Gallery and download [Acs.Namespaces](https://www.powershellgallery.com/packages/Acs.Namespaces/1.0.2).
67
-
1. Install the module by running
67
+
2. Install the module by running
68
68
69
69
```powershell
70
70
Install-Module -Name Acs.Namespaces
71
71
```
72
72
73
-
1. Get a list of all possible commands by running
73
+
3. Get a list of all possible commands by running
74
74
75
75
```powershell
76
76
Get-Command -Module Acs.Namespaces
@@ -90,17 +90,17 @@ Follow the steps in this section to find out which of your apps will be impacted
90
90
91
91
You may need to run `Set-ExecutionPolicy -ExecutionPolicy Bypass` before you can execute commands and be the admin of those subscriptions in order to execute the commands.
92
92
93
-
1. List your available Azure subscriptions using the **Get-AcsSubscription** cmdlet.
94
-
1. List your ACS namespaces using the **Get-AcsNamespace** cmdlet.
93
+
2. List your available Azure subscriptions using the **Get-AcsSubscription** cmdlet.
94
+
3. List your ACS namespaces using the **Get-AcsNamespace** cmdlet.
95
95
96
96
### Check which applications will be impacted
97
97
98
98
1. Use the namespace from the previous step and go to `https://<namespace>.accesscontrol.windows.net`
99
99
100
100
For example, if one of the namespaces is contoso-test, go to `https://contoso-test.accesscontrol.windows.net`
101
101
102
-
1. Under **Trust relationships**, select **Relying party applications** to see the list of apps that will be impacted by ACS retirement.
103
-
1. Repeat steps 1-2 for any other ACS namespace(s) that you have.
102
+
2. Under **Trust relationships**, select **Relying party applications** to see the list of apps that will be impacted by ACS retirement.
103
+
3. Repeat steps 1-2 for any other ACS namespace(s) that you have.
104
104
105
105
## Retirement schedule
106
106
@@ -206,7 +206,7 @@ At a high level, *Azure Active Directory is probably the best choice for your mi
| Customize claims in tokens |- Pass through input claims from identity providers<br />- Get access token from identity provider as a claim<br />- Issue output claims based on values of input claims<br />- Issue output claims with constant values |- Cannot pass through claims from federated identity providers<br />- Cannot get access token from identity provider as a claim<br />- Cannot issue output claims based on values of input claims<br />- Can issue output claims with constant values<br />- Can issue output claims based on properties of users synced to Azure AD |
208
208
| **Automation** | | |
209
-
| Automate configuration and management tasks | Supported via Access Control Management Service | Supported via Microsoft Graph and Azure AD Graph API |
209
+
| Automate configuration and management tasks | Supported via Access Control Management Service | Supported using the Microsoft Graph API |
210
210
211
211
If you decide that Azure AD is the best migration path for your applications and services, you should be aware of two ways to integrate your app with Azure AD.
212
212
@@ -257,7 +257,7 @@ The following table compares the features of Access Control that are relevant to
257
257
| Upload custom token-signing certificates | Supported | Custom signing keys, not certificates, supported via custom policies |
258
258
| Customize claims in tokens |- Pass through input claims from identity providers<br />- Get access token from identity provider as a claim<br />- Issue output claims based on values of input claims<br />- Issue output claims with constant values |- Can pass through claims from identity providers; custom policies required for some claims<br />- Cannot get access token from identity provider as a claim<br />- Can issue output claims based on values of input claims via custom policies<br />- Can issue output claims with constant values via custom policies |
259
259
| **Automation** | | |
260
-
| Automate configuration and management tasks | Supported via Access Control Management Service |- Creation of users allowed via Azure AD Graph API<br />- Cannot create B2C tenants, applications, or policies programmatically |
260
+
| Automate configuration and management tasks | Supported via Access Control Management Service |- Creation of users allowed using the Microsoft Graph API<br />- Cannot create B2C tenants, applications, or policies programmatically |
261
261
262
262
If you decide that Azure AD B2C is the best migration path for your applications and services, begin with the following resources:
263
263
@@ -321,7 +321,7 @@ You can also use Azure AD for server-to-server authentication by using the Azure
321
321
| Client authentication methods |- Simple password<br />- Signed SWT<br />- SAML token from a federated identity provider |- Simple password<br />- Signed JWT |
| Automate configuration and management tasks | Supported via Access Control Management Service | Supported via Microsoft Graph and Azure AD Graph API |
324
+
| Automate configuration and management tasks | Supported via Access Control Management Service | Supported using the Microsoft Graph API |
325
325
326
326
For guidance about implementing server-to-server scenarios, see the following resources:
Copy file name to clipboardExpand all lines: articles/active-directory/azuread-dev/azure-ad-endpoint-comparison.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,7 @@ When developing a new application, it's important to know the differences betwee
30
30
* The Microsoft identity platform endpoint allows work and school accounts from Azure AD and personal Microsoft accounts (MSA), such as hotmail.com, outlook.com, and msn.com, to sign in.
31
31
* Both endpoints also accept sign-ins of *[guest users](https://docs.microsoft.com/azure/active-directory/b2b/what-is-b2b)* of an Azure AD directory for applications configured as *[single-tenant](../develop/single-and-multi-tenant-apps.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)* or for *multi-tenant* applications configured to point to the tenant-specific endpoint (`https://login.microsoftonline.com/{TenantId_or_Name}`).
32
32
33
-
The Microsoft identity platform endpoint allows you to write apps that accept sign-ins from personal Microsoft accounts, and work and school accounts. This gives you the ability to write your app completely account-agnostic. For example, if your app calls the [Microsoft Graph](https://graph.microsoft.io), some additional functionality and data will be available to work accounts, such as their SharePoint sites or directory data. But for many actions, such as [Reading a user's mail](https://developer.microsoft.com/graph/docs/api-reference/v1.0/api/user_list_messages), the same code can access the email for both personal and work and school accounts.
33
+
The Microsoft identity platform endpoint allows you to write apps that accept sign-ins from personal Microsoft accounts, and work and school accounts. This gives you the ability to write your app completely account-agnostic. For example, if your app calls the [Microsoft Graph](https://graph.microsoft.io), some additional functionality and data will be available to work accounts, such as their SharePoint sites or directory data. But for many actions, such as [Reading a user's mail](https://docs.microsoft.com/graph/api/user-list-messages?view=graph-rest-1.0), the same code can access the email for both personal and work and school accounts.
34
34
35
35
For Microsoft identity platform endpoint, you can use the Microsoft Authentication Library (MSAL) to gain access to the consumer, educational, and enterprise worlds. The Azure AD v1.0 endpoint accepts sign-ins from work and school accounts only.
36
36
@@ -66,7 +66,7 @@ For the v1.0 endpoint, an OAuth 2.0 authorize request to Azure AD might have loo
66
66
```text
67
67
GET https://login.microsoftonline.com/common/oauth2/authorize?
68
68
client_id=2d4d11a2-f814-46a7-890a-274a72a7309e
69
-
&resource=https://graph.windows.net/
69
+
&resource=https://graph.microsoft.com/
70
70
...
71
71
```
72
72
@@ -77,7 +77,7 @@ For applications using the Microsoft identity platform endpoint, the same OAuth
77
77
```text
78
78
GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
Copy file name to clipboardExpand all lines: articles/active-directory/azuread-dev/sample-v1-code.md
+4-8Lines changed: 4 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,7 +50,7 @@ This sample shows how to write a single-page application secured with Azure AD.
50
50
51
51
The following samples illustrate Web applications signing users. Some of these applications also call the Microsoft Graph or your own Web API, in the name of the signed-in user.
52
52
53
-
Platform | Only signs in users | Calls Microsoft Graph or AAD Graph| Calls another ASP.NET or ASP.NET Core 2.0 Web API
53
+
Platform | Only signs in users | Calls Microsoft Graph | Calls another ASP.NET or ASP.NET Core 2.0 Web API
0 commit comments