Merge pull request #108129 from yoelhor/patch-1

v-shils · web-flow · commit 1dd22b308118 · 2020-03-20T08:10:04.000-07:00
Update technical-profiles-overview.md
diff --git a/articles/active-directory-b2c/TOC.yml b/articles/active-directory-b2c/TOC.yml
@@ -311,13 +311,15 @@
           items:
           - name: About technical profiles
             href: technical-profiles-overview.md
+          - name: About validation technical profiles
+            href: validation-technical-profile.md
+          - name: Application Insights
+            href: application-insights-technical-profile.md
+          - name: Azure Active Directory
+            href: active-directory-technical-profile.md
           - name: Azure Multi-Factor Authentication
             href: multi-factor-auth-technical-profile.md
             displayName: mfa
-          - name: Claim resolvers
-            href: claim-resolver-overview.md
-          - name: Azure Active Directory
-            href: active-directory-technical-profile.md
           - name: Claims transformation
             href: claims-transformation-technical-profile.md
           - name: JWT token issuer
@@ -331,6 +333,8 @@
             displayName: otp
           - name: OpenID Connect
             href: openid-connect-technical-profile.md
+          - name: Phone factor
+            href: phone-factor-technical-profile.md 
           - name: REST
             href: restful-technical-profile.md
           - name: SAML
@@ -342,12 +346,12 @@
           - name: SSO session
             href: custom-policy-reference-sso.md
             displayName: single sign-on
-          - name: Validation
-            href: validation-technical-profile.md
       - name: UserJourneys
         href: userjourneys.md
       - name: RelyingParty
         href: relyingparty.md
+      - name: Claim resolvers
+        href: claim-resolver-overview.md
   - name: Use b2clogin.com
     items:
     - name: b2clogin.com overview
@@ -391,28 +395,28 @@
       href: user-migration.md
 - name: Reference
   items:
-  - name: Identity Experience Framework release notes
-    href: custom-policy-developer-notes.md
+  - name: Billing model
+    href: billing.md
   - name: Code samples
     href: https://azure.microsoft.com/resources/samples/?service=active-directory-b2c
-  - name: Page layout versions
-    href: page-layout.md
   - name: Cookie definitions
     href: cookie-definitions.md
     displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
+  - name: Extensions app
+    href: extensions-app.md
+  - name: Identity Experience Framework release notes
+    href: custom-policy-developer-notes.md
   - name: Microsoft Graph API operations
     href: microsoft-graph-operations.md
+  - name: Page layout versions
+    href: page-layout.md
   - name: Region availability & data residency
     href: data-residency.md
-  - name: Billing model
-    href: billing.md
   - name: Threat management
     href: threat-management.md
     displayName: security
-  - name: Extensions app
-    href: extensions-app.md
   - name: User flow versions
     href: user-flow-versions.md
 - name: Resources
diff --git a/articles/active-directory-b2c/application-insights-technical-profile.md b/articles/active-directory-b2c/application-insights-technical-profile.md
@@ -0,0 +1,84 @@
+---
+title: Define an Application Insights technical profile in a custom policy
+titleSuffix: Azure AD B2C
+description: Define an Application Insights technical profile in a custom policy in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: reference
+ms.date: 03/20/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+
+# Define an Application Insights technical profile in an Azure AD B2C custom policy
+
+[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
+
+Azure Active Directory B2C (Azure AD B2C) supports sending event data directly to [Application Insights](../azure-monitor/app/app-insights-overview.md) by using the instrumentation key provided to Azure AD B2C.  With an Application Insights technical profile, you can get detailed and customized event logs for your user journeys to:
+
+* Gain insights on user behavior.
+* Troubleshoot your own policies in development or in production.
+* Measure performance.
+* Create notifications from Application Insights.
+
+
+## Protocol
+
+The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C for Application Insights:
+`Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null`
+
+The following example shows the common Application Insights technical profile. Other Application Insights technical profiles include the AzureInsights-Common to leverage its configuration.  
+
+```xml
+<TechnicalProfile Id="AzureInsights-Common">
+  <DisplayName>Azure Insights Common</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.Insights.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+</TechnicalProfile>
+```
+
+## Input claims
+
+The **InputClaims** element contains a list of claims to send to Application Insights. You can also map the name of your claim to a name you prefer to appear in Application Insights. The following example shows how to send telemetries to Application Insights. Properties of an event are added through the syntax `{property:NAME}`, where NAME is property being added to the event. DefaultValue can be either a static value or a value that's resolved by one of the supported [claim resolvers](claim-resolver-overview.md).
+
+```XML
+<InputClaims>
+  <InputClaim ClaimTypeReferenceId="PolicyId" PartnerClaimType="{property:Policy}" DefaultValue="{Policy:PolicyId}" />
+  <InputClaim ClaimTypeReferenceId="CorrelationId" PartnerClaimType="{property:JourneyId}" DefaultValue="{Context:CorrelationId}" />
+  <InputClaim ClaimTypeReferenceId="Culture" PartnerClaimType="{property:Culture}" DefaultValue="{Culture:RFC5646}" />
+  <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="{property:objectId}"  />
+</InputClaims>
+```
+
+The **InputClaimsTransformations** element may contain a collection of **InputClaimsTransformation** elements that are used to modify the input claims or generate new ones before sending to Application Insights.
+
+## Persist claims
+
+The PersistedClaims element is not used.
+
+## Output claims
+
+The OutputClaims, and OutputClaimsTransformations elements are not used.
+
+## Cryptographic keys
+
+The CryptographicKeys element is not used.
+
+
+## Metadata
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| InstrumentationKey| Yes | The Application Insights [instrumentation key](../azure-monitor/app/create-new-resource.md#copy-the-instrumentation-key), which will be used for logging the events. | 
+| DeveloperMode| No | A Boolean that indicates whether developer mode is enabled. Possible values: `true` or `false` (default). This metadata controls how events are buffered. In a development environment with minimal event volume, enabling developer mode results in events being sent immediately to Application Insights.|  
+|DisableTelemetry |No |A Boolean that indicates whether telemetry should be enabled or not. Possible values: `true` or `false` (default).| 
+
+
+## Next steps
+
+- [Create an Application Insights resource](../azure-monitor/app/create-new-resource.md)
+- Learn how to [track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md)
diff --git a/articles/active-directory-b2c/multi-factor-auth-technical-profile.md b/articles/active-directory-b2c/multi-factor-auth-technical-profile.md
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/17/2019
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -18,9 +18,13 @@ ms.subservice: B2C
 
 [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
 
-Azure Active Directory B2C (Azure AD B2C) provides support for verifying a phone number by using Azure Multi-Factor Authentication (MFA). Use this technical profile to generate and send a code to a phone number, and then verify the code.
+Azure Active Directory B2C (Azure AD B2C) provides support for verifying a phone number by using Azure Multi-Factor Authentication (MFA). Use this technical profile to generate and send a code to a phone number, and then verify the code. The Azure MFA technical profile may also return an error message.  The validation technical profile validates the user-provided data before the user journey continues. With the validation technical profile, an error message displays on a self-asserted page.
 
-The Azure MFA technical profile may also return an error message. You can design the integration with Azure MFA by using a **Validation technical profile**. A validation technical profile calls the Azure MFA service. The validation technical profile validates the user-provided data before the user journey continues. With the validation technical profile, an error message is display on a self-asserted page.
+This technical profile:
+
+- Doesn't provide an interface to interact with the user. Instead, the user interface is called from a [self-asserted](self-asserted-technical-profile.md) technical profile, or a [display control](display-controls.md) as a [validation technical profile](validation-technical-profile.md).
+- Uses the Azure MFA service to generate and send a code to a phone number, and then verifies the code.  
+- Validates a phone number via text messages.
 
 [!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
 
diff --git a/articles/active-directory-b2c/phone-factor-technical-profile.md b/articles/active-directory-b2c/phone-factor-technical-profile.md
@@ -0,0 +1,99 @@
+---
+title: Define a phone factor technical profile in a custom policy
+titleSuffix: Azure AD B2C
+description: Define a phone factor technical profile in a custom policy in Azure Active Directory B2C.
+services: active-directory-b2c
+author: msmimart
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: reference
+ms.date: 03/20/2020
+ms.author: mimart
+ms.subservice: B2C
+---
+
+# Define a phone factor technical profile in an Azure Active Directory B2C custom policy
+
+[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
+
+Azure Active Directory B2C (Azure AD B2C) provides support for enrolling and verifying phone numbers. This technical profile:
+
+- Provides a user interface to interact with the user.
+- Uses content definition to control the look and feel.
+- Supports both phone calls and text messages to validate the phone number.
+- Supports multiple phone numbers. The user can select one of the phone numbers to verify.  
+- If a phone number is provided, the phone factor user interface asks the user to verify the phone number. If not provided, it asks the user to enroll a new phone number.
+- Returns a claim indicating whether the user provided a new phone number. You can use this claim to decide whether the phone number should  be persisted to the Azure AD user profile.  
+
+## Protocol
+
+The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C for phone factor:
+`Web.TPEngine.Providers.PhoneFactorProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null`
+
+The following example shows a phone factor technical profile for enrollment and validation:
+
+```XML
+<TechnicalProfile Id="PhoneFactor-InputOrVerify">
+  <DisplayName>PhoneFactor</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.PhoneFactorProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+</TechnicalProfile>
+```
+
+## Input claims
+
+The InputClaims element must contain following claims. You can also map the name of your claim to the name defined in the phone factor technical profile. 
+
+```XML
+<InputClaims>
+  <!--A unique identifier of the user. The partner claim type must be set to `UserId`. -->
+  <InputClaim ClaimTypeReferenceId="userIdForMFA" PartnerClaimType="UserId" />
+  <!--A claim that contains the phone number. If the claim is empty, Azure AD B2C asks the user to enroll a new phone number. Otherwise, it asks the user to verify the phone number. -->
+  <InputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />
+</InputClaims>
+```
+
+The following example demonstrates using multiple phone numbers. For more information, see [sample policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-add-secondarymfa).
+
+```XML
+<InputClaims>
+  <InputClaim ClaimTypeReferenceId="userIdForMFA" PartnerClaimType="UserId" />
+  <InputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />
+  <InputClaim ClaimTypeReferenceId="secondaryStrongAuthenticationPhoneNumber" />
+</InputClaims>
+```
+
+The InputClaimsTransformations element may contain a collection of InputClaimsTransformation elements that are used to modify the input claims or generate new ones before presenting them to the phone factor page.
+
+## Output claims
+
+The OutputClaims element contains a list of claims returned by the phone factor technical profile.
+
+```xml
+<OutputClaims>
+  <!-- The verified phone number. The partner claim type must be set to `Verified.OfficePhone`. -->
+  <OutputClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" PartnerClaimType="Verified.OfficePhone" />
+  <!-- Indicates whether the new phone number has been entered by the user. The partner claim type must be set to `newPhoneNumberEntered`. -->
+  <OutputClaim ClaimTypeReferenceId="newPhoneNumberEntered" PartnerClaimType="newPhoneNumberEntered" />
+</OutputClaims>
+```
+
+The OutputClaimsTransformations element may contain a collection of OutputClaimsTransformation elements that are used to modify the output claims or generate new ones.
+
+## Cryptographic keys
+
+The **CryptographicKeys** element is not used.
+
+
+## Metadata
+
+| Attribute | Required | Description |
+| --------- | -------- | ----------- |
+| ContentDefinitionReferenceId | Yes | The identifier of the [content definition](contentdefinitions.md) associated with this technical profile. |
+| ManualPhoneNumberEntryAllowed| No | Specify whether or not a user is allowed to manually enter a phone number. Possible values: `true` or `false` (default).|
+
+## Next steps
+
+- Check the [social and local accounts with MFA](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa) starter pack.
+
diff --git a/articles/active-directory-b2c/technical-profiles-overview.md b/articles/active-directory-b2c/technical-profiles-overview.md
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/11/2020
+ms.date: 03/20/2020
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -24,19 +24,21 @@ A technical profile provides a framework with a built-in mechanism to communicat
 
 A technical profile enables these types of scenarios:
 
+- [Application Insights](application-insights-technical-profile.md) - Sending event data to [Application Insights](../azure-monitor/app/app-insights-overview.md).
 - [Azure Active Directory](active-directory-technical-profile.md) - Provides support for the Azure Active Directory B2C user management.
+- [Azure Multi-Factor Authentication](multi-factor-auth-technical-profile.md) -  provides support for verifying a phone number by using Azure Multi-Factor Authentication (MFA). 
+- [Claims transformation](claims-transformation-technical-profile.md) - Call output claims transformations to manipulate claims values, validate claims, or set default values for a set of output claims.
 - [JWT token issuer](jwt-issuer-technical-profile.md) -  Emits a JWT token that is returned back to the relying party application.
-- **Phone factor provider** - Multi-factor authentication.
 - [OAuth1](oauth1-technical-profile.md) - Federation with any OAuth 1.0 protocol identity provider.
 - [OAuth2](oauth2-technical-profile.md) - Federation with any OAuth 2.0 protocol identity provider.
+- [One time password](one-time-password-technical-profile.md) - Provides support for managing the generation and verification of a one-time password.
 - [OpenID Connect](openid-connect-technical-profile.md) - Federation with any OpenID Connect protocol identity provider.
-- [Claims transformation](claims-transformation-technical-profile.md) - Call output claims transformations to manipulate claims values, validate claims, or set default values for a set of output claims.
+- [Phone factor](phone-factor-technical-profile.md) - Support for enrolling and verifying phone numbers.
 - [RESTful provider](restful-technical-profile.md) - Call to REST API services, such as validate user input, enrich user data, or integrate with line-of-business applications.
 - [SAML2](saml-technical-profile.md) - Federation with any SAML protocol identity provider.
+- [SAML token issuer](saml-issuer-technical-profile.md) - Emits a SAML token that is returned back to the relying party application.
 - [Self-Asserted](self-asserted-technical-profile.md) - Interact with the user. For example, collect the user's credential to sign in, render the sign-up page, or password reset.
 - [Session management](custom-policy-reference-sso.md) - Handle different types of sessions.
-- [Application Insights](../azure-monitor/app/usage-overview.md)
-- [One time password](one-time-password-technical-profile.md) - Provides support for managing the generation and verification of a one-time password.
 
 ## Technical profile flow
 
