Merge branch 'main' into release-msid-gtd-tutorial-web-app

Author: v-alje

.openpublishing.publish.config.json

@@ -961,6 +961,12 @@
       "url": "https://github.com/Azure-Samples/azure-cache-redis-samples",
       "branch": "main",
       "branch_mapping": {}
+    },
+    {
+      "path_to_root": "microsoft-graph",
+      "url": "https://github.com/MicrosoftGraph/microsoft-graph-docs",
+      "branch": "main",
+      "branch_mapping": {}
     }
   ],
   "branch_target_mapping": {

articles/active-directory/develop/registration-config-change-token-lifetime-how-to.md

@@ -26,7 +26,7 @@ This article shows how to use Azure AD PowerShell to set an access token lifetim
 To set an access token lifetime policy, download the [Azure AD PowerShell Module](https://www.powershellgallery.com/packages/AzureADPreview).
 Run the **Connect-AzureAD -Confirm** command.
 
-Here’s an example policy that requires users to authenticate more frequently in your web app. This policy sets the lifetime of the access to the service principal of your web app. Create the policy and assign it to your service principal. You also need to get the ObjectId of your service principal.
+Here’s an example policy that requires users to authenticate less frequently in your web app. This policy sets the lifetime of the access to the service principal of your web app. Create the policy and assign it to your service principal. You also need to get the ObjectId of your service principal.
 
 ```powershell
 $policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"

articles/active-directory/governance/customize-workflow-email.md

@@ -94,6 +94,9 @@ Emails sent out using Lifecycle workflows can be customized to have your own com
 - A verified domain. To add a custom domain, see: [Managing custom domain names in your Azure Active Directory](../enterprise-users/domains-manage.md)
 - Custom Branding set within Azure AD if you want to have your custom branding used in emails. To set organizational branding within your Azure tenant, see: [Configure your company branding (preview)](../fundamentals/how-to-customize-branding.md).
 
+> [!NOTE]
+> The recommendation is to use a domain that has the appropriate DNS records to facilitate email validation, like SPF, DKIM, DMARC, and MX as this then complies with the [RFC compliance](https://www.ietf.org/rfc/rfc2142.txt) for sending and receiving email. Please see [Learn more about Exchange Online Email Routing](/exchange/mail-flow-best-practices/mail-flow-best-practices) for more information.
+
 After these prerequisites are satisfied, you'd follow these steps:
 
 1. On the Lifecycle workflows page, select **Workflow settings (Preview)**.

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -243,7 +243,7 @@ $assignments | ForEach-Object {
 1. Get the enterprise application. Filter by DisplayName.
 
     ```http
-    GET servicePrincipal?$filter=DisplayName eq '{appDisplayName}'
+    GET https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq '{appDisplayName}'
     ```
     Record the following values from the response body:
 
@@ -253,11 +253,11 @@ $assignments | ForEach-Object {
 1. Get the user by filtering by the user's principal name. Record the object ID of the user.
 
     ```http
-    GET /users/{userPrincipalName}
+    GET https://graph.microsoft.com/v1.0/users/{userPrincipalName}
     ```
 1. Assign the user to the application.
     ```http
-    POST /servicePrincipals/resource-servicePrincipal-id/appRoleAssignedTo
+    POST https://graph.microsoft.com/v1.0/servicePrincipals/{resource-servicePrincipal-id}/appRoleAssignedTo
 
     {
     "principalId": "33ad69f9-da99-4bed-acd0-3f24235cb296",
@@ -270,20 +270,20 @@ $assignments | ForEach-Object {
 ## Unassign users, and groups, from an application
 To unassign user and groups from the application, run the following query.
 
-1. Get the enterprise application. Filter by DisplayName.
+1. Get the enterprise application. Filter by displayName.
 
     ```http
-    GET servicePrincipal?$filter=DisplayName eq '{appDisplayName}'
+    GET https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq '{appDisplayName}'
     ```
 1. Get the list of appRoleAssignments for the application.
 
-   ```http
-      GET /servicePrincipals/{id}/appRoleAssignedTo
-   ```
+    ```http
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo
+    ```
 1. Remove the appRoleAssignments by specifying the appRoleAssignment ID.
 
     ```http
-    DELETE /servicePrincipals/{resource-servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
+    DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{resource-servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
     ```
 :::zone-end
 

articles/active-directory/manage-apps/delete-application-portal.md

@@ -102,22 +102,61 @@ To delete an enterprise application, you need:
 Delete an enterprise application using [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
 1. To get the list of service principals in your tenant, run the following query.
 
-   
+   # [HTTP](#tab/http)
    ```http
    GET https://graph.microsoft.com/v1.0/servicePrincipals
    ```
 
+   # [C#](#tab/csharp)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/csharp/list-serviceprincipal-csharp-snippets.md)]
+
+   # [JavaScript](#tab/javascript)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/javascript/list-serviceprincipal-javascript-snippets.md)]
+
+   # [Java](#tab/java)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/java/list-serviceprincipal-java-snippets.md)]
+
+   # [Go](#tab/go)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/go/list-serviceprincipal-go-snippets.md)]
+
+   # [PowerShell](#tab/powershell)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/powershell/list-serviceprincipal-powershell-snippets.md)]
+
+   # [PHP](#tab/php)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/php/list-serviceprincipal-php-snippets.md)]
+
+   ---
+
 1. Record the ID of the enterprise app you want to delete.
 1. Delete the enterprise application.
-
+   
+   # [HTTP](#tab/http)
    ```http
    DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipal-id}
    ```
 
+   # [C#](#tab/csharp)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/csharp/delete-serviceprincipal-csharp-snippets.md)]
+
+   # [JavaScript](#tab/javascript)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/javascript/delete-serviceprincipal-javascript-snippets.md)]
+
+   # [Java](#tab/java)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/java/delete-serviceprincipal-java-snippets.md)]
+
+   # [Go](#tab/go)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/go/delete-serviceprincipal-go-snippets.md)]
+
+   # [PowerShell](#tab/powershell)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/powershell/delete-serviceprincipal-powershell-snippets.md)]
+
+   # [PHP](#tab/php)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/php/delete-serviceprincipal-php-snippets.md)]
+
+   ---
 
 :::zone-end
 
 ## Next steps
 
 - [Restore a deleted enterprise application](restore-application.md)
-

articles/active-directory/manage-apps/manage-application-permissions.md

@@ -168,27 +168,27 @@ You need to consent to the following permissions:
 
 Run the following queries to review delegated permissions granted to an application.
 
-1. Get Service Principal using objectID
+1. Get service principal using the object ID.
 
     ```http
-    GET /servicePrincipals/{id}
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}
     ```
  
    Example:
 
     ```http
-    GET /servicePrincipals/57443554-98f5-4435-9002-852986eea510
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/00063ffc-54e9-405d-b8f3-56124728e051
     ```
 
 1. Get all delegated permissions for the service principal
 
     ```http
-    GET /servicePrincipals/{id}/oauth2PermissionGrants
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}/oauth2PermissionGrants
     ```
 1. Remove delegated permissions using oAuth2PermissionGrants ID.
 
     ```http
-    DELETE /oAuth2PermissionGrants/{id}
+    DELETE https://graph.microsoft.com/v1.0/oAuth2PermissionGrants/{id}
     ```
 
 ### Application permissions
@@ -198,12 +198,12 @@ Run the following queries to review application permissions granted to an applic
 1. Get all application permissions for the service principal
 
     ```http
-    GET /servicePrincipals/{servicePrincipal-id}/appRoleAssignments
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipal-id}/appRoleAssignments
     ```
 1. Remove application permissions using appRoleAssignment ID
 
     ```http
-    DELETE /servicePrincipals/{resource-servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
+    DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{resource-servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
     ```
 
 ## Invalidate the refresh tokens
@@ -213,22 +213,22 @@ Run the following queries to remove appRoleAssignments of users or groups to the
 1. Get Service Principal using objectID.
 
     ```http
-    GET /servicePrincipals/{id}
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}
     ```
    Example:
 
     ```http
-    GET /servicePrincipals/57443554-98f5-4435-9002-852986eea510
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/57443554-98f5-4435-9002-852986eea510
     ```
 1. Get Azure AD App role assignments using objectID of the Service Principal.
 
     ```http
-    GET /servicePrincipals/{servicePrincipal-id}/appRoleAssignedTo
+    GET https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipal-id}/appRoleAssignedTo
     ```
 1. Revoke refresh token for users and groups assigned to the application using appRoleAssignment ID.
 
     ```http
-    DELETE /servicePrincipals/{servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
+    DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipal-id}/appRoleAssignedTo/{appRoleAssignment-id}
     ```
 :::zone-end
 

articles/active-directory/manage-apps/restore-application.md

@@ -56,7 +56,7 @@ To recover your enterprise application with its previous configurations, first d
    Get-AzureADMSDeletedDirectoryObject -Id <id>
    ```
 
-Replace id with the object ID of the service principal that you want to restore.
+Replace ID with the object ID of the service principal that you want to restore.
 
 :::zone-end
 
@@ -69,7 +69,7 @@ Replace id with the object ID of the service principal that you want to restore.
    ```powershell
    Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
    ```
-Replace id with the object ID of the service principal that you want to restore.
+Replace ID with the object ID of the service principal that you want to restore.
 
 :::zone-end
 
@@ -101,7 +101,7 @@ Alternatively, if you want to get the specific enterprise application that was d
    Restore-AzureADMSDeletedDirectoryObject -Id <id>
    ```
 
-Replace id with the object ID of the service principal that you want to restore.
+Replace ID with the object ID of the service principal that you want to restore.
 
 :::zone-end
 
@@ -113,19 +113,40 @@ Replace id with the object ID of the service principal that you want to restore.
    Restore-MgDirectoryObject -DirectoryObjectId <id>
    ```
 
-Replace id with the object ID of the service principal that you want to restore.
+Replace ID with the object ID of the service principal that you want to restore.
 
 :::zone-end
 
 :::zone pivot="ms-graph"
 
 1. To restore the enterprise application, run the following query:
 
+   # [HTTP](#tab/http)
    ```http
    POST https://graph.microsoft.com/v1.0/directory/deletedItems/{id}/restore
    ```
 
-Replace id with the object ID of the service principal that you want to restore.
+   # [C#](#tab/csharp)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/csharp/restore-directory-deleteditem-csharp-snippets.md)]
+   
+   # [JavaScript](#tab/javascript)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/javascript/restore-directory-deleteditem-javascript-snippets.md)]
+   
+   # [Java](#tab/java)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/java/restore-directory-deleteditem-java-snippets.md)]
+   
+   # [Go](#tab/go)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/go/restore-directory-deleteditem-go-snippets.md)]
+   
+   # [PowerShell](#tab/powershell)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/powershell/restore-directory-deleteditem-powershell-snippets.md)]
+   
+   # [PHP](#tab/php)
+   [!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/php/restore-directory-deleteditem-php-snippets.md)]
+   
+   ---
+
+Replace ID with the object ID of the service principal that you want to restore.
 
 :::zone-end
 
@@ -157,10 +178,32 @@ Remove-AzureADMSDeletedDirectoryObject -Id <id>
 
 To permanently delete a soft deleted enterprise application, run the following query in Microsoft Graph explorer
 
+# [HTTP](#tab/http)
 ```http
 DELETE https://graph.microsoft.com/v1.0/directory/deletedItems/{object-id}
 ```
 
+# [C#](#tab/csharp)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/csharp/delete-directory-deleteditem-csharp-snippets.md)]
+
+# [JavaScript](#tab/javascript)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/javascript/delete-directory-deleteditem-javascript-snippets.md)]
+
+# [Java](#tab/java)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/java/delete-directory-deleteditem-java-snippets.md)]
+
+# [Go](#tab/go)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/go/delete-directory-deleteditem-go-snippets.md)]
+
+# [PowerShell](#tab/powershell)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/powershell/delete-directory-deleteditem-powershell-snippets.md)]
+
+# [PHP](#tab/php)
+[!INCLUDE [sample-code](~/microsoft-graph/api-reference/v1.0/includes/snippets/php/delete-directory-deleteditem-php-snippets.md)]
+
+---
+
+
 :::zone-end
 
 ## Next steps