Merge branch 'MicrosoftDocs:main' into patch-2

Author: rafalfitt

.openpublishing.publish.config.json

@@ -984,8 +984,6 @@
   ".openpublishing.redirection.baremetal-infrastructure.json",
   ".openpublishing.redirection.defender-for-cloud.json",
   ".openpublishing.redirection.defender-for-iot.json",
-  ".openpublishing.redirection.deployment-environments.json",
-  ".openpublishing.redirection.dev-box.json",
   ".openpublishing.redirection.healthcare-apis.json",
   ".openpublishing.redirection.iot-hub-device-update.json",
   ".openpublishing.redirection.json",
@@ -1042,6 +1040,8 @@
   "articles/stream-analytics/.openpublishing.redirection.stream-analytics.json",
   "articles/synapse-analytics/.openpublishing.redirection.synapse-analytics.json",
   "articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json",
-  "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json"
+  "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json",
+  "articles/dev-box/.openpublishing.redirection.dev-box.json",
+  "articles/deployment-environments/.openpublishing.redirection.deployment-environments.json"
 ]
 }

.openpublishing.redirection.dev-box.json

@@ -42,7 +42,7 @@ Before you create your Azure AD B2C tenant, you need to take the following consi
 
 ## Create an Azure AD B2C tenant
 >[!NOTE]
->If you're unable to create Azure AD B2C tenant, [review your user settings page](tenant-management-check-tenant-creation-permission.md) to ensure that tenant creation isn't switched off. If tenant creation is switched off, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
+>If you're unable to create Azure AD B2C tenant, [review your user settings page](tenant-management-check-tenant-creation-permission.md) to ensure that tenant creation isn't switched off. If tenant creation is switched on, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/). 
 

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -23,6 +23,7 @@ After the application has been registered, you can check or change the account t
 | Accounts in this organizational directory only (Single tenant) | `AzureADMyOrg` |
 | Accounts in any organizational directory (Any Azure AD directory - Multitenant) | `AzureADMultipleOrgs` |
 | Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) | `AzureADandPersonalMicrosoftAccount` |
+| Personal Microsoft accounts only | `PersonalMicrosoftAccount` |
 
 If you change this property you may need to change other properties first. 
 

articles/active-directory/develop/supported-accounts-validation.md

@@ -5,7 +5,7 @@ services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
 
-ms.date: 03/01/2023
+ms.date: 04/03/2023
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -18,6 +18,30 @@ ms.custom: has-adal-ref
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new docs that have been added and those that have had significant updates in the last three months.
 
+## March 2023
+
+### New articles
+
+- [Configure a SAML app to receive tokens with claims from an external store (preview)](custom-extension-configure-saml-app.md)
+- [Configure a custom claim provider token issuance event (preview)](custom-extension-get-started.md)
+- [Custom claims provider (preview)](custom-claims-provider-overview.md)
+- [Custom claims providers](custom-claims-provider-reference.md)
+- [Custom authentication extensions (preview)](custom-extension-overview.md)
+- [Troubleshoot your custom claims provider API (preview)](custom-extension-troubleshoot.md)
+- [Understanding application-only access](app-only-access-primer.md)
+
+### Updated articles
+
+- [ADAL to MSAL migration guide for Python](migrate-python-adal-msal.md)
+- [Handle errors and exceptions in MSAL for Python](msal-error-handling-python.md)
+- [How to migrate a JavaScript app from ADAL.js to MSAL.js](msal-compare-msal-js-and-adal-js.md)
+- [Microsoft identity platform access tokens](access-tokens.md)
+- [Microsoft Enterprise SSO plug-in for Apple devices (preview)](apple-sso-plugin.md)
+- [Restrict your Azure AD app to a set of users in an Azure AD tenant](howto-restrict-your-app-to-a-set-of-users.md)
+- [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md)
+- [Troubleshoot publisher verification](troubleshoot-publisher-verification.md)
+- [Tutorial: Call the Microsoft Graph API from a Universal Windows Platform (UWP) application](tutorial-v2-windows-uwp.md)
+
 ## February 2023
 
 ### New articles
@@ -46,20 +70,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Customize claims issued in the SAML token for enterprise applications](active-directory-saml-claims-customization.md)
 - [Enable cross-app SSO on Android using MSAL](msal-android-single-sign-on.md)
 - [Using redirect URIs with the Microsoft Authentication Library (MSAL) for iOS and macOS](redirect-uris-ios.md)
-
-## December 2022
-
-### New articles
-
-- [Block workload identity federation on managed identities using a policy](workload-identity-federation-block-using-azure-policy.md)
-- [Troubleshooting the configured permissions limits](troubleshoot-required-resource-access-limits.md)
-
-### Updated articles
-
-- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
-- [Quickstart: Get a token and call the Microsoft Graph API by using a console app's identity](quickstart-v2-netcore-daemon.md)
-- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
-- [Tutorial: Create a Blazor Server app that uses the Microsoft identity platform for authentication](tutorial-blazor-server.md)
-- [Tutorial: Sign in users and call a protected API from a Blazor WebAssembly app](tutorial-blazor-webassembly.md)
-- [Web app that signs in users: App registration](scenario-web-app-sign-user-app-registration.md)
-- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)

articles/active-directory/develop/whats-new-docs.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: how-to
-ms.date: 11/11/2022
+ms.date: 03/31/2023
 ms.author: barclayn
 ms.reviewer: sumitp
 
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 ---
 # Managing custom domain names in your Azure Active Directory
 
-A domain name is an important part of the identifier for resources in many Azure Active Directory (Azure AD) deployments. It is part of a user name or email address for a user, part of the address for a group, and is sometimes part of the app ID URI for an application. A resource in Azure AD can include a domain name that's owned by the Azure AD organization (sometimes called a tenant) that contains the resource. Only a Global Administrator can manage domains in Azure AD.
+A domain name is an important part of the identifier for resources in many Azure Active Directory (Azure AD) deployments. It's part of a user name or email address for a user, part of the address for a group, and is sometimes part of the app ID URI for an application. A resource in Azure AD can include a domain name that's owned by the Azure AD organization (sometimes called a tenant) that contains the resource. [Global Administrators](../roles/permissions-reference.md#global-administrator) and [Domain name administrators](../roles/permissions-reference.md#domain-name-administrator) can manage domains in Azure AD. 
 
 ## Set the primary domain name for your Azure AD organization
 

articles/active-directory/enterprise-users/domains-manage.md

@@ -25,7 +25,7 @@ Emails tasks allow for the customization of the following aspects:
 - Email language
 
 > [!NOTE]
-> To avoid additional security disclaimers, you should opt in to using customized domain and organizational branding.
+> When customizing the subject or message body, we recommend that you also enable the custom sender domain and organizational branding, otherwise an additional security disclaimer will be added to your email.
 
 For more information on these customizable parameters, see: [Common email task parameters](lifecycle-workflow-tasks.md#common-email-task-parameters).
 

articles/active-directory/governance/customize-workflow-email.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory application management"
 description: "New and updated documentation for the Azure Active Directory application management."
-ms.date: 03/02/2023
+ms.date: 04/03/2023
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: reference
@@ -15,6 +15,23 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory (Azure AD) application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure AD](../fundamentals/whats-new.md).
 
+## March 2023
+
+### Updated articles
+
+- [Move application authentication to Azure Active Directory](migrate-adfs-apps-to-azure.md)
+- [Quickstart: Create and assign a user account](add-application-portal-assign-users.md)
+- [Configure sign-in behavior using Home Realm Discovery](configure-authentication-for-federated-users-portal.md)
+- [Disable auto-acceleration sign-in](prevent-domain-hints-with-home-realm-discovery.md)
+- [Review permissions granted to enterprise applications](manage-application-permissions.md)
+- [Migrate application authentication to Azure Active Directory](migrate-application-authentication-to-azure-active-directory.md)
+- [Azure Active Directory application management: What's new](whats-new-docs.md)
+- [Configure permission classifications](configure-permission-classifications.md)
+- [Restrict access to a tenant](tenant-restrictions.md)
+- [Tutorial: Migrate Okta sign-on policies to Azure Active Directory Conditional Access](migrate-okta-sign-on-policies-to-azure-active-directory-conditional-access.md)
+- [Delete an enterprise application](delete-application-portal.md)
+- [Restore an enterprise application in Azure AD](restore-application.md)
+
 ## February 2023
 
 ### Updated articles
@@ -43,17 +60,3 @@ Welcome to what's new in Azure Active Directory (Azure AD) application managemen
 - [Create an enterprise application from a multi-tenant application in Azure Active Directory](create-service-principal-cross-tenant.md)
 - [Configure sign-in behavior using Home Realm Discovery](configure-authentication-for-federated-users-portal.md)
 - [Secure hybrid access with Azure Active Directory partner integrations](secure-hybrid-access-integrations.md)
-
-## December 2022
-
-### Updated articles
-
-- [Grant consent on behalf of a single user by using PowerShell](grant-consent-single-user.md)
-- [Tutorial: Configure F5 BIG-IP SSL-VPN for Azure AD SSO](f5-aad-password-less-vpn.md)
-- [Integrate F5 BIG-IP with Azure Active Directory](f5-aad-integration.md)
-- [Deploy F5 BIG-IP Virtual Edition VM in Azure](f5-bigip-deployment-guide.md)
-- [End-user experiences for applications](end-user-experiences.md)
-- [Tutorial: Migrate your applications from Okta to Azure Active Directory](migrate-applications-from-okta-to-azure-active-directory.md)
-- [Tutorial: Configure F5 BIG-IP Access Policy Manager for Kerberos authentication](f5-big-ip-kerberos-advanced.md)
-- [Tutorial: Configure F5 BIG-IP Easy Button for Kerberos single sign-on](f5-big-ip-kerberos-easy-button.md)
-- [Tutorial: Configure F5 BIG-IP Easy Button for header-based and LDAP single sign-on](f5-big-ip-ldap-header-easybutton.md)

articles/active-directory/manage-apps/whats-new-docs.md

@@ -12,7 +12,7 @@ ms.subservice: msi
 ms.topic: tutorial
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 01/11/2022
+ms.date: 03/30/2023
 ms.author: barclayn
 
 ms.collection: M365-identity-device-management
@@ -42,12 +42,12 @@ To run the CLI script examples in this tutorial, you have two options:
 
 In this section, you create a storage account. 
 
-1. Click the **+ Create a resource** button found on the upper left-hand corner of the Azure portal.
-2. Click **Storage**, then **Storage account - blob, file, table, queue**.
+1. Select the **+ Create a resource** button found on the upper left-hand corner of the Azure portal.
+2. Select **Storage**, then **Storage account - blob, file, table, queue**.
 3. Under **Name**, enter a name for the storage account.  
 4. **Deployment model** and **Account kind** should be set to **Resource manager** and **Storage (general purpose v1)**. 
 5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step.
-6. Click **Create**.
+6. Select **Create**.
 
     ![Create new storage account](./media/msi-tutorial-linux-vm-access-storage/msi-storage-create.png)
 
@@ -56,16 +56,16 @@ In this section, you create a storage account.
 Files require blob storage so you need to create a blob container in which to store the file. You then upload  a file to the blob container in the new storage account.
 
 1. Navigate back to your newly created storage account.
-2. Under **Blob Service**, click **Containers**.
-3. Click **+ Container** on the top of the page.
+2. Under **Blob Service**, select **Containers**.
+3. Select **+ Container** on the top of the page.
 4. Under **New container**, enter a name for the container and under **Public access level** keep the default value.
 
     ![Create storage container](./media/msi-tutorial-linux-vm-access-storage/create-blob-container.png)
 
 5. Using an editor of your choice, create a file titled *hello world.txt* on your local machine.  Open the file and add the text (without the quotes) "Hello world! :)" and then save it. 
 
 6. Upload the file to the newly created container by clicking on the container name, then **Upload**
-7. In the **Upload blob** pane, under **Files**, click the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then click **Upload**.
+7. In the **Upload blob** pane, under **Files**, select the folder icon and browse to the file **hello_world.txt** on your local machine, select the file, then select **Upload**.
 
     ![Upload text file](./media/msi-tutorial-linux-vm-access-storage/upload-text-file.png)
 
@@ -83,7 +83,7 @@ Azure Storage natively supports Azure AD authentication, so it can directly acce
 
 To complete the following steps, you need to work from the VM created earlier and you need an SSH client to connect to it. If you are using Windows, you can use the SSH client in the [Windows Subsystem for Linux](/windows/wsl/about). If you need assistance configuring your SSH client's keys, see [How to Use SSH keys with Windows on Azure](~/articles/virtual-machines/linux/ssh-from-windows.md), or [How to create and use an SSH public and private key pair for Linux VMs in Azure](~/articles/virtual-machines/linux/mac-create-ssh-keys.md).
 
-1. In the Azure portal, navigate to **Virtual Machines**, go to your Linux virtual machine, then from the **Overview** page click **Connect**. Copy the string to connect to your VM.
+1. In the Azure portal, navigate to **Virtual Machines**, go to your Linux virtual machine, then from the **Overview** page select **Connect**. Copy the string to connect to your VM.
 2. **Connect** to the VM with the SSH client of your choice. 
 3. In the terminal window, use CURL to make a request to the local Managed Identity endpoint to get an access token for Azure Storage.
 
@@ -102,6 +102,20 @@ To complete the following steps, you need to work from the VM created earlier an
    Hello world! :)
    ```
 
+Alternatively, you could also store the token in a variable and pass it to the second command as shown:
+
+```bash
+# Run the first curl command and capture its output in a variable
+access_token=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H Metadata:true | jq -r '.access_token')
+
+# Run the second curl command with the access token
+curl "https://<STORAGE ACCOUNT>.blob.core.windows.net/<CONTAINER NAME>/<FILE NAME>" \
+  -H "x-ms-version: 2017-11-09" \
+  -H "Authorization: Bearer $access_token"
+
+```
+
+
 ## Next steps
 
 In this tutorial, you learned how enable a Linux VM system-assigned managed identity to access Azure Storage.  To learn more about Azure Storage see: