MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 195 additions & 605 deletions b/‎.openpublishing.redirection.json
Lines changed: 195 additions & 605 deletions
diff --git a/‎articles/active-directory-b2c/TOC.yml
Lines changed: 3 additions & 0 deletions b/‎articles/active-directory-b2c/TOC.yml
Lines changed: 3 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/manage-users-portal.md
Lines changed: 60 additions & 0 deletions b/‎articles/active-directory-b2c/manage-users-portal.md
Lines changed: 60 additions & 0 deletions
diff --git a/‎articles/active-directory/b2b/add-users-administrator.md
Lines changed: 9 additions & 5 deletions b/‎articles/active-directory/b2b/add-users-administrator.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎articles/active-directory/b2b/b2b-quickstart-add-guest-users-portal.md
Lines changed: 7 additions & 3 deletions b/‎articles/active-directory/b2b/b2b-quickstart-add-guest-users-portal.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎articles/active-directory/develop/access-tokens.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/develop/access-tokens.md
Lines changed: 2 additions & 2 deletions
@@ -320,6 +320,9 @@
       href: active-directory-b2c-devquickstarts-graph-dotnet.md
   - name: Audit logs
     href: active-directory-b2c-reference-audit-logs.md
+  - name: Manage users - Azure portal
+    href: manage-users-portal.md
+    displayName: create users, add users, delete users
   - name: Secure API Management API
     href: secure-api-management.md
     displayName: apim, api management, migrate, b2clogin.com
 
@@ -0,0 +1,60 @@
+---
+title: Create & delete Azure AD B2C consumer user accounts in the Azure portal
+description: Learn how to use the Azure portal to create and delete consumer users in your Azure AD B2C directory.
+services: active-directory-b2c
+author: mmacy
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 11/09/2019
+ms.author: marsma
+ms.subservice: B2C
+---
+
+# Use the Azure portal to create and delete consumer users in Azure AD B2C
+
+There might be scenarios in which you want to manually create consumer accounts in your Azure Active Directory B2C (Azure AD B2C) directory. Although consumer accounts in an Azure AD B2C directory are most commonly created when users sign up to use one of your applications, you can create them programmatically and by using the Azure portal. This article focuses on the Azure portal method of user creation and deletion.
+
+To add or delete users, your account must be assigned the *User administrator* or *Global administrator* role.
+
+[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
+
+## Types of user accounts
+
+As described in [Overview of user accounts in Azure AD B2C](user-overview.md), there are three types of user accounts that can be created in an Azure AD B2C directory:
+
+* Work
+* Guest
+* Consumer
+
+This article focuses on working with **consumer accounts** in the Azure portal. For information about creating and deleting Work and Guest accounts, see [Add or delete users using Azure Active Directory](../active-directory/fundamentals/add-users-azure-active-directory.md).
+
+## Create a consumer user
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + subscription** filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. Under **Manage**, select **Users**.
+1. Select **New user**.
+1. Select **Create Azure AD B2C user**.
+1. Choose a **Sign in method** and enter either an **Email** address or a **Username** for the new user. The sign in method you select here must match the setting you've specified for your Azure AD B2C tenant's *Local account* identity provider (see **Manage** > **Identity providers** in your Azure AD B2C tenant).
+1. Enter a **Name** for the user. This is typically the full name (given and surname) of the user.
+1. (Optional) You can **Block sign in** if you wish to delay the ability for the user to sign in. You can enable sign in later by editing the user's **Profile** in the Azure portal.
+1. Choose **Auto-generate password** or **Let me create password**.
+1. Specify the user's **First name** and **Last name**.
+1. Select **Create**.
+
+Unless you've selected **Block sign in**, the user can now sign in using the sign in method (email or username) that you specified.
+
+## Delete a consumer user
+
+1. In your Azure AD B2C directory, select **Users**, and then select the user you want to delete.
+1. Select **Delete**, and then **Yes** to confirm the deletion.
+
+For details about restoring a user within the first 30 days after deletion, or for permanently deleting a user, see [Restore or remove a recently deleted user using Azure Active Directory](../active-directory/fundamentals/active-directory-users-restore.md).
+
+## Next steps
+
+For automated user management scenarios, for example migrating users from another identity provider to your Azure AD B2C directory, see [Azure AD B2C: User migration](active-directory-b2c-user-migration.md).
@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 04/11/2019
+ms.date: 11/12/2019
 
 ms.author: mimart
 author: msmimart
@@ -44,14 +44,18 @@ To add B2B collaboration users to the directory, follow these steps:
    > [!NOTE]
    > The **New guest user** option is also available on the **Organizational relationships** page. In **Azure Active Directory**, under **Manage**, select **Organizational relationships**.
 
-5. Under **User name**, enter the email address of the external user. Optionally, include a welcome message. For example:
-
-   ![Shows where New guest user is in the UI](./media/add-users-administrator/InviteGuest.png) 
+5. On the **New user** page, select **Invite user** and then add the guest user's information. 
 
     > [!NOTE]
     > Group email addresses aren’t supported; enter the email address for an individual. Also, some email providers allow users to add a plus symbol (+) and additional text to their email addresses to help with things like inbox filtering. However, Azure AD doesn’t currently support plus symbols in email addresses. To avoid delivery issues, omit the plus symbol and any characters following it up to the @ symbol.
 
-6. Select **Invite** to automatically send the invitation to the guest user. 
+   - **Name.** The first and last name of the guest user.
+   - **Email address (required)**. The email address of the guest user.
+   - **Personal message (optional)** Include a personal welcome message to the guest user.
+   - **Groups**: You can add the guest user to one or more existing groups, or you can do it later.
+   - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. 
+
+7. Select **Invite** to automatically send the invitation to the guest user. 
 
 After you send the invitation, the user account is automatically added to the directory as a guest.
 
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: quickstart
-ms.date: 07/02/2018
+ms.date: 11/12/2019
 
 ms.author: mimart
 author: msmimart
@@ -44,9 +44,13 @@ To complete the scenario in this tutorial, you need:
 
     ![Screenshot showing where to select the New guest user option](media/quickstart-add-users-portal/quickstart-users-portal-user-3.png)
 
-5.	Under **User name**, enter the email address of the external user. Under **Include a personal message with the invitation**, type a welcome message. 
+5. On the **New user** page, select **Invite user** and then add the guest user's information. 
 
-    ![Screenshot showing where to enter the guest user invitation message](media/quickstart-add-users-portal/quickstart-users-portal-user-4.png)
+   - **Name.** The first and last name of the guest user.
+   - **Email address (required)**. The email address of the guest user.
+   - **Personal message (optional)** Include a personal welcome message to the guest user.
+   - **Groups**: You can add the guest user to one or more existing groups, or you can do it later.
+   - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. 
 
 6. Select **Invite** to automatically send the invitation to the guest user. A notification appears in the upper right with the message **Successfully invited user**. 
 7.	After you send the invitation, the user account is automatically added to the directory as a guest.
 
@@ -260,9 +260,9 @@ Refresh tokens can be invalidated or revoked at any time, for different reasons.
 | [Single sign-out](v1-protocols-openid-connect-code.md#single-sign-out) on web | Revoked | Stays alive | Revoked | Stays alive | Stays alive |
 
 > [!NOTE]
-> A "Non-password based" login is one where the user didn't type in a password to get it. For example, using your face with Windows Hello, a FIDO key, or a PIN.
+> A "Non-password based" login is one where the user didn't type in a password to get it. For example, using your face with Windows Hello, a FIDO2 key, or a PIN.
 >
-> A known issue exists with the Windows Primary Refresh Token. If the PRT is obtained via a password, and then the user logs in via Hello, this does not change the origination of the PRT, and it will be revoked if the user changes their password.
+> Primary Refresh Tokens (PRT) on Windows 10 are segregated based on the credential. For example, Windows Hello and password have their respective PRTs, isolated from one another. When a user signs-in with a Hello credential (PIN or biometrics) and then changes the password, the password based PRT obtained previously will be revoked. Signing back in with a password invalidates the old PRT and requests a new one.
 >
 > Refresh tokens aren't invalidated or revoked when used to fetch a new access token and refresh token.
Original file line number	Diff line number	Diff line change
`@@ -260,9 +260,9 @@ Refresh tokens can be invalidated or revoked at any time, for different reasons.`
`260`	`260`	`\| [Single sign-out](v1-protocols-openid-connect-code.md#single-sign-out) on web \| Revoked \| Stays alive \| Revoked \| Stays alive \| Stays alive \|`
`261`	`261`
`262`	`262`	`> [!NOTE]`
`263`		`-> A "Non-password based" login is one where the user didn't type in a password to get it. For example, using your face with Windows Hello, a FIDO key, or a PIN.`
	`263`	`+> A "Non-password based" login is one where the user didn't type in a password to get it. For example, using your face with Windows Hello, a FIDO2 key, or a PIN.`
`264`	`264`	`>`
`265`		`-> A known issue exists with the Windows Primary Refresh Token. If the PRT is obtained via a password, and then the user logs in via Hello, this does not change the origination of the PRT, and it will be revoked if the user changes their password.`
	`265`	`+> Primary Refresh Tokens (PRT) on Windows 10 are segregated based on the credential. For example, Windows Hello and password have their respective PRTs, isolated from one another. When a user signs-in with a Hello credential (PIN or biometrics) and then changes the password, the password based PRT obtained previously will be revoked. Signing back in with a password invalidates the old PRT and requests a new one.`
`266`	`266`	`>`
`267`	`267`	`> Refresh tokens aren't invalidated or revoked when used to fetch a new access token and refresh token.`
`268`	`268`