Merge branch 'main' into passwordless-work

Author: vmagelo

.openpublishing.publish.config.json

@@ -32,6 +32,12 @@
   "need_preview_pull_request": true,
   "contribution_branch_mappings": {},
   "dependent_repositories": [
+    {
+      "path_to_root": "azure-docs-snippets-pr",
+      "url": "https://github.com/MicrosoftDocs/azure-docs-snippets-pr",
+      "branch": "main",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "azure-dev-docs-pr",
       "url": "https://github.com/MicrosoftDocs/azure-dev-docs-pr",

.openpublishing.redirection.active-directory.json

@@ -1,5 +1,15 @@
 {
   "redirections": [
+    {
+      "source_path_from_root": "/articles/active-directory/develop/active-directory-claims-mapping.md",
+      "redirect_url": "/azure/active-directory/develop/active-directory-saml-claims-customization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/configure-token-lifetimes.md",
+      "redirect_url": "/azure/active-directory/develop/active-directory-saml-claims-customization",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/authentication/how-to-mfa-microsoft-managed.md",
       "redirect_url": "/azure/active-directory/authentication/concept-authentication-default-enablement",
@@ -50,6 +60,11 @@
       "redirect_url": "/azure/active-directory/saas-apps/safety-culture-tutorial",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/saas-apps/firstbird-tutorial.md",
+      "redirect_url": "/azure/active-directory/saas-apps/radancys-employee-referrals-tutorial",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/icertisicm-tutorial.md",
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",
@@ -11035,6 +11050,11 @@
       "source_path_from_root": "/articles/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-playbook.md",
       "redirect_url": "/azure/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/microsoft-graph-intro.md",
+      "redirect_url": "/graph/overview?toc=/azure/active-directory/develop/toc.json&bc=/azure/active-directory/develop/breadcrumb/toc.json",
+      "redirect_document_id": false
     }
   ]
 }

.openpublishing.redirection.json

@@ -35,7 +35,7 @@
   # - name: 4 - Create custom policies
     # Create this file (tutorial-create-custom-policies.md), and content into it. You also need to update the index.yml's card, Customize, to reflect the new file name
     # What keywords users are searching in TOC: https://review.docs.microsoft.com/en-us/help/contribute/kusto/samples/discoverability-toc-filter?branch=main 
-    # href: tutorial-create-user-flows.md
+    # href:tutorial-create-user-flows.md
   - name: 4 - Manage your tenant
     href: tenant-management.md
     displayName: break glass account, emergence account
@@ -106,6 +106,7 @@
       href: user-flow-overview.md
     - name: Custom policy overview
       href: custom-policy-overview.md
+      displayName: extend, extensibility
   - name: API Connectors
     href: api-connectors-overview.md
     displayName: REST API, web API, API connectors, Dynamic data retrieval, external data sources, external identity data source, outbound webhooks, third-party integration
@@ -461,7 +462,8 @@
     - name: Integrate with our technology partners
       items:
       - name: Azure AD B2C partner gallery
-        href: partner-gallery.md      
+        href: partner-gallery.md     
+        displayName: marketplace, integration, extensibility, extend, customization, customisation
     # Secure
   - name: Secure
     items:

articles/active-directory-b2c/TOC.yml

@@ -39,6 +39,8 @@ Define your application and service architecture, inventory current systems, and
 | Usability vs. security | Your solution must strike the right balance between application usability and your organization's acceptable level of risk. |
 | Move on-premises dependencies to the cloud | To help ensure a resilient solution, consider moving existing application dependencies to the cloud. |
 | Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com will go into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
+| Use Identity Protection and Conditional Access | Use these capabilities for significantly greater control over risky authentications and access policies. Azure AD B2C Premium P2 is required. [Learn more](conditional-access-identity-protection-overview.md). |
+|Tenant size | You need to plan with Azure AD B2C tenant size in mind. By default, Azure AD B2C tenant can accommodate 1.25 million objects (user accounts and applications). You can increase this limit to 5.25 million objects by adding a custom domain to your tenant, and verifying it. If you need a bigger tenant size, you need to contact [Support](find-help-open-support-ticket.md).|
 | Use Identity Protection and Conditional Access | Use these capabilities for greater control over risky authentications and access policies. Azure AD B2C Premium P2 is required. [Learn more](conditional-access-identity-protection-overview.md). |
 
 ## Implementation
@@ -86,5 +88,6 @@ Stay up to date with the state of the service and find support options.
 | Best practice | Description |
 |--|--|
 | [Service updates](https://azure.microsoft.com/updates/?product=active-directory-b2c) |  Stay up to date with Azure AD B2C product updates and announcements. |
-| [Microsoft Support](support-options.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
+| [Microsoft Support](find-help-open-support-ticket.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
 | [Azure status](https://azure.status.microsoft/status) | View the current health status of all Azure services. |
+

articles/active-directory-b2c/best-practices.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 07/26/2022
+ms.date: 11/3/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -20,7 +20,11 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). Using a custom domain with your application provides a more seamless user experience. From the user's perspective, they remain in your domain during the sign in process rather than redirecting to the Azure AD B2C default domain *<tenant-name>.b2clogin.com*.
+This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). By using a verified custom domain, you've benefits such as: 
+
+- It provides a more seamless user experience. From the user's perspective, they remain in your domain during the sign in process rather than redirecting to the Azure AD B2C default domain *<tenant-name>.b2clogin.com*.
+
+- You increase the number of objects (user accounts and applications) you can create in your Azure AD B2C tenant from the default 1.25 million to 5.25 million. 
 
 ![Screenshot demonstrates an Azure AD B2C custom domain user experience.](./media/custom-domain/custom-domain-user-experience.png)
 

articles/active-directory-b2c/custom-domain.md

@@ -43,7 +43,10 @@ sections:
           In an Azure AD B2C tenant, most apps want the user to sign-in with any arbitrary email address (for example, [email protected], [email protected], [email protected], or [email protected]). This type of account is a local account. We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types when configuring identity providers for Azure AD B2C in the Azure portal. In your Azure AD B2C tenant, select **Identity providers**, select **Local account**, and then select **Username**.
           
           User accounts for applications can be created through a sign-up user flow, sign-up or sign-in user flow, the Microsoft Graph API, or in the Azure portal.
-          
+      - question: |
+          How many users can an Azure AD B2C tenant accommodate?
+        answer: |
+          - By default, each tenant can accommodate a total of **1.25 million** objects (user accounts and applications), but you can increase this limit to **5.25 million** objects when you [add and verify a custom domain](custom-domain.md). If you want to increase this limit, please contact [Microsoft Support](find-help-open-support-ticket.md). However, if you created your tenant before **September 2022**, this limit doesn't affect you, and your tenant will retain the size allocated to it at creation, that's, **50 million** objects. 
       - question: |
           Which social identity providers do you support now? Which ones do you plan to support in the future?
         answer: |

articles/active-directory-b2c/faq.yml

@@ -4,43 +4,52 @@ titleSuffix: Azure AD B2C
 description: Learn about our partners who integrate with Azure AD B2C to provide identity proofing and verification solutions 
 services: active-directory-b2c
 author: gargi-sinha
-manager: CelesteDG
+manager: martinco
 ms.reviewer: kengaderdus
-
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/13/2022
+ms.date: 01/18/2023
 ms.author: gasinh
-ms.subservice: B2C
 ---
 
 # Identity verification and proofing partners
 
-With Azure AD B2C partners, customers can enable identity verification and proofing of their end users before allowing  account registration or access. Identity verification and proofing can check document, knowledge-based information and liveness.
+With Azure Active Directory B2C (Azure AD B2C) and solutions from software-vendor partners, customers can enable end-user identity verification and proofing for account registration. Identity verification and proofing can check documents, knowledge-based information, and liveness.
+
+## Architecture diagram
+
+The following architecture diagram illustrates the verification and proofing flow.
 
-A high-level architecture diagram explains the flow.
+   ![Diagram of of the identity proofing flow, from registration to access approval.](./media/partner-gallery/third-party-identity-proofing.png)
 
-![Diagram shows the identity proofing flow](./media/partner-gallery/third-party-identity-proofing.png)
+1. User begins registration with a device.
+2. User enters information.
+3. Digital-risk score is assessed, then third-party identity proofing and identity validation occurs.
+4. Identity is validated or rejected.
+5. User attributes are passed to Azure Active Directory B2C.
+6. If user verification is successful, a user account is created in Azure AD B2C during sign-in.
+7. Based on the verification result, the user receives an access-approved or -denied message.
 
-Microsoft partners with the following ISV partners.
+## Software vendors and integration documentation
 
-| ISV partner | Description and integration walkthroughs |
-|:-------------------------|:--------------|
-| ![Screenshot of a deduce logo.](./media/partner-gallery/deduce-logo.png) | [Deduce](./partner-deduce.md) is an identity verification and proofing provider focused on stopping account takeover and registration fraud. It helps combat identity fraud and creates a trusted user experience. |
-| ![Screenshot of a eid-me logo](./media/partner-gallery/eid-me-logo.png) | [eID-Me](./partner-eid-me.md) is an identity verification and decentralized digital identity solution for Canadian citizens. It enables organizations to meet Identity Assurance Level (IAL) 2 and Know Your Customer (KYC) requirements. |
-|![Screenshot of an Experian logo.](./media/partner-gallery/experian-logo.png) | [Experian](./partner-experian.md) is an Identity verification and proofing provider that performs risk assessments based on user attributes to prevent fraud. |
-|![Screenshot of an IDology logo.](./media/partner-gallery/idology-logo.png) | [IDology](./partner-idology.md) is an Identity verification and proofing provider with ID verification solutions, fraud prevention solutions, compliance solutions, and others.|
-|![Screenshot of a Jumio logo.](./media/partner-gallery/jumio-logo.png) | [Jumio](./partner-jumio.md) is an ID verification service, which enables real-time automated ID verification, safeguarding customer data. |
-| ![Screenshot of a LexisNexis logo.](./media/partner-gallery/lexisnexis-logo.png) | [LexisNexis](./partner-lexisnexis.md) is a profiling and identity validation provider that verifies user identification and provides comprehensive risk assessment based on user’s device. |
-| ![Screenshot of a Onfido logo](./media/partner-gallery/onfido-logo.png) | [Onfido](./partner-onfido.md) is a document ID and facial biometrics verification solution that allows companies to meet *Know Your Customer* and identity requirements in real time.  |
+Microsoft partners with independent software vendors (ISVs). Use the following table to locate an ISV and related integration documentation. 
 
-## Additional information
+| ISV logo | ISV link and description| Integration documentation|
+|---|---|---|
+| ![Screenshot of the Deduce logo.](./media/partner-gallery/deduce-logo.png) | [Deduce](https://www.deduce.com/): Identity verification and proofing provider that helps stop account takeover and registration fraud. Use it to combat identity fraud and create a trusted user experience. |[Configure Azure AD B2C with Deduce to combat identity fraud and create a trusted user experience](partner-deduce.md)|
+| ![Screenshot of the eID-Me logo.](./media/partner-gallery/eid-me-logo.png) |  [Bluink, Ltd.](https://bluink.ca/): eID-Me is an identity verification and decentralized digital identity solution for Canadian citizens. Use it to meet Identity Assurance Level (IAL) 2 and Know Your Customer (KYC) requirements. |[Configure eID-Me with Azure AD B2C for identity verification](partner-eid-me.md)|
+|![Screenshot of the Experian logo.](./media/partner-gallery/experian-logo.png) | [Experian Information Solutions, Inc.](https://www.experian.com/business/products/crosscore): Identity verification and proofing provider with solutions that perform risk assessments based on user attributes. |[Tutorial: Configure Experian with Azure AD B2C](partner-experian.md)|
+|![Screenshot of the IDology logo.](./media/partner-gallery/idology-logo.png) | [IDology, a GBG company](https://www.idology.com/solutions/): Identity verification and proofing provider with ID verification, fraud prevention, and compliance solutions.|[Tutorial for configuring IDology with Azure AD B2C](partner-idology.md)|
+|![Screenshot of the Jumio logo.](./media/partner-gallery/jumio-logo.png) | [Jumio](https://www.jumio.com/): Identify verification service with products for real-time, automated ID verification. |[Tutorial for configuring Jumio with Azure AD B2C](partner-jumio.md)|
+| ![Screenshot of the LexisNexis logo.](./media/partner-gallery/lexisnexis-logo.png) | [LexisNexis Risk Solutions Group](https://risk.lexisnexis.com/products/threatmetrix): Profiling and identity validation provider that verifies user identification and provides risk assessment based on user devices. See, ThreatMetrix. |[Tutorial for configuring LexisNexis with Azure AD B2C](partner-lexisnexis.md)|
+| ![Screenshot of the Onfido logo.](./media/partner-gallery/onfido-logo.png) | [Onfido](https://onfido.com/): Document ID and facial biometrics verification solutions to meet Know Your Customer (KYC) and identity requirements.  |[Tutorial for configuring Onfido with Azure AD B2C](partner-onfido.md)|
 
-- [Custom policies in Azure AD B2C](./custom-policy-overview.md)
+## Resources
 
-- [Get started with custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy&tabs=applications)
+- [Azure AD B2C custom policy overview](custom-policy-overview.md)
+- [Tutorial: Create user flows and custom policies in Azure Active Directory B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy&tabs=applications)
 
 ## Next steps
 
-Select a partner in the tables mentioned to learn how to integrate their solution with Azure AD B2C.
+Select and contact a partner from the previous table to get started on solution integration with Azure AD B2C. The partners have similar processes to contact them for a product demo.

articles/active-directory-b2c/identity-verification-proofing.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/03/2022
+ms.date: 11/3/2022
 ms.custom: "project-no-code, ignite-fall-2021, b2c-support"
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -26,7 +26,7 @@ Watch this video to learn about Azure AD B2C user migration using Microsoft Grap
 
 ## Prerequisites
 
-To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-get-started.md) article to create an application registration that your management application can use. 
+- To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Register a Microsoft Graph application](microsoft-graph-get-started.md) article to create an application registration that your management application can use. 
 
 ## User management
 > [!NOTE]
@@ -162,6 +162,25 @@ For user flows, these extension properties are [managed by using the Azure porta
 > [!NOTE]
 > In Azure AD, directory extensions are managed through the [extensionProperty resource type](/graph/api/resources/extensionproperty) and its associated methods. However, because they are used in B2C through the `b2c-extensions-app` app which should not be updated, they are managed in Azure AD B2C using the [identityUserFlowAttribute resource type](/graph/api/resources/identityuserflowattribute) and its associated methods.
 
+## Tenant usage 
+
+Use the [Get organization details](/graph/api/organization-get) API to get your directory size quota. You need to add the `$select` query parameter as shown in the following HTTP request:
+
+```http
+    GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
+``` 
+Replace `organization-id` with your organization or tenant ID. 
+
+The response to the above request looks similar to the following JSON snippet:
+
+```json
+{
+    "directorySizeQuota": {
+        "used": 156,
+        "total": 1250000
+    }
+}
+``` 
 ## Audit logs
 
 - [List audit logs](/graph/api/directoryaudit-list)

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/01/2022
+ms.date: 12/29/2022
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 ---
@@ -164,6 +164,8 @@ The following table lists the administrative configuration limits in the Azure A
 |Number of sign-out URLs per application        |1          |
 |String Limit per Attribute      |250 Chars          |
 |Number of B2C tenants per subscription      |20         |
+|Total number of objects (user accounts and applications) per tenant (default limit)|1.25 million |
+|Total number of objects (user accounts and applications) per tenant (using a verified custom domain)|5.25 million |
 |Levels of [inheritance](custom-policy-overview.md#inheritance-model) in custom policies     |10         |
 |Number of policies per Azure AD B2C tenant (user flows + custom policies)     |200          |
 |Maximum policy file size      |1024 KB          |