Skip to content

Commit 23c9a52

Browse files
committed
Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)
2 parents 7c09361 + 77376f2 commit 23c9a52

File tree

400 files changed

+1812
-1101
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

400 files changed

+1812
-1101
lines changed

.openpublishing.redirection.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -943,6 +943,11 @@
943943
"redirect_url": "/azure/frontdoor/front-door-overview",
944944
"redirect_document_id": false
945945
},
946+
{
947+
"source_path_from_root": "/articles/frontdoor/standard-premium/how-to-configure-endpoint-manager.md",
948+
"redirect_url": "/azure/frontdoor/how-to-configure-endpoints",
949+
"redirect_document_id": false
950+
},
946951
{
947952
"source_path_from_root": "/articles/app-service-web/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database.md",
948953
"redirect_url": "/aspnet/core/security/authorization/secure-data",

articles/active-directory-b2c/custom-policy-developer-notes.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: reference
12-
ms.date: 04/30/2022
12+
ms.date: 12/09/2021
1313
ms.custom: project-no-code
1414
ms.author: kengaderdus
1515
ms.subservice: B2C
@@ -156,7 +156,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
156156
| ------- | :--: | ----- |
157157
| [MFA using time-based one-time password (TOTP) with authenticator apps](multi-factor-authentication.md#verification-methods) | Preview | Users can use any authenticator app that supports TOTP verification, such as the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app).|
158158
| [Phone factor authentication](phone-factor-technical-profile.md) | GA | |
159-
| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | GA | |
159+
| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | Preview | |
160160
| [One-time password](one-time-password-technical-profile.md) | GA | |
161161
| [Azure Active Directory](active-directory-technical-profile.md) as local directory | GA | |
162162
| [Predicate validations](predicates.md) | GA | For example, password complexity. |
@@ -168,8 +168,8 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
168168
| Feature | Custom policy | Notes |
169169
| ------- | :--: | ----- |
170170
| Azure portal | GA | |
171-
| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | GA | Used for troubleshooting during development. |
172-
| [Application Insights event logs](analytics-with-application-insights.md) | GA | Used to monitor user flows in production. |
171+
| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | Preview | Used for troubleshooting during development. |
172+
| [Application Insights event logs](analytics-with-application-insights.md) | Preview | Used to monitor user flows in production. |
173173

174174
## Responsibilities of custom policy feature-set developers
175175

articles/active-directory-b2c/deploy-custom-policies-devops.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: how-to
12-
ms.date: 04/30/2022
12+
ms.date: 03/25/2022
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
---

articles/active-directory-b2c/multi-factor-auth-technical-profile.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: reference
12-
ms.date: 04/30/2022
12+
ms.date: 12/09/2021
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
---
@@ -18,6 +18,8 @@ ms.subservice: B2C
1818

1919
Azure Active Directory B2C (Azure AD B2C) provides support for verifying a phone number by using a verification code, or verifying a Time-based One-time Password (TOTP) code.
2020

21+
[!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
22+
2123
## Protocol
2224

2325
The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C:
@@ -166,9 +168,9 @@ The following example shows an Azure AD MFA technical profile used to verify the
166168

167169
In this mode, the user is required to install any authenticator app that supports time-based one-time password (TOTP) verification, such as the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app), on a device that they own.
168170

169-
During the first sign up or sign in, the user scans a QR code, opens a deep link, or enters the code manually using the authenticator app. To verify the TOTP code, use the [Begin verify OTP](#begin-verify-totp) followed by [Verify TOTP](#verify-totp) validation technical profiles.
171+
During the first sign-up or sign-in, the user scans a QR code, opens a deep link, or enters the code manually using the authenticator app. To verify the TOTP code, use the [Begin verify OTP](#begin-verify-totp) followed by [Verify TOTP](#verify-totp) validation technical profiles.
170172

171-
For subsequent sign ins, use the [Get available devices](#get-available-devices) method to check if the user has already enrolled their device. If the number of available devices is greater than zero, this indicates the user has enrolled before. In this case, the user needs to type the TOTP code that appears in the authenticator app.
173+
For subsequent sign-ins, use the [Get available devices](#get-available-devices) method to check if the user has already enrolled their device. If the number of available devices is greater than zero, this indicates the user has enrolled before. In this case, the user needs to type the TOTP code that appears in the authenticator app.
172174

173175
The technical profile:
174176

articles/active-directory-b2c/self-asserted-technical-profile.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: reference
12-
ms.date: 04/30/2022
12+
ms.date: 02/17/2022
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
---
@@ -50,6 +50,8 @@ In a self-asserted technical profile, you can use the **InputClaims** and **Inpu
5050

5151
## Display claims
5252

53+
The display claims feature is currently in **preview**.
54+
5355
The **DisplayClaims** element contains a list of claims to be presented on the screen for collecting data from the user. To prepopulate the values of display claims, use the input claims that were previously described. The element may also contain a default value.
5456

5557
The order of the claims in **DisplayClaims** specifies the order in which Azure AD B2C renders the claims on the screen. To force the user to provide a value for a specific claim, set the **Required** attribute of the **DisplayClaim** element to `true`.
@@ -131,7 +133,7 @@ Use output claims when:
131133
- **Claims are output by output claims transformation**.
132134
- **Setting a default value in an output claim** without collecting data from the user or returning the data from the validation technical profile. The `LocalAccountSignUpWithLogonEmail` self-asserted technical profile sets the **executed-SelfAsserted-Input** claim to `true`.
133135
- **A validation technical profile returns the output claims** - Your technical profile may call a validation technical profile that returns some claims. You may want to bubble up the claims and return them to the next orchestration steps in the user journey. For example, when signing in with a local account, the self-asserted technical profile named `SelfAsserted-LocalAccountSignin-Email` calls the validation technical profile named `login-NonInteractive`. This technical profile validates the user credentials and also returns the user profile. Such as 'userPrincipalName', 'displayName', 'givenName' and 'surName'.
134-
- **A display control returns the output claims** - Your technical profile may have a reference to a [display control](display-controls.md). The display control returns some claims, such as the verified email address. You may want to bubble up the claims and return them to the next orchestration steps in the user journey.
136+
- **A display control returns the output claims** - Your technical profile may have a reference to a [display control](display-controls.md). The display control returns some claims, such as the verified email address. You may want to bubble up the claims and return them to the next orchestration steps in the user journey. The display control feature is currently in **preview**.
135137

136138
The following example demonstrates the use of a self-asserted technical profile that uses both display claims and output claims.
137139

articles/active-directory-b2c/technicalprofiles.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ manager: CelesteDG
99
ms.service: active-directory
1010
ms.workload: identity
1111
ms.topic: reference
12-
ms.date: 04/30/2022
12+
ms.date: 11/30/2021
1313
ms.author: kengaderdus
1414
ms.subservice: B2C
1515
---
@@ -99,7 +99,7 @@ The **TechnicalProfile** element contains the following elements:
9999
| InputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed before any claims are sent to the claims provider or the relying party. |
100100
| InputClaims | 0:1 | A list of previously defined references to claim types that are taken as input in the technical profile. |
101101
| PersistedClaims | 0:1 | A list of previously defined references to claim types that will be persisted by the technical profile. |
102-
| DisplayClaims | 0:1 | A list of previously defined references to claim types that are presented by the [self-asserted technical profile](self-asserted-technical-profile.md). |
102+
| DisplayClaims | 0:1 | A list of previously defined references to claim types that are presented by the [self-asserted technical profile](self-asserted-technical-profile.md). The DisplayClaims feature is currently in preview. |
103103
| OutputClaims | 0:1 | A list of previously defined references to claim types that are taken as output in the technical profile. |
104104
| OutputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed after the claims are received from the claims provider. |
105105
| ValidationTechnicalProfiles | 0:n | A list of references to other technical profiles that the technical profile uses for validation purposes. For more information, see [Validation technical profile](validation-technical-profile.md).|

articles/active-directory-b2c/whats-new-docs.md

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: "What's new in Azure Active Directory business-to-customer (B2C)"
33
description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
4-
ms.date: 05/04/2022
4+
ms.date: 04/04/2022
55
ms.service: active-directory
66
ms.subservice: B2C
77
ms.topic: reference
@@ -15,29 +15,6 @@ manager: CelesteDG
1515

1616
Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md).
1717

18-
## April 2022
19-
20-
### New articles
21-
22-
- [Configure Asignio with Azure Active Directory B2C for multifactor authentication](partner-asignio.md)
23-
- [Set up sign up and sign in with Mobile ID using Azure Active Directory B2C](identity-provider-mobile-id.md)
24-
- [Find help and open a support ticket for Azure Active Directory B2C](find-help-open-support-ticket.md)
25-
26-
### Updated articles
27-
28-
- [Configure authentication in a sample single-page application by using Azure AD B2C](configure-authentication-sample-spa-app.md)
29-
- [Configure xID with Azure Active Directory B2C for passwordless authentication](partner-xid.md)
30-
- [Azure Active Directory B2C service limits and restrictions](service-limits.md)
31-
- [Localization string IDs](localization-string-ids.md)
32-
- [Manage your Azure Active Directory B2C tenant](tenant-management.md)
33-
- [Page layout versions](page-layout.md)
34-
- [Secure your API used an API connector in Azure AD B2C](secure-rest-api.md)
35-
- [Azure Active Directory B2C: What's new](whats-new-docs.md)
36-
- [Application types that can be used in Active Directory B2C](application-types.md)
37-
- [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
38-
- [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](quickstart-native-app-desktop.md)
39-
- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)
40-
4118
## March 2022
4219

4320
### New articles
Lines changed: 120 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,120 @@
1+
---
2+
title: Complex applications for Azure Active Directory Application Proxy
3+
description: Provides an understanding of complex application in Azure Active Directory Application Proxy, and how to configure one.
4+
services: active-directory
5+
author: kenwith
6+
manager: karenhoran
7+
ms.service: active-directory
8+
ms.subservice: app-proxy
9+
ms.workload: identity
10+
ms.topic: how-to
11+
ms.date: 04/22/2022
12+
ms.author: dhruvinshah
13+
ms.reviewer: dhruvinshah
14+
---
15+
16+
# Understanding Azure Active Directory Application Proxy Complex application scenario (Preview)
17+
18+
When applications are made up of multiple individual web application using different domain suffixes or different ports or paths in the URL, the individual web application instances must be published in separate Azure AD Application Proxy apps and the following problems might arise:
19+
1. Pre-authentication- The client must separately acquire an access token or cookie for each Azure AD Application Proxy app. This might lead to additional redirects to login.microsoftonline.com and CORS issues.
20+
2. CORS issues- Cross-origin resource sharing calls (OPTIONS request) might be triggered to validate if the caller web app is allowed to access the URL of the targeted web app. These will be blocked by the Azure AD Application Proxy Cloud service, since these requests cannot contain authentication information.
21+
3. Poor app management- Multiple enterprise apps are created to enable access to a private app adding friction to the app management experience.
22+
23+
The following figure shows an example for complex application domain structure.
24+
25+
![Diagram of domain structure for a complex application showing resource sharing between primary and secondary application.](./media/application-proxy-configure-complex-application/complex-app-structure.png)
26+
27+
With [Azure AD Application Proxy](application-proxy.md), you can address this issue by using complex application publishing that is made up of multiple URLs across various domains.
28+
29+
![Diagram of a Complex application with multiple application segments definition.](./media/application-proxy-configure-complex-application/complex-app-flow.png)
30+
31+
A complex app has multiple app segments, with each app segment being a pair of an internal & external URL.
32+
There is one conditional access policy associated with the app and access to any of the external URLs work with pre-authentication with the same set of policies that are enforced for all.
33+
34+
This solution that allows user to:
35+
36+
- by successfully authenticating
37+
- not being blocked by CORS errors
38+
- including those that uses different domain suffixes or different ports or paths in the URL internally
39+
40+
This article provides you with the information you need to configure wildcard application publishing in your environment.
41+
42+
## Characteristics of application segment(s) for complex application.
43+
1. Application segments can be configured only for a wildcard application.
44+
2. External and alternate URL should match the wildcard external and alternate URL domain of the application respectively.
45+
3. Application segment URL’s (internal and external) need to maintain uniqueness across complex applications.
46+
4. CORS Rules (optional) can be configured per application segment.
47+
5. Access will only be granted to defined application segments for a complex application.
48+
- Note - If all application segments are deleted, a complex application will behave as a wildcard application opening access to all valid URL by specified domain.
49+
6. You can have an internal URL defined both as an application segment and a regular application.
50+
- Note - Regular application will always take precedence over a complex app (wildcard application).
51+
52+
## Pre-requisites
53+
Before you get started with single sign-on for header-based authentication apps, make sure your environment is ready with the following settings and configurations:
54+
- You need to enable Application Proxy and install a connector that has line of site to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
55+
56+
57+
## Configure application segment(s) for complex application.
58+
59+
To configure (and update) Application Segments for a complex app using the API, you first [create a wildcard application](application-proxy-wildcard.md#create-a-wildcard-application), and then update the application's onPremisesPublishing property to configure the application segments and respective CORS settings.
60+
61+
> [!NOTE]
62+
> One application segment is supported in preview. Support for multiple application segment to be announced soon.
63+
64+
If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
65+
## Example
66+
67+
##### Request
68+
Here is an example of the request.
69+
70+
71+
```http
72+
PATCH https://graph.microsoft.com/beta/applications/{<object-id-of--the-complex-app}
73+
Content-type: application/json
74+
75+
{
76+
"onPremisesPublishing": {
77+
"onPremisesApplicationSegments": [
78+
{
79+
"externalUrl": "https://home.contoso.net/",
80+
"internalUrl": "https://home.test.com/",
81+
"alternateUrl": "",
82+
"corsConfigurations": []
83+
},
84+
{
85+
"externalUrl": "https://assets.constoso.net/",
86+
"internalUrl": "https://assets.test.com",
87+
"alternateUrl": "",
88+
"corsConfigurations": [
89+
{
90+
"resource": "/",
91+
"allowedOrigins": [
92+
"https://home.contoso.net/"
93+
],
94+
"allowedHeaders": [
95+
"*"
96+
],
97+
"allowedMethods": [
98+
"*"
99+
],
100+
"maxAgeInSeconds": 0
101+
}
102+
]
103+
}
104+
]
105+
}
106+
}
107+
108+
```
109+
##### Response
110+
111+
```http
112+
HTTP/1.1 204 No Content
113+
```
114+
115+
116+
## See also
117+
- [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md)
118+
- [Plan an Azure AD Application Proxy deployment](application-proxy-deployment-plan.md)
119+
- [Remote access to on-premises applications through Azure Active Directory Application Proxy](application-proxy.md)
120+
- [Understand and solve Azure Active Directory Application Proxy CORS issues](application-proxy-understand-cors-issues.md)
41.2 KB
Loading
Loading

0 commit comments

Comments
 (0)