Merge pull request #220072 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

articles/active-directory/develop/tutorial-blazor-server.md

@@ -6,7 +6,8 @@ ms.author: jricketts
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: tutorial
-ms.date: 09/15/2020
+ms.date: 11/29/2022
+ms.custom: "engagement-fy23"
 #Customer intent: As a developer, I want to add authentication to a Blazor app.
 ---
 
@@ -19,36 +20,41 @@ We also have a tutorial for [Blazor WASM](tutorial-blazor-webassembly.md).
 In this tutorial:
 
 > [!div class="checklist"]
-> * Create a new Blazor Server app configured to use Azure Active Directory (Azure AD) for authentication
-> * Handle both authentication and authorization using Microsoft.Identity.Web
-> * Retrieve data from a protected web API, Microsoft Graph
+>
+> - Create a new Blazor Server app configured to use Azure AD for authentication
+> - Handle both authentication and authorization using `Microsoft.Identity.Web`
+> - Retrieve data from a protected web API, Microsoft Graph
 
 ## Prerequisites
 
 - [.NET Core 3.1 SDK](https://dotnet.microsoft.com/download/dotnet-core/3.1)
-- An Azure AD tenant where you can register an app. If you don’t have access to an Azure AD tenant, you can get one by registering with the [Microsoft 365 Developer Program](https://developer.microsoft.com/microsoft-365/dev-program) or by creating an [Azure free account](https://azure.microsoft.com/free).
+- An Azure account that has an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- The Azure account must have permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:
+  - [Application administrator](../roles/permissions-reference.md#application-administrator)
+  - [Application developer](../roles/permissions-reference.md#application-developer)
+  - [Cloud application administrator](../roles/permissions-reference.md#cloud-application-administrator)
 
 ## Register the app in the Azure portal
 
-Every app that uses Azure Active Directory (Azure AD) for authentication must be registered with Azure AD. Follow the instructions in [Register an application](quickstart-register-app.md) with these additions:
+Every app that uses Azure AD for authentication must be registered with Azure AD. Follow the instructions in [Register an application](quickstart-register-app.md) with these additions:
 
 - For **Supported account types**, select **Accounts in this organizational directory only**.
-- Leave the **Redirect URI** drop down set to **Web** and enter `https://localhost:5001/signin-oidc`. The default port for an app running on Kestrel is 5001. If the app is available on a different port, specify that port number instead of `5001`.
+- Leave the **Redirect URI** drop down set to **Web** and enter `https://localhost:5001/signin-oidc`. The default port for an app running on Kestrel is `5001`. If the app is available on a different port, specify that port number instead of `5001`.
 
 Under **Manage**, select **Authentication** > **Implicit grant and hybrid flows**. Select **ID tokens**, and then select **Save**.
 
 Finally, because the app calls a protected API (in this case Microsoft Graph), it needs a client secret in order to verify its identity when it requests an access token to call that API.
 
 1. Within the same app registration, under **Manage**, select **Certificates & secrets** and then **Client secrets**.
 2. Create a **New client secret** that never expires.
-3. Make note of the secret's **Value** as you will use it in the next step. You can’t access it again once you navigate away from this pane. However, you can recreate it as needed.
+3. Make note of the secret's **Value** as you'll use it in the next step. You can’t access it again once you navigate away from this pane. However, you can recreate it as needed.
 
 ## Create the app using the .NET CLI
 
-Run the following command to download the templates for Microsoft.Identity.Web, which we will make use of in this tutorial.
+Run the following command to download the templates for `Microsoft.Identity.Web`, which we'll make use of in this tutorial.
 
 ```dotnetcli
-dotnet new --install Microsoft.Identity.Web.ProjectTemplates
+dotnet new install Microsoft.Identity.Web.ProjectTemplates
 ```
 
 Then, run the following command to create the application. Replace the placeholders in the command with the proper information from your app's overview page and execute the command in a command shell. The output location specified with the `-o|--output` option creates a project folder if it doesn't exist and becomes part of the app's name.
@@ -64,7 +70,7 @@ dotnet new blazorserver2 --auth SingleOrg --calls-graph -o {APP NAME} --client-i
 | `{TENANT ID}` | Directory (tenant) ID   | `e86c78e2-0000-0000-0000-918e0565a45e` |
 | `{DOMAIN}`    | Primary domain          | `tenantname.onmicrosoft.com`           |
 
-Now, navigate to your new Blazor app in your editor and add the client secret to the *appsettings.json* file, replacing the text "secret-from-app-registration".
+Now, navigate to your new Blazor app in your editor and add the client secret to the _appsettings.json_ file, replacing the text "secret-from-app-registration".
 
 ```json
 "ClientSecret": "secret-from-app-registration",
@@ -86,21 +92,21 @@ In your browser, navigate to `https://localhost:5001`, and log in using an Azure
 
 Before you start, log out of your app since you'll be making changes to the required permissions, and your current token won't work. If you haven't already, run your app again and select **Log out** before updating the code below.
 
-Now you will update your app's registration and code to pull a user's email and display the messages within the app. To achieve this, first extend the app registration permissions in Azure AD to enable access to the email data. Then, add code to the Blazor app to retrieve and display this data in one of the pages.
+Now you'll update your app's registration and code to pull a user's email and display the messages within the app. To achieve this, first extend the app registration permissions in Azure AD to enable access to the email data. Then, add code to the Blazor app to retrieve and display this data in one of the pages.
 
 1. In the Azure portal, select your app in **App registrations**.
 1. Under **Manage**, select **API permissions**.
 1. Select **Add a permission** > **Microsoft Graph**.
 1. Select **Delegated Permissions**, then search for and select the **Mail.Read** permission.
 1. Select **Add permissions**.
 
-In the *appsettings.json* file, update your code so it fetches the appropriate token with the right permissions. Add "mail.read" after the "user.read" scope under "DownstreamAPI". This is specifying which scopes (or permissions) the app will request access to.
+In the *appsettings.json* file, update your code so it fetches the appropriate token with the right permissions. Add `mail.read` after the `user.read` scope under `DownstreamAPI`. This is specifying which scopes (or permissions) the app will request access to.
 
 ```json
 "Scopes": "user.read mail.read"
 ```
 
-Next, update the code in the *FetchData.razor* file to retrieve email data instead of the default (random) weather details. Replace the code in that file with the following:
+Next, update the code in the *FetchData.razor* file to retrieve email data instead of the default (random) weather details. Replace the code in that file with the following code snippet:
 
 ```csharp
 @page "/fetchdata"

articles/active-directory/external-identities/whats-new-docs.md

@@ -15,6 +15,18 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory External Identities documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the External Identities service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
 
+## November 2022
+
+### Updated articles
+
+- [Tutorial: Use PowerShell to bulk invite Azure AD B2B collaboration users](bulk-invite-powershell.md)
+- [Grant B2B users in Azure AD access to your on-premises applications](hybrid-cloud-to-on-premises.md)
+- [Reset redemption status for a guest user](reset-redemption-status.md)
+- [Language customization in Azure Active Directory](user-flow-customize-language.md)
+- [B2B collaboration overview](what-is-b2b.md)
+- [Azure Active Directory External Identities: What's new](whats-new-docs.md)
+- [Tutorial: Enforce multi-factor authentication for B2B guest users](b2b-tutorial-require-mfa.md)
+
 ## October 2022
 
 ### Updated articles
@@ -52,21 +64,3 @@ Welcome to what's new in Azure Active Directory External Identities documentatio
 - [Add Azure Active Directory B2B collaboration users in the Azure portal](add-users-administrator.md)
 - [Leave an organization as an external user](leave-the-organization.md)
 - [Grant B2B users in Azure AD access to your on-premises applications](hybrid-cloud-to-on-premises.md)
-
-## August 2022
-
-### Updated articles
-
-- [Allow or block invitations to B2B users from specific organizations](allow-deny-list.md)
-- [Azure Active Directory B2B best practices](b2b-fundamentals.md)
-- [Azure Active Directory B2B collaboration FAQs](faq.yml)
-- [Email one-time passcode authentication](one-time-passcode.md)
-- [Azure Active Directory B2B collaboration invitation redemption](redemption-experience.md)
-- [Troubleshooting Azure Active Directory B2B collaboration](troubleshoot.md)
-- [Properties of an Azure Active Directory B2B collaboration user](user-properties.md)
-- [B2B collaboration overview](what-is-b2b.md)
-- [Configure external collaboration settings](external-collaboration-settings-configure.md)
-- [Leave an organization as an external user](leave-the-organization.md)
-- [Overview: Cross-tenant access with Azure AD External Identities](cross-tenant-access-overview.md)
-- [Configure cross-tenant access settings for B2B direct connect](cross-tenant-access-settings-b2b-direct-connect.md)
-- [Azure Active Directory External Identities: What's new](whats-new-docs.md)

articles/active-directory/governance/create-lifecycle-workflow.md

@@ -21,7 +21,9 @@ Workflows can be created and customized for common scenarios using templates, or
 
 ## Prerequisites
 
-[!INCLUDE [Azure AD Premium P2 license](../../../includes/active-directory-p2-license.md)]
+- Azure AD Premium P2
+
+For more information, see: [License requirements](what-are-lifecycle-workflows.md#license-requirements)
 
 ## Create a Lifecycle workflow using a template in the Azure portal
 

articles/active-directory/governance/customize-workflow-schedule.md

@@ -2,7 +2,7 @@
 title: 'Customize workflow schedule - Azure Active Directory'
 description: Describes how to customize the schedule of a Lifecycle Workflow.
 services: active-directory
-author: owinfrey
+author: owinfreyATL
 manager: amycolannino
 ms.service: active-directory
 ms.workload: identity

articles/active-directory/governance/delete-lifecycle-workflow.md

@@ -18,6 +18,11 @@ ms.collection: M365-identity-device-management
 
 You can remove workflows that are no longer needed. Deleting these workflows allows you to make sure your lifecycle strategy is up to date. When a workflow is deleted, it enters a soft delete state. During this period, it's still able to be viewed within the deleted workflows list, and can be restored if needed. 30 days after a workflow enters a soft delete state it will be permanently removed. If you don't wish to wait 30 days for a workflow to permanently delete you can always manually delete it yourself.
 
+## Prerequisites
+
+- Azure AD Premium P2
+
+For more information, see: [License requirements](what-are-lifecycle-workflows.md#license-requirements)
 
 ## Delete a workflow using the Azure portal
 

articles/active-directory/governance/lifecycle-workflows-deployment.md

@@ -40,10 +40,10 @@ Planning your Lifecycle Workflow deployment is essential to make sure you achiev
 
 For more information on deployment plans, see [Azure AD deployment plans](../fundamentals/active-directory-deployment-plans.md)
 
-## Licenses
+## License requirements
 
 
-[!INCLUDE [Azure AD Premium P2 license](../../../includes/active-directory-p2-license.md)]
+[!INCLUDE [Azure AD Premium P2 license](../../../includes/lifecycle-workflows-license.md)]
 
 >[!Note]
 >Be aware that if your license expires, any workflows that you have created will stop working.
@@ -104,21 +104,24 @@ This section introduces Lifecycle Workflow concepts you should know before you p
 
 
 ## Prerequisites to deploying Lifecycle Workflows
-The following is important information about your organization and the technologies that need to be in place prior to deploying Lifecycle Workflows.  Ensure that you can answer yes to each of the items before attempting to deploy Lifecycle Workflows.
+
+The following information is important information about your organization and the technologies that need to be in place prior to deploying Lifecycle Workflows.  Ensure that you can answer yes to each of the items before attempting to deploy Lifecycle Workflows.
 
 |Item|Description|Documentation|
 |-----|-----|-----|
 |Inbound Provisioning|You have a process to create user accounts for employees in Azure AD such as HR inbound, SuccessFactors, or MIM.<br><br> Alternatively you have a process to create user accounts in Active Directory and those accounts are provisioned to Azure AD.|[Workday to Active Directory](../saas-apps/workday-inbound-tutorial.md)<br><br>[Workday to Azure AD](../saas-apps/workday-inbound-tutorial.md)<br><br>[SuccessFactors to Active Directory](../saas-apps/sap-successfactors-inbound-provisioning-tutorial.md)</br></br>[SuccessFactors to Azure AD](../saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial.md)<br><br>[Azure AD Connect](../hybrid/whatis-azure-ad-connect-v2.md)<br><br>[Azure AD Connect cloud sync](../cloud-sync/what-is-cloud-sync.md)|
-|Attribute synchronization|The accounts in Azure AD have the employeeHireDate and employeeLeaveDateTime attributes populated.  The values may be populated when the accounts are created from an HR system or synchronized from AD using Azure AD Connect or cloud sync. You have additional attributes, that will be used to determine the scope, such as department, populated or the ability to populate, with data.|[How to synchronize attributes for Lifecycle Workflows](how-to-lifecycle-workflow-sync-attributes.md)
+|Attribute synchronization|The accounts in Azure AD have the employeeHireDate and employeeLeaveDateTime attributes populated.  The values may be populated when the accounts are created from an HR system or synchronized from AD using Azure AD Connect or cloud sync. You have additional attributes that will be used to determine the scope such as department, populated or the ability to populate, with data.|[How to synchronize attributes for Lifecycle Workflows](how-to-lifecycle-workflow-sync-attributes.md)
 
 ## Understanding parts of a workflow
+
 Before you begin planning a Lifecycle Workflow deployment, you should become familiar with the parts of workflow and the terminology around Lifecycle Workflows.
 
 The [Understanding Lifecycle Workflows](understanding-lifecycle-workflows.md) document, uses the portal to explain the parts of a workflow. The [Developer API reference Lifecycle Workflows](lifecycle-workflows-developer-reference.md) document, uses a GRAPH example to explain the parts of a workflow. 
 
 You can use this document to become familiar with the parts of workflow prior to deploying them.
 
 ## Limitations and constraints
+
 The following table provides information that you need to be aware of as you create and deploy Lifecycle workflows.
 
 |Item|Description|
@@ -133,7 +136,7 @@ The following table provides information that you need to be aware of as you cre
 
 The following is additional information you should be aware of.
 
- -    You cannot enable the schedule for the Real-Time Leaver scenario.  This is by design.
+ -    You can't enable the schedule for the Real-Time Leaver scenario.  This is by design.