Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into misc

Author: v-thepet

articles/active-directory-b2c/cookie-definitions.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/12/2021
+ms.date: 03/20/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -42,8 +42,18 @@ The following table lists the cookies used in Azure AD B2C.
 | `x-ms-cpim-trans` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for tracking the transactions  (number of authentication requests to Azure AD B2C) and the current transaction. |
 | `x-ms-cpim-sso:{Id}` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for maintaining the SSO session. This cookie is set as `persistent`, when [Keep Me Signed In](session-behavior.md#enable-keep-me-signed-in-kmsi) is enabled.|
 | `x-ms-cpim-cache:{id}_n` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md), successful authentication | Used for maintaining the request state. |
-| `x-ms-cpim-csrf` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. |
+| `x-ms-cpim-csrf` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Cross-Site Request Forgery token used for CRSF protection. For more information, read the [Cross-Site request forgery token](#cross-site-request-forgery-token) section. |
 | `x-ms-cpim-dc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for Azure AD B2C network routing. |
 | `x-ms-cpim-ctx` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Context |
 | `x-ms-cpim-rp` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing membership data for the resource provider tenant. |
 | `x-ms-cpim-rc` | b2clogin.com, login.microsoftonline.com, branded domain | End of [browser session](session-behavior.md) | Used for storing the relay cookie. |
+
+## Cross-Site request forgery token
+
+To prevent Cross Site Request Forgery (CSRF) attacks, Azure AD B2C applies the Synchronizer Token strategy mechanism. For more details on this pattern, check out the [Cross-Site Request Forgery Prevention](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern) article.
+
+Azure AD B2C generates a synchronizer token, and adds it in two places; in a cookie labeled `x-ms-cpim-csrf`, and a query string parameter named `csrf_token` in the URL of the page sent to the Azure AD B2C. As Azure AD B2C service processes the incoming requests from the browser, it confirms that both the query string and cookie versions of the token exist, and that they exactly match. Also it verifies the elements of the contents of the token to confirm against expected values for the in-progress authentication.
+
+For example, in the sign-up or sign-in page, when a user selects the "Forgot password", or "Sign-up now" links, the browser sends a GET request to Azure AD B2C in order to load the contents of the next page. The request to load content Azure AD B2C additionally chooses to send and validate the Synchronizer Token as an extra layer of protection to ensure that the request to load the page was the result of an in-progress authentication.
+
+The Synchronizer Token is a credential that doesn't identify a user, but rather is tied to an active unique authentication session. 

articles/active-directory-b2c/partner-f5.md

@@ -2,8 +2,8 @@
 title: Tutorial to enable Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP
 titleSuffix: Azure AD B2C
 description: Learn how to integrate Azure AD B2C authentication with F5 BIG-IP for secure hybrid access 
-author: KarenH444
-ms.author: celested
+author: gargi-sinha
+ms.author: gasinh
 manager: CelesteDG
 ms.reviewer: kengaderdus
 ms.service: active-directory

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -9,7 +9,7 @@ ms.topic: conceptual
 ms.date: 02/02/2022
 
 ms.author: justinha
-author: NishthaBabith-V
+author: gargi-sinha
 manager: martinco
 ms.reviewer: tilarso
 

articles/active-directory/manage-apps/f5-aad-integration.md

@@ -2,14 +2,14 @@
 title: Secure hybrid access with F5
 titleSuffix: Azure AD
 description: F5 BIG-IP Access Policy Manager and Azure Active Directory integration for Secure Hybrid Access
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 11/12/2020
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 

articles/active-directory/manage-apps/f5-aad-password-less-vpn.md

@@ -3,14 +3,14 @@ title: Configure F5 BIG-IP SSL-VPN solution in Azure AD
 titleSuffix: Azure AD
 description: Tutorial to configure F5’s BIG-IP based  Secure socket layer Virtual private network (SSL-VPN) solution with Azure Active Directory (AD) for Secure Hybrid Access (SHA) 
 services: active-directory
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 10/12/2020
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ms.reviewer: v-nisba
 ---
@@ -309,4 +309,4 @@ The F5 VPN application should also be visible as a target resource in Azure AD C
 
 - [Five steps to full application integration with Azure AD](../fundamentals/five-steps-to-full-application-integration-with-azure-ad.md)
 
-- [Microsoft Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)
+- [Microsoft Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)

articles/active-directory/manage-apps/f5-big-ip-forms-advanced.md

@@ -1,13 +1,13 @@
 ---
 title: Configure F5 BIG-IP’s Access Policy Manager for form-based SSO
 description: Learn how to configure F5's BIG-IP Access Policy Manager and Azure Active Directory for secure hybrid access to form-based applications.
-author: CelesteDG
+author: gargi-sinha
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 10/20/2021
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 
@@ -439,4 +439,4 @@ For more information, see the F5 BIG-IP [Session Variables reference](https://te
 
 * [What is Conditional Access?](../conditional-access/overview.md)
 
-* [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)
+* [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)

articles/active-directory/manage-apps/f5-big-ip-header-advanced.md

@@ -2,14 +2,14 @@
 title: Configure F5 BIG-IP Access Policy Manager for header-based SSO
 description: Learn how to configure F5's BIG-IP Access Policy Manager (APM) and Azure Active Directory SSO for header-based authentication
 services: active-directory
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 11/10/2021
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 
@@ -431,4 +431,4 @@ For more information refer to these articles:
 - [What is Conditional Access?](../conditional-access/overview.md)
 
 - [Microsoft Zero Trust framework to enable remote
-  work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)
+  work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)

articles/active-directory/manage-apps/f5-big-ip-headers-easy-button.md

@@ -2,14 +2,14 @@
 title: Configure F5 BIG-IP’s Easy Button for Header-based SSO
 description: learn to implement Secure Hybrid Access (SHA) with single sign-on (SSO) to header-based applications using F5’s BIG-IP Easy Button Guided Configuration.
 services: active-directory
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 01/07/2022
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 
@@ -363,4 +363,4 @@ If you don’t see a BIG-IP error page, then the issue is probably more related
 
 2. The **View Variables** link in this location may also help root cause SSO issues, particularly if the BIG-IP APM fails to obtain the right attributes from Azure AD or another source
 
-For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).
+For more information, visit this F5 knowledge article [Configuring LDAP remote authentication for Active Directory](https://support.f5.com/csp/article/K11072). There’s also a great BIG-IP reference table to help diagnose LDAP-related issues in this F5 knowledge article on [LDAP Query](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/5.html).

articles/active-directory/manage-apps/f5-big-ip-kerberos-advanced.md

@@ -2,14 +2,14 @@
 title: Configure F5 BIG-IP Access Policy Manager for Kerberos authentication
 description: Learn how to implement Secure Hybrid Access (SHA) with single sign-on (SSO) to Kerberos applications by using F5's BIG-IP advanced configuration.
 services: active-directory
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 12/13/2021
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 
@@ -505,4 +505,4 @@ For help with diagnosing KCD-related problems, see the F5 BIG-IP deployment guid
 
 * [What is Conditional Access?](../conditional-access/overview.md)
 
-* [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)
+* [Zero Trust framework to enable remote work](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/)

articles/active-directory/manage-apps/f5-big-ip-kerberos-easy-button.md

@@ -2,14 +2,14 @@
 title: Configure F5 BIG-IP Easy Button for Kerberos SSO
 description: Learn to implement Secure Hybrid Access (SHA) with Single Sign-on to Kerberos applications using F5’s BIG-IP Easy Button guided configuration..
 services: active-directory
-author: CelesteDG
+author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: how-to
 ms.workload: identity
 ms.date: 12/20/2021
-ms.author: celested
+ms.author: gasinh
 ms.collection: M365-identity-device-management
 ---
 
@@ -456,4 +456,4 @@ If you don’t see a BIG-IP error page, then the issue is probably more related
 
 2. Select the link for your active session. The **View Variables** link in this location may also help determine root cause KCD issues, particularly if the BIG-IP APM fails to obtain the right user and domain identifiers from session variables.
 
-See [BIG-IP APM variable assign examples]( https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107) and [F5 BIG-IP session variables reference]( https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/session-variables.html) for more info.
+See [BIG-IP APM variable assign examples]( https://devcentral.f5.com/s/articles/apm-variable-assign-examples-1107) and [F5 BIG-IP session variables reference]( https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/session-variables.html) for more info.