Merge pull request #219941 from MicrosoftDocs/main

11/30 AM Publish

Author: huypub

.openpublishing.redirection.defender-for-iot.json

@@ -142,12 +142,12 @@
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-create-and-manage-users.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-create-and-manage-users",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-overview",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/defender-for-iot/how-to-define-global-user-access-control.md",
-            "redirect_url": "/azure/defender-for-iot/organizations/how-to-define-global-user-access-control",
+            "redirect_url": "/azure/defender-for-iot/organizations/manage-users-on-premises-management-console#define-global-access-permission-for-on-premises-users",
             "redirect_document_id": false
         },
         {

.openpublishing.redirection.healthcare-apis.json

@@ -554,6 +554,10 @@
         "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings",
         "redirect_document_id": false
     },
+    {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-08-new-ps-cli.md",
+        "redirect_url": "/azure/healthcare-apis/iot/deploy-new-powershell-cli",
+        "redirect_document_id": false
+    },
     {   "source_path_from_root": "/articles/healthcare-apis/events/events-display-metrics.md",
         "redirect_url": "/azure/healthcare-apis/events/events-use-metrics",
         "redirect_document_id": false

articles/active-directory/authentication/TOC.yml

@@ -310,8 +310,12 @@
     href: /samples/browse/?products=azure
   - name: Azure PowerShell cmdlets
     href: /powershell/azure/
-  - name: Microsoft Graph REST API beta
+  - name: Authentication methods APIs - Microsoft Graph
     href: /graph/api/resources/authenticationmethods-overview
+  - name: Authentication strengths APIs - Microsoft Graph (preview)
+    href: /graph/api/resources/authenticationstrengths-overview
+  - name: Authentication methods policy - Microsoft Graph
+    href: /graph/api/resources/authenticationmethodspolicies-overview
   - name: Service limits and restrictions
     href: ../enterprise-users/directory-service-limits-restrictions.md
   - name: FIDO2 compatibility

articles/active-directory/external-identities/api-connectors-overview.md

@@ -5,13 +5,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 06/16/2020
+ms.date: 11/28/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 ms.custom: "it-pro"                 
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
 ---
 
 # Use API connectors to customize and extend self-service sign-up 
@@ -25,7 +25,7 @@ As a developer or IT administrator, you can use [API connectors](self-service-si
 - **Overwrite user attributes**. Reformat or assign a value to an attribute collected from the user. For example, if a user enters the first name in all lowercase or all uppercase letters, you can format the name with only the first letter capitalized. 
 - **Run custom business logic**. You can trigger downstream events in your cloud systems to send push notifications, update corporate databases, manage permissions, audit databases, and perform other custom actions.
 
-An API connector provides Azure Active Directory with the information needed to call API endpoint by defining the HTTP endpoint URL and authentication for the API call. Once you configure an API connector, you can enable it for a specific step in a user flow. When a user reaches that step in the sign up flow, the API connector is invoked and materializes as an HTTP POST request to your API, sending user information ("claims") as key-value pairs in a JSON body. The API response can affect the execution of the user flow. For example, the API response can block a user from signing up, ask the user to re-enter information, or overwrite and append user attributes.
+An API connector provides Azure Active Directory with the information needed to call API endpoint by defining the HTTP endpoint URL and authentication for the API call. Once you configure an API connector, you can enable it for a specific step in a user flow. When a user reaches that step in the sign-up flow, the API connector is invoked and materializes as an HTTP POST request to your API, sending user information ("claims") as key-value pairs in a JSON body. The API response can affect the execution of the user flow. For example, the API response can block a user from signing up, ask the user to reenter information, or overwrite and append user attributes.
 
 ## Where you can enable an API connector in a user flow
 
@@ -39,7 +39,7 @@ There are two places in a user flow where you can enable an API connector:
 
 ### After federating with an identity provider during sign-up
 
-An API connector at this step in the sign-up process is invoked immediately after the user authenticates with an identity provider (like Google, Facebook, & Azure AD). This step precedes the ***attribute collection page***, which is the form presented to the user to collect user attributes. This step is not invoked if a user is registering with a local account. The following are examples of API connector scenarios you might enable at this step:
+An API connector at this step in the sign-up process is invoked immediately after the user authenticates with an identity provider (like Google, Facebook, & Azure AD). This step precedes the [***attribute collection page***](self-service-sign-up-user-flow.md#select-the-layout-of-the-attribute-collection-form), which is the form presented to the user to collect user attributes. This step isn't invoked if a user is registering with a local account. The following are examples of API connector scenarios you might enable at this step:
 
 - Use the email or federated identity that the user provided to look up claims in an existing system. Return these claims from the existing system, pre-fill the attribute collection page, and make them available to return in the token.
 - Implement an allow or blocklist based on social identity.
@@ -55,4 +55,5 @@ An API connector at this step in the sign-up process is invoked after the attrib
 
 ## Next steps
 - Learn how to [add an API connector to a user flow](self-service-sign-up-add-api-connector.md)
+- Learn about [Azure AD entitlement management](self-service-portal.md)
 - Learn how to [add a custom approval system to self-service sign-up](self-service-sign-up-add-approvals.md)

articles/active-directory/external-identities/self-service-portal.md

@@ -5,13 +5,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 11/25/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
 ---
 
 # Self-service for Azure AD B2B collaboration sign-up
@@ -20,14 +20,14 @@ Customers can do a lot with the built-in features that are exposed through the [
 
 ## Azure AD entitlement management for B2B guest user sign-up
 
-As an inviting organization, you might not know ahead of time who the individual external collaborators are who need access to your resources. You need a way for users from partner companies to sign themselves up with policies that you control. If you want to enable users from other organizations to request access, and upon approval be provisioned with guest accounts and assigned to groups, apps and SharePoint Online sites, you can use [Azure AD entitlement management](../governance/entitlement-management-overview.md) to configure policies that [manage access for external users](../governance/entitlement-management-external-users.md#how-access-works-for-external-users).
+As an inviting organization, you might not know ahead of time who the individual external collaborators are who need access to your resources. You need a way for users from partner companies to sign themselves up with policies that you control. You can use [Azure AD entitlement management](../governance/entitlement-management-overview.md) to configure policies, which [manage access for external users](../governance/entitlement-management-external-users.md#how-access-works-for-external-users). This will enable users from other organizations to request access, and upon approval be provisioned with guest accounts and assigned to groups, apps and SharePoint Online sites.
 
 ## Azure Active Directory B2B invitation API
 
 Organizations can use the [Microsoft Graph invitation manager API](/graph/api/resources/invitation) to build their own onboarding experiences for B2B guest users. When you want to offer self-service B2B guest user sign-up, we recommend that you use [Azure AD entitlement management](../governance/entitlement-management-overview.md). But if you want to build your own experience, you can use the [create invitation API](/graph/api/invitation-post?tabs=http) to automatically send your customized invitation email directly to the B2B user, for example. Or your app can use the inviteRedeemUrl returned in the creation response to craft your own invitation (through your communication mechanism of choice) to the invited user.
 
 ## Next steps
 
-* [What is Azure AD B2B collaboration?](what-is-b2b.md)
-* [External Identities pricing](external-identities-pricing.md)
-* [Azure Active Directory B2B collaboration frequently asked questions (FAQ)](faq.yml)
+- [Self-service sign-up user flows](self-service-sign-up-overview.md)
+- [What is Azure AD B2B collaboration?](what-is-b2b.md)
+- [External Identities pricing](external-identities-pricing.md)

articles/active-directory/fundamentals/resilience-b2b-authentication.md

@@ -3,21 +3,18 @@ title: Build resilience in external user authentication with Azure Active Direct
 description: A guide for IT admins and architects to building resilient authentication for external users
 services: active-directory
 author: janicericketts
-manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 09/13/2022
+ms.date: 11/16/2022
 ms.author: jricketts
-ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---
-
 # Build resilience in external user authentication
 
-[Azure Active Directory B2B collaboration](../external-identities/what-is-b2b.md) (Azure AD B2B) is a feature of [External Identities](../external-identities/external-collaboration-settings-configure.md) that enables collaboration with other organizations and individuals. It enables the secure onboarding of guest users into your Azure AD tenant without having to manage their credentials. External users bring their identity and credentials with them from an external identity provider (IdP), so they don’t have to remember a new credential. 
+[Azure Active Directory B2B collaboration](../external-identities/what-is-b2b.md) (Azure AD B2B) is a feature of [External Identities](../external-identities/external-collaboration-settings-configure.md) that enables collaboration with other organizations and individuals. It enables the secure onboarding of guest users into your Azure AD tenant without having to manage their credentials. External users bring their identity and credentials with them from an external identity provider (IdP) so they don't have to remember a new credential. 
 
 ## Ways to authenticate external users
 
@@ -26,46 +23,38 @@ You can choose the methods of external user authentication to your directory. Yo
 With every external IdP, you take a dependency on the availability of that IdP. With some methods of connecting to IdPs, there are things you can do to increase your resilience.
 
 > [!NOTE] 
-> Azure AD B2B has the built-in ability to authenticate any user from any [Azure Active Directory](../index.yml) tenant, or with a personal [Microsoft Account](https://account.microsoft.com/account). You do not have to do any configuration with these built-in options.
+> Azure AD B2B has the built-in ability to authenticate any user from any [Azure Active Directory](../index.yml) tenant or with a personal [Microsoft Account](https://account.microsoft.com/account). You do not have to do any configuration with these built-in options.
 
 ### Considerations for resilience with other IdPs
 
-When using external IdPs for guest user authentication, there are certain configurations that you must ensure you maintain to prevent disruptions.
+When you use external IdPs for guest user authentication, there are configurations that you must maintain to prevent disruptions.
 
 | Authentication Method| Resilience considerations |
 | - | - |
 | Federation with social IDPs like [Facebook](../external-identities/facebook-federation.md) or [Google](../external-identities/google-federation.md).| You must maintain your account with the IdP and configure your Client ID and Client Secret. |
-| [Direct Federation with SAML and WS-Federation Identity Providers](../external-identities/direct-federation.md)| You must collaborate with the IdP owner for access to their endpoints, upon which you're dependent. <br>You must maintain the metadata that contain the certificates and endpoints. |
-| [Email one-time passcode](../external-identities/one-time-passcode.md)| With this method you're dependent on Microsoft’s email system, the user’s email system, and the user’s email client. |
-
-
- 
+| [SAML/WS-Fed identity provider (IdP) federation](../external-identities/direct-federation.md)| You must collaborate with the IdP owner for access to their endpoints upon which you're dependent. You must maintain the metadata that contain the certificates and endpoints. |
+| [Email one-time passcode](../external-identities/one-time-passcode.md)| You're dependent on Microsoft's email system, the user's email system, and the user's email client. |
 
-## Self-service sign-up (preview)
+## Self-service sign-up
 
-As an alternative to sending invitations or links, you can enable [Self-service sign-up](../external-identities/self-service-sign-up-overview.md).  This allows external users to request access to an application. You must create an [API connector](../external-identities/self-service-sign-up-add-api-connector.md) and associate it with a user flow. You associate user flows that define the user experience with one or more applications. 
+As an alternative to sending invitations or links, you can enable [Self-service sign-up](../external-identities/self-service-sign-up-overview.md).  This method allows external users to request access to an application. You must create an [API connector](../external-identities/self-service-sign-up-add-api-connector.md) and associate it with a user flow. You associate user flows that define the user experience with one or more applications. 
 
-It’s possible to use [API connectors](../external-identities/api-connectors-overview.md) to integrate your self-service sign-up user flow with external systems’ APIs. This API integration can be used for [custom approval workflows](../external-identities/self-service-sign-up-add-approvals.md), [performing identity verification](../external-identities/code-samples-self-service-sign-up.md), and other tasks such as overwriting user attributes. Using APIs requires that you manage the following dependencies.
+It's possible to use [API connectors](../external-identities/api-connectors-overview.md) to integrate your self-service sign-up user flow with external systems' APIs. This API integration can be used for [custom approval workflows](../external-identities/self-service-sign-up-add-approvals.md), [performing identity verification](../external-identities/code-samples-self-service-sign-up.md), and other tasks such as overwriting user attributes. Using APIs requires that you manage the following dependencies.
 
 * **API Connector Authentication**: Setting up a connector requires an endpoint URL, a username, and a password. Set up a process by which these credentials are maintained, and work with the API owner to ensure you know any expiration schedule.
-
 * **API Connector Response**: Design API Connectors in the sign-up flow to fail gracefully if the API isn't available. Examine and provide to your API developers these [example API responses](../external-identities/self-service-sign-up-add-api-connector.md) and the [best practices for troubleshooting](../external-identities/self-service-sign-up-add-api-connector.md). Work with the API development team to test all possible response scenarios, including continuation, validation-error, and blocking responses. 
 
 ## Next steps
-Resilience resources for administrators and architects
+
+### Resilience resources for administrators and architects
 
 * [Build resilience with credential management](resilience-in-credentials.md)
-
 * [Build resilience with device states](resilience-with-device-states.md)
-
 * [Build resilience by using Continuous Access Evaluation (CAE)](resilience-with-continuous-access-evaluation.md)
-
 * [Build resilience in your hybrid authentication](resilience-in-hybrid.md)
-
 * [Build resilience in application access with Application Proxy](resilience-on-premises-access.md)
 
-Resilience resources for developers
+### Resilience resources for developers
 
 * [Build IAM resilience in your applications](resilience-app-development-overview.md)
-
 * [Build resilience in your CIAM systems](resilience-b2c.md)