Merge branch 'main' into release-service-bus-tls

Author: v-alje

.openpublishing.redirection.active-directory.json

@@ -10700,11 +10700,6 @@
       "redirect_url": "/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review",
       "redirect_document_id": false
     },
-    {
-      "source_path_from_root": "/articles/active-directory-b2c/partner-azure-web-application-firewall.md",
-      "redirect_url": "/azure/active-directory-b2c/partner-gallery",
-      "redirect_document_id": false
-    },
     {
       "source_path_from_root": "/articles/active-directory-b2c/troubleshoot-custom-policies.md",
       "redirect_url": "/azure/active-directory-b2c/troubleshoot",

.openpublishing.redirection.json

@@ -3228,6 +3228,11 @@
       "redirect_url": "/azure/app-service",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/app-service/scenario-secure-app-clean-up-resources.md",
+      "redirect_url": "/azure/app-service/scenario-secure-app-access-storage#clean-up-resources",
+      "redirect_document_id": false
+    },    
     {
       "source_path_from_root": "/articles/app-service/quickstart-nodejs-uiex.md",
       "redirect_url": "/azure/app-service/quickstart-nodejs",

articles/active-directory-b2c/TOC.yml

@@ -334,8 +334,8 @@
         displayName: TOTP, time-based-one-time password, time-based one-time password, authenticator app, Microsoft authenticator app, mfa, 2fa
       - name: Partner integration
         items:
-        - name: Transmit Security
-          href: partner-bindid.md
+        - name: Asignio
+          href: partner-asignio.md
         - name: BlokSec
           href: partner-bloksec.md
         - name: Haventec
@@ -352,6 +352,8 @@
           href: partner-nevis.md
         - name: Nok Nok
           href: partner-nok-nok.md
+        - name: Transmit Security
+          href: partner-bindid.md
         - name: Trusona
           href: partner-trusona.md
         - name: Twilio
@@ -386,6 +388,8 @@
       items:
       - name: Akamai
         href: partner-akamai.md
+      - name: Azure WAF
+        href: partner-azure-web-application-firewall.md
       - name: Cloudflare
         href: partner-cloudflare.md
     - name: Fraud protection partners
@@ -687,4 +691,4 @@
     href: find-help-open-support-ticket.md
     displayName: technical
   - name: Videos
-    href: azure-ad-external-identities-videos.md
+    href: azure-ad-external-identities-videos.md

articles/active-directory-b2c/media/partner-asignio/partner-asignio-architecture-diagram.png

@@ -0,0 +1,102 @@
+---
+title: Tutorial to configure Azure Active Directory B2C with Azure Web Application Firewall
+titleSuffix: Azure AD B2C
+description: Tutorial to configure Azure Active Directory B2C with Azure Web application firewall to protect your applications from malicious attacks 
+services: active-directory-b2c
+author: gargi-sinha
+manager: CelesteDG
+ms.reviewer: kengaderdus
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: how-to
+ms.date: 08/17/2021
+ms.author: gasinh
+ms.subservice: B2C
+---
+
+# Tutorial: Configure Azure Web Application Firewall with Azure Active Directory B2C
+
+In this sample tutorial, learn how to enable [Azure Web Application Firewall (WAF)](https://azure.microsoft.com/services/web-application-firewall/#overview) solution for Azure Active Directory (AD) B2C tenant with custom domain. Azure WAF provides centralized protection of your web applications from common exploits and vulnerabilities.
+
+>[!NOTE]
+>This feature is in public preview.
+
+## Prerequisites
+
+To get started, you'll need:
+
+- An Azure subscription – If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+
+- [An Azure AD B2C tenant](tutorial-create-tenant.md) – The authorization server, responsible for verifying the user’s credentials using the custom policies defined in the tenant.  It's also known as the identity provider.
+
+- [Azure Front Door (AFD)](../frontdoor/index.yml) – Responsible for enabling custom domains for Azure AD B2C tenant.  
+
+- [Azure WAF](https://azure.microsoft.com/services/web-application-firewall/#overview) – Manages all traffic that is sent to the authorization server.
+
+## Azure AD B2C setup
+
+To use custom domains in Azure AD B2C, it's required to use custom domain feature provided by AFD. Learn how to [enable Azure AD B2C custom domains](./custom-domain.md?pivots=b2c-user-flow).  
+
+After custom domain for Azure AD B2C is successfully configured using AFD, [test the custom domain](./custom-domain.md?pivots=b2c-custom-policy#test-your-custom-domain) before proceeding further.  
+
+## Onboard with Azure WAF
+
+To enable Azure WAF, configure a WAF policy and associate that policy to the AFD for protection.
+
+### Create a WAF policy
+
+Create a basic WAF policy with managed Default Rule Set (DRS) in the [Azure portal](https://portal.azure.com).
+
+1. Go to the [Azure portal](https://portal.azure.com). Select **Create a resource** and then search for Azure WAF. Select **Azure Web Application Firewall (WAF)** > **Create**.
+
+2. Go to the **Create a WAF policy** page, select the **Basics** tab. Enter the following information, accept the defaults for the remaining settings.
+
+| Value | Description |
+|:--------|:-------|
+| Policy for | Global WAF (Front Door)|
+| Front Door SKU | Select between Basic, Standard, or Premium SKU |
+|Subscription | Select your Front Door subscription name |
+| Resource group | Select your Front Door resource group name |
+| Policy name | Enter a unique name for your WAF policy |
+| Policy state | Set as Enabled |
+| Policy mode | Set as Detection |
+
+3. Select **Review + create**
+
+4. Go to the **Association** tab of the Create a WAF policy page, select + **Associate a Front Door profile**, enter the following settings
+
+| Value | Description |
+|:----|:------|
+| Front Door | Select your Front Door name associated with Azure AD B2C custom domain |
+| Domains | Select the Azure AD B2C custom domains you want to associate the WAF policy to|
+
+5. Select **Add**.
+
+6. Select **Review + create**, then select **Create**.
+
+### Change policy mode from detection to prevention
+
+When a WAF policy is created, by default the policy is in Detection mode. In Detection mode, WAF doesn't block any requests, instead, requests matching the WAF rules are logged in the WAF logs. For more information about WAF logging, see [Azure WAF monitoring and logging](../web-application-firewall/afds/waf-front-door-monitor.md).
+
+The sample query shows all the requests that were blocked by the WAF policy in the past 24 hours. The details include, rule name, request data, action taken by the policy, and the policy mode.
+
+![Image shows the blocked requests](./media/partner-azure-web-application-firewall/blocked-requests-query.png)
+
+![Image shows the blocked requests details](./media/partner-azure-web-application-firewall/blocked-requests-details.png)
+
+It's recommended that you let the WAF capture requests in Detection mode. Review the WAF logs to determine if there are any rules in the policy that are causing false positive results. Then after [exclude the WAF rules based on the WAF logs](../web-application-firewall/afds/waf-front-door-exclusion.md#define-exclusion-based-on-web-application-firewall-logs).
+
+To see WAF in action, use Switch to prevention mode to change from Detection to Prevention mode. All requests that match the rules defined in the Default Rule Set (DRS) are blocked and logged in the WAF logs.
+
+![Image shows the switch to prevention mode](./media/partner-azure-web-application-firewall/switch-to-prevention-mode.png)
+
+In case you want to switch back to the detection mode, you can do so by using Switch to detection mode option.
+
+![Image shows the switch to detection mode](./media/partner-azure-web-application-firewall/switch-to-detection-mode.png)
+
+## Next steps
+
+- [Azure WAF monitoring and logging](../web-application-firewall/afds/waf-front-door-monitor.md)
+
+- [WAF with Front Door service exclusion lists](../web-application-firewall/afds/waf-front-door-exclusion.md)

articles/active-directory-b2c/media/partner-gallery/asignio-logo.png

@@ -42,7 +42,7 @@ Microsoft partners with the following ISVs for MFA and Passwordless authenticati
 
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
-|![Screenshot of a bindid logo](./media/partner-gallery/bindid-logo.png) | [Transmit Security's](./partner-bindid.md) solution BindID is a passwordless authentication service that uses strong FIDO2 biometric authentication for a reliable omni-channel authentication experience, which ensures a smooth login experience for customers across every device and channel eliminating fraud, phishing, and credential reuse. |
+| ![Screenshot of a asignio logo](./media/partner-gallery/asignio-logo.png) | [Asignio](./partner-asignio.md) is a passwordless, soft biometric, and MFA solution. Asignio uses a combination of the patented Asignio Signature and live facial verification for user authentication. The changeable biometric signature eliminates passwords, fraud, phishing, and credential reuse through omni-channel authentication. |
 | ![Screenshot of a bloksec logo](./media/partner-gallery/bloksec-logo.png) | [BlokSec](./partner-bloksec.md) is a passwordless authentication and tokenless MFA solution, which provides real-time consent-based services and protects customers against identity-centric cyber-attacks such as password stuffing, phishing, and man-in-the-middle attacks. |
 | ![Screenshot of a haventec logo](./media/partner-gallery/haventec-logo.png) | [Haventec](./partner-haventec.md) is a passwordless authentication provider, which provides decentralized identity platform that eliminates passwords, shared secrets, and friction. |
 | ![Screenshot of a hypr logo](./media/partner-gallery/hypr-logo.png) | [Hypr](./partner-hypr.md) is a passwordless authentication provider, which replaces passwords with public key encryptions eliminating fraud, phishing, and credential reuse. |
@@ -51,6 +51,7 @@ Microsoft partners with the following ISVs for MFA and Passwordless authenticati
 |![Screenshot of a Keyless logo.](./media/partner-gallery/keyless-logo.png) | [Keyless](./partner-keyless.md) is a passwordless authentication provider that provides authentication in the form of a facial biometric scan and eliminates fraud, phishing, and credential reuse.
 | ![Screenshot of a nevis logo](./media/partner-gallery/nevis-logo.png) | [Nevis](./partner-nevis.md) enables passwordless authentication and provides a mobile-first, fully branded end-user experience with Nevis Access app for strong customer authentication and to comply with PSD2 transaction requirements. |
 | ![Screenshot of a nok nok logo](./media/partner-gallery/nok-nok-logo.png) | [Nok Nok](./partner-nok-nok.md) provides passwordless authentication and enables FIDO certified multifactor authentication such as FIDO UAF, FIDO U2F, WebAuthn, and FIDO2 for mobile and web applications. Using Nok Nok customers can improve their security posture while balancing user experience.
+|![Screenshot of a bindid logo](./media/partner-gallery/bindid-logo.png) | [Transmit Security's](./partner-bindid.md) solution BindID is a passwordless authentication service that uses strong FIDO2 biometric authentication for a reliable omni-channel authentication experience, which ensures a smooth login experience for customers across every device and channel eliminating fraud, phishing, and credential reuse. |
 | ![Screenshot of a trusona logo](./media/partner-gallery/trusona-logo.png) | [Trusona](./partner-trusona.md) integration helps you sign in securely and enables passwordless authentication, MFA, and digital license scanning. |
 | ![Screenshot of a twilio logo.](./media/partner-gallery/twilio-logo.png) | [Twilio Verify app](./partner-twilio.md) provides multiple solutions to enable MFA through SMS one-time password (OTP), time-based one-time password (TOTP), and push notifications, and to comply with SCA requirements for PSD2. |
 | ![Screenshot of a typingDNA logo](./media/partner-gallery/typingdna-logo.png) | [TypingDNA](./partner-typingdna.md) enables strong customer authentication by analyzing a user’s typing pattern. It helps companies enable a silent MFA and comply with SCA requirements for PSD2. |
@@ -95,6 +96,7 @@ Microsoft partners with the following ISVs for Web Application Firewall (WAF).
 | ISV partner | Description and integration walkthroughs |
 |:-------------------------|:--------------|
 |  ![Screenshot of Akamai logo](./media/partner-gallery/akamai-logo.png) | [Akamai WAF](./partner-akamai.md) allows fine grained manipulation of traffic to protect and secure your identity infrastructure against malicious attacks.  |
+|  ![Screenshot of Azure WAF logo](./media/partner-gallery/azure-web-application-firewall-logo.png) | [Azure WAF](./partner-azure-web-application-firewall.md) provides centralized protection of your web applications from common exploits and vulnerabilities.  |
 ![Screenshot of Cloudflare logo](./media/partner-gallery/cloudflare-logo.png) | [Cloudflare](./partner-cloudflare.md) is a WAF provider that helps organizations protect against malicious attacks that aim to exploit vulnerabilities such as SQLi, and XSS. |