Merge pull request #216875 from MicrosoftDocs/main

Publish to Live, Wednesday 4AM PST, 11/02

Author: PMEds28

.openpublishing.redirection.active-directory.json

@@ -5541,6 +5541,11 @@
       "redirect_url": "/azure/active-directory/develop/application-consent-experience",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/develop/v2-permissions-and-consent.md",
+      "redirect_url": "/azure/active-directory/develop/permissions-consent-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/manage-apps/consent-and-permissions-overview.md",
       "redirect_url": "/azure/active-directory/manage-apps/user-admin-consent-overview",

.openpublishing.redirection.azure-monitor.json

@@ -5511,6 +5511,11 @@
             "source_path_from_root": "/articles/azure-monitor/containers/container-insights-prometheus-metrics-addon.md",
             "redirect_url": "/azure/azure-monitor/essentials/prometheus-metrics-enable",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/containers/container-insights-prometheus-monitoring-addon.md",
+            "redirect_url": "/azure/azure-monitor/containers/container-insights-prometheus",
+            "redirect_document_id": false
         }
     ]
 }

.whatsnew/.application-management.json

@@ -1,24 +1,24 @@
 {
-  "$schema": "https://whatsnewapi.azurewebsites.net/schema",
-  "docSetProductName": "Azure Active Directory application management",
-  "rootDirectory": "articles/active-directory/manage-apps/",
-  "docLinkSettings": {
-      "linkFormat": "relative",
-      "relativeLinkPrefix": "/azure/active-directory/manage-apps"
-  },
-  "inclusionCriteria": {
-      "excludePullRequestTitles": true,
-      "minAdditionsToFile" : 10,
-      "maxFilesChanged": 50,
-      "labels": [
-          "label:active-directory/svc",
-          "label:app-mgmt/subsvc"
-      ]
-  },
-  "areas": [
-      {
-          "name": ".",
-          "heading": "Azure Active Directory application management"
-      }
-  ]
-}
+    "$schema": "https://whatsnewapi.azurewebsites.net/schema",
+    "docSetProductName": "Azure Active Directory application management",
+    "rootDirectory": "articles/active-directory/manage-apps/",
+    "docLinkSettings": {
+        "linkFormat": "relative",
+        "relativeLinkPrefix": "/azure/active-directory/manage-apps"
+    },
+    "inclusionCriteria": {
+        "omitPullRequestTitles": true,
+        "minAdditionsToFile": 10,
+        "maxFilesChanged": 50,
+        "labels": [
+            "label:active-directory/svc",
+            "label:app-mgmt/subsvc"
+        ]
+    },
+    "areas": [
+        {
+            "name": ".",
+            "heading": "Azure Active Directory application management"
+        }
+    ]
+}

articles/active-directory/develop/TOC.yml

@@ -54,8 +54,6 @@
         - name: Conditional Access auth context
           href: developer-guide-conditional-access-authentication-context.md
           displayName: ca
-        - name: Permissions and consent framework
-          href: v2-permissions-and-consent.md
     - name: App registrations and workload identities
       displayName: App configuration
       items:

articles/active-directory/develop/security-tokens.md

@@ -9,31 +9,30 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 09/27/2021
+ms.date: 11/1/2022
 ms.author: davidmu
 ms.reviewer: jmprieur, saeeda, sureshja, ludwignick
-ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
+ms.custom: aaddev, identityplatformtop40, scenarios:getting-started, engagement-fy23
 #Customer intent: As an application developer, I want to understand the basic concepts of security tokens in the Microsoft identity platform.
 ---
 
 # Security tokens
 
-A centralized identity provider is especially useful for apps that have users located around the globe who don't necessarily sign in from the enterprise's network. The Microsoft identity platform authenticates users and provides security tokens, such as [access tokens](developer-glossary.md#access-token), [refresh tokens](developer-glossary.md#refresh-token), and [ID tokens](developer-glossary.md#id-token). Security tokens allow a [client application](developer-glossary.md#client-application) to access protected resources on a [resource server](developer-glossary.md#resource-server).
+A centralized identity provider is especially useful for apps that have worldwide users who don't necessarily sign in from the enterprise's network. The Microsoft identity platform authenticates users and provides security tokens, such as [access tokens](developer-glossary.md#access-token), [refresh tokens](developer-glossary.md#refresh-token), and [ID tokens](developer-glossary.md#id-token). Security tokens allow a [client application](developer-glossary.md#client-application) to access protected resources on a [resource server](developer-glossary.md#resource-server). 
 
-**Access token**: An access token is a security token that's issued by an [authorization server](developer-glossary.md#authorization-server) as part of an [OAuth 2.0](active-directory-v2-protocols.md) flow. It contains information about the user and the resource for which the token is intended. The information can be used to access web APIs and other protected resources. Access tokens are validated by resources to grant access to a client app. To learn more about how the Microsoft identity platform issues access tokens, see [Access tokens](access-tokens.md).
+**Access token**: An access token is a security token issued by an [authorization server](developer-glossary.md#authorization-server) as part of an [OAuth 2.0](active-directory-v2-protocols.md) flow. It contains information about the user and the resource for which the token is intended. The information can be used to access web APIs and other protected resources. Access tokens are validated by resources to grant access to a client app. To learn more about how the Microsoft identity platform issues access tokens, see [Access tokens](access-tokens.md).
 
 **Refresh token**: Because access tokens are valid for only a short period of time, authorization servers will sometimes issue a refresh token at the same time the access token is issued. The client application can then exchange this refresh token for a new access token when needed. To learn more about how the Microsoft identity platform uses refresh tokens to revoke permissions, see [Refresh tokens](refresh-tokens.md).
 
 **ID token**: ID tokens are sent to the client application as part of an [OpenID Connect](v2-protocols-oidc.md) flow. They can be sent alongside or instead of an access token. ID tokens are used by the client to authenticate the user. To learn more about how the Microsoft identity platform issues ID tokens, see [ID tokens](id-tokens.md).
 
-> [!NOTE]
-> This article discusses security tokens used by the OAuth2 and OpenID Connect protocols. Many enterprise applications use SAML to authenticate users. For information on SAML assertions, see [Azure Active Directory SAML token reference](reference-saml-tokens.md).
+Many enterprise applications use SAML to authenticate users. For information on SAML assertions, see [Azure Active Directory SAML token reference](reference-saml-tokens.md).
 
 ## Validate security tokens
 
 It's up to the app for which the token was generated, the web app that signed in the user, or the web API being called to validate the token. The token is signed by the authorization server with a private key. The authorization server publishes the corresponding public key. To validate a token, the app verifies the signature by using the authorization server public key to validate that the signature was created using the private key.
 
-Tokens are valid for only a limited amount of time. Usually, the authorization server provides a pair of tokens, such as:
+Tokens are valid for only a limited amount of time, so the authorization server frequently provides a pair of tokens;
 
 * An access token, which accesses the application or protected resource.
 * A refresh token, which is used to refresh the access token when the access token is close to expiring.
@@ -59,9 +58,9 @@ A claim consists of key-value pairs that provide information such as the:
 
 * Security Token Server that generated the token.
 * Date when the token was generated.
-* Subject (such as the user--except for daemons).
+* Subject (like the user, but not daemons).
 * Audience, which is the app for which the token was generated.
-* App (the client) that asked for the token. In the case of web apps, this app might be the same as the audience.
+* App (the client) that asked for the token. For web apps, this app might be the same as the audience.
 
 To learn more about how the Microsoft identity platform implements tokens and claim information, see [Access tokens](access-tokens.md) and [ID tokens](id-tokens.md).