Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into policy-analytics

Author: greg-lindsay

articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md

@@ -15,7 +15,7 @@ ms.custom: "b2c-support"
 
 # Configure authentication in an Azure Web App configuration file by using Azure AD B2C
 
-This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [File-based configuration in Azure App Service authentication](/azure/app-service/configure-authentication-file-based) article.
+This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [File-based configuration in Azure App Service authentication](../app-service/configure-authentication-file-based.md) article.
 
 ## Overview
 
@@ -141,6 +141,5 @@ From your server code, the provider-specific tokens are injected into the reques
 
 ## Next steps
 
-* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/azure/app-service/configure-authentication-user-identities).
-* Lear how to [Work with OAuth tokens in Azure App Service authentication](/azure/app-service/configure-authentication-oauth-tokens).
-
+* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](../app-service/configure-authentication-user-identities.md).
+* Learn how to [Work with OAuth tokens in Azure App Service authentication](../app-service/configure-authentication-oauth-tokens.md).

articles/active-directory-b2c/configure-authentication-in-azure-web-app.md

@@ -15,7 +15,7 @@ ms.custom: "b2c-support"
 
 # Configure authentication in an Azure Web App by using Azure AD B2C
 
-This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [configure your App Service or Azure Functions app to login using an OpenID Connect provider](/azure/app-service/configure-authentication-provider-openid-connect) article.
+This article explains how to add Azure Active Directory B2C (Azure AD B2C) authentication functionality to an Azure Web App. For more information, check out the [configure your App Service or Azure Functions app to login using an OpenID Connect provider](../app-service/configure-authentication-provider-openid-connect.md) article.
 
 ## Overview
 
@@ -94,7 +94,7 @@ To register your application, follow these steps:
 1. For the  **Client Secret** provide the Web App (client) secret from [step 2.2](#step-22-create-a-client-secret).
 
     > [!TIP]
-    > Your client secret will be stored as an app setting to ensure secrets are stored in a secure fashion. You can update that setting later to use [Key Vault references](/azure/app-service/app-service-key-vault-references) if you wish to manage the secret in Azure Key Vault.
+    > Your client secret will be stored as an app setting to ensure secrets are stored in a secure fashion. You can update that setting later to use [Key Vault references](../app-service/app-service-key-vault-references.md) if you wish to manage the secret in Azure Key Vault.
     
 1. Keep the rest of the settings with the default values.
 1. Press the **Add** button to finish setting up the identity provider. 
@@ -119,6 +119,5 @@ From your server code, the provider-specific tokens are injected into the reques
 
 ## Next steps
 
-* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](/azure/app-service/configure-authentication-user-identities).
-* Lear how to [Work with OAuth tokens in Azure App Service authentication](/azure/app-service/configure-authentication-oauth-tokens).
-
+* After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](../app-service/configure-authentication-user-identities.md).
+* Learn how to [Work with OAuth tokens in Azure App Service authentication](../app-service/configure-authentication-oauth-tokens.md).

articles/active-directory-b2c/enable-authentication-python-web-app.md

@@ -416,7 +416,7 @@ if __name__ == "__main__":
 
 ## Step 6: Run your web app
 
-In the Terminal, run the app by entering the following command, which runs the Flask development server. The development server looks for `app.py` by default. Then, open your browser and navigate to the web app URL: <http://localhost:5000>.
+In the Terminal, run the app by entering the following command, which runs the Flask development server. The development server looks for `app.py` by default. Then, open your browser and navigate to the web app URL: `http://localhost:5000`.
 
 # [Linux](#tab/linux)    
 

articles/active-directory-b2c/page-layout.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/12/2022
+ms.date: 07/18/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -26,7 +26,7 @@ Page layout packages are periodically updated to include fixes and improvements
 
 Azure AD B2C page layout uses the following versions of the [jQuery library](https://jquery.com/) and the [Handlebars templates](https://handlebarsjs.com/):
 
-|Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compliler version |
+|Element |Page layout version range |jQuery version  |Handlebars Runtime version |Handlebars Compiler version |
 |---------|---------|------|--------|----------|
 |multifactor |>= 1.2.4 | 3.5.1 | 4.7.6 |4.7.7 |
 |            |< 1.2.4 | 3.4.1 |4.0.12 |2.0.1 |
@@ -52,6 +52,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## Self-asserted page (selfasserted)
 
+**2.1.14**
+- Fixed WCAG 2.1 accessibility bug for the TOTP multifactor authentication screens.
+
 **2.1.10**
 
 - Correcting to the tab index
@@ -83,7 +86,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Fixed an accessibility bug to show inline error messages only on form submission.
 
 **2.1.6**
-- Fixed password error get cleared when typing too quickly on a different field.
+- Fixed *password error gets cleared when typing too quickly on a different field*.
 
 **2.1.5**
 - Fixed cursor jumps issue on iOS when editing in the middle of the text.
@@ -100,7 +103,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 **2.1.1**
 
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This message is hidden by default.
 - Added support for saving passwords to iCloud Keychain.
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 - Added disclaimers on self-asserted page.
@@ -143,7 +146,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - Initial release
 
-## Unified sign-in sign-up page with password reset link (unifiedssp)
+## Unified sign-in and sign-up page with password reset link (unifiedssp)
 
 > [!TIP]
 > If you localize your page to support multiple locales, or languages in a user flow. The [localization IDs](localization-string-ids.md) article provides the list of localization IDs that you can use for the page version you select.
@@ -159,7 +162,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Updates to the UI elements and CSS classes
 
 **2.1.5**
-- Fixed an issue on tab order when idp selector template is used on sign in page.
+- Fixed an issue on tab order when idp selector template is used on sign-in page.
 - Fixed an encoding issue on sign-in link text.
 
 **2.1.4**
@@ -175,7 +178,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 - Allowing the "forgot password" link to use as claims exchange. For more information, see [Self-service password reset](add-password-reset-policy.md#self-service-password-reset-recommended).
 
 **2.1.1**
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This message is hidden by default.
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 - Added support for saving passwords to iCloud Keychain.
 - Focus is now placed on the first error field when multiple fields have errors.
@@ -187,7 +190,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - Added support for multiple sign-up links.
 - Added support for user input validation according to the predicate rules defined in the policy.
-- When the [sign-in option](sign-in-options.md) is set to Email, the sign-in header presents "Sign in with your sign in name". The username field presents "Sign in name". For more information, see [localization](localization-string-ids.md#sign-up-or-sign-in-page-elements).
+- When the [sign-in option](sign-in-options.md) is set to Email, the sign-in header presents "Sign in with your sign-in name". The username field presents "Sign in name". For more information, see [localization](localization-string-ids.md#sign-up-or-sign-in-page-elements).
 
 **1.2.0**
 
@@ -225,7 +228,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 **1.2.2**
 - Fixed an issue with auto-filling the verification code when using iOS.
 - Fixed an issue with redirecting a token to the relying party from Android Webview. 
-- Added a UXString `heading` in addition to `intro` to display on the page as a title. This is hidden by default.  
+- Added a UXString `heading` in addition to `intro` to display on the page as a title. This messages is hidden by default.  
 - Added support for using policy or the QueryString parameter `pageFlavor` to select the layout (classic, oceanBlue, or slateGray).
 
 **1.2.1**
@@ -246,7 +249,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 - 'Confirm Code' button removed
 - The input field for the code now only takes input up to six (6) characters
-- The page will automatically attempt to verify the code entered when a 6-digit code is entered, without any button having to be clicked
+- The page will automatically attempt to verify the code entered when a six-digit code is entered, without any button having to be clicked
 - If the code is wrong, the input field is automatically cleared
 - After three (3) attempts with an incorrect code, B2C sends an error back to the relying party
 - Accessibility fixes
@@ -274,7 +277,7 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 **1.1.0**
 
 - Accessibility fix
-- Removed the default message when there is no contact from the policy
+- Removed the default message when there's no contact from the policy
 - Default CSS removed
 
 **1.0.0**

articles/active-directory/authentication/howto-authentication-passwordless-phone.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 07/14/2022
+ms.date: 07/15/2022
 
 
 ms.author: justinha
@@ -24,38 +24,21 @@ Microsoft Authenticator can be used to sign in to any Azure AD account without u
 
 This authentication technology can be used on any device platform, including mobile. This technology can also be used with any app or website that integrates with Microsoft Authentication Libraries.
 
-:::image type="content" border="false" source="./media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app-next.png" alt-text="Screenshot that shows an example of a browser sign-in asking for the user to approve the sign-in.":::
+:::image type="content" border="false" source="./media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app.png" alt-text="Screenshot that shows an example of a browser sign-in asking for the user to approve the sign-in.":::
 
 People who enabled phone sign-in from Microsoft Authenticator see a message that asks them to tap a number in their app. No username or password is asked for. To complete the sign-in process in the app, a user must next take the following actions:
 
 1. Enter the number they see on the login screen into Microsoft Authenticator dialog.
 1. Choose **Approve**.
 1. Provide their PIN or biometric.
 
-## Multiple accounts on iOS (preview)
-
-You can enable passwordless phone sign-in for multiple accounts in Microsoft Authenticator on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. 
-
-Previously, admins might not require passwordless sign-in for users with multiple accounts because it requires them to carry more devices for sign-in. By removing the limitation of one user sign-in from a device, admins can more confidently encourage users to register passwordless phone sign-in and use it as their default sign-in method.
-
-The Azure AD accounts can be in the same tenant or different tenants. Guest accounts aren't supported for multiple account sign-in from one device.
-
->[!NOTE]
->Multiple accounts on iOS is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
-
 ## Prerequisites
 
 To use passwordless phone sign-in with Microsoft Authenticator, the following prerequisites must be met:
 
 - Recommended: Azure AD Multi-Factor Authentication, with push notifications allowed as a verification method. Push notifications to your smartphone or tablet help the Authenticator app to prevent unauthorized access to accounts and stop fraudulent transactions. The Authenticator app automatically generates codes when set up to do push notifications so a user has a backup sign-in method even if their device doesn't have connectivity. 
 - Latest version of Microsoft Authenticator installed on devices running iOS 12.0 or greater, or Android 6.0 or greater.
-- For Android, the device that runs Microsoft Authenticator must be registered to an individual user. We're actively working to enable multiple accounts on Android. 
-- For iOS, the device must be registered with each tenant where it's used to sign in. For example, the following device must be registered with Contoso and Wingtiptoys to allow all accounts to sign in:
-  - [email protected]
-  - [email protected] and bsandhu@wingtiptoys
-- For iOS, the option in Microsoft Authenticator to allow Microsoft to gather usage data must be enabled. It's not enabled by default. To enable it in Microsoft Authenticator, go to **Settings** > **Usage Data**.
-  
-  :::image type="content" border="true" source="./media/howto-authentication-passwordless-phone/telemetry.png" alt-text="Screenshot os Usage Data in Microsoft Authenticator.":::
+- The device that runs Microsoft Authenticator must be registered to an individual user. We're actively working to enable multiple accounts on Android. 
 
 To use passwordless authentication in Azure AD, first enable the combined registration experience, then enable users for the passwordless method.
 
@@ -145,6 +128,14 @@ An end user can be enabled for multifactor authentication (MFA) through an on-pr
 
 If the user attempts to upgrade multiple installations (5+) of Microsoft Authenticator with the passwordless phone sign-in credential, this change might result in an error.
 
+### Device registration
+
+Before you can create this new strong credential, there are prerequisites. One prerequisite is that the device on which Microsoft Authenticator is installed must be registered within the Azure AD tenant to an individual user.
+
+Currently, a device can only be enabled for passwordless sign-in in a single tenant. This limit means that only one work or school account in Microsoft Authenticator can be enabled for phone sign-in.
+
+> [!NOTE]
+> Device registration is not the same as device management or mobile device management (MDM). Device registration only associates a device ID and a user ID together, in the Azure AD directory.
 
 ## Next steps
 

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -107,7 +107,7 @@ For information about permissions usage reports, see [Generate and download the
 
 ## Does Permissions Management integrate with third-party ITSM (Information Technology Service Management) tools?
 
-Permissions Management integrates with ServiceNow.
+Integration with ITMS tools, such as ServiceNow, is in the future roadmap.
 
 ## How is Permissions Management being deployed?
 
@@ -169,10 +169,10 @@ Where xx-XX is one of the following available language parameters: 'cs-CZ', 'de-
 - [Permissions Management web page](https://microsoft.com/security/business/identity-access-management/permissions-management)
 - For more information about Microsoft's privacy and security terms, see [Commercial Licensing Terms](https://www.microsoft.com/licensing/terms/product/ForallOnlineServices/all). 
 - For more information about Microsoft's data processing and security terms when you subscribe to a product, see [Microsoft Products and Services Data Protection Addendum (DPA)](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
-- For more information about Microsoft’s policy and practices for Data Subject Requests for GDPR and CCPA: [https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dsr-azure](https://docs.microsoft.com/compliance/regulatory/gdpr-dsr-azure).
+- For more information about Microsoft’s policy and practices for Data Subject Requests for GDPR and CCPA: [https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dsr-azure](/compliance/regulatory/gdpr-dsr-azure).
 
 
 ## Next steps
 
 - For an overview of Permissions Management, see [What's Permissions Management?](overview.md).
-- For information on how to onboard Permissions Management in your organization, see [Enable Permissions Management in your organization](onboard-enable-tenant.md).
+- For information on how to onboard Permissions Management in your organization, see [Enable Permissions Management in your organization](onboard-enable-tenant.md).

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-tenant.md

@@ -27,6 +27,12 @@ To enable Permissions Management in your organization:
 
 > [!NOTE]
 > During public preview, Permissions Management doesn't perform a license check.
+> The public preview environment will only be available until October 7th, 2022. You will be no longer be able view or access your configuration and data in the public preview environment after that date.
+> Once you complete all the steps and confirm to use Microsoft Entra Permissions Management, access to the public preview environment will be lost. You can take a note of your configuration before you start. 
+> To start using generally available Microsoft Entra Permissions Management, you must purchase a license or begin a trial. From the public preview console, initiate the workflow by selecting Start.
+
+
+
 
 ## How to enable Permissions Management on your Azure AD tenant