Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into tamram21-1018

Author: tamram

.openpublishing.redirection.json

@@ -4358,6 +4358,11 @@
       "redirect_url": "/azure/app-service/tutorial-auth-aad",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/app-service/app-service-web-tutorial-connect-msi.md",
+      "redirect_url": "/azure/app-service/tutorial-connect-msi-sql-database",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/app-service/containers/tutorial-auth-aad.md",
       "redirect_url": "/azure/app-service/tutorial-auth-aad?pivots=platform-linux",

articles/active-directory-b2c/access-tokens.md

@@ -62,7 +62,7 @@ If the **response_type** parameter in an `/authorize` request includes `token`,
 
 To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code. Custom domains are not supported for use with access tokens. Use your tenant-name.onmicrosoft.com domain in the request URL.
 
-In the following example, you replace these values:
+In the following example, you replace these values in the query string:
 
 - `<tenant-name>` - The name of your Azure AD B2C tenant.
 - `<policy-name>` - The name of your custom policy or user flow.
@@ -86,7 +86,7 @@ The response with the authorization code should be similar to this example:
 https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 ```
 
-After successfully receiving the authorization code, you can use it to request an access token:
+After successfully receiving the authorization code, you can use it to request an access token. Note that the parameters are in the body of the HTTP POST request:
 
 ```http
 POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
@@ -100,7 +100,7 @@ grant_type=authorization_code
 &redirect_uri=https://jwt.ms
 &client_secret=2hMG2-_:y12n10vwH...
 ```
-
+ 
 You should see something similar to the following response:
 
 ```json

articles/active-directory-b2c/add-ropc-policy.md

@@ -37,7 +37,7 @@ The following flows are not supported:
 
 When using the ROPC flow, consider the following:
 
-- ROPC doesn’t work when there is any interruption to the authentication flow that needs user interaction. For example, when a password has expired or needs to be changed, [multi-factor authentication](multi-factor-authentication.md) is required, or when more information needs to be collected during sign-in (for example, user consent).
+- ROPC doesn’t work when there is any interruption to the authentication flow that needs user interaction. For example, when a password has expired or needs to be changed, [multifactor authentication](multi-factor-authentication.md) is required, or when more information needs to be collected during sign-in (for example, user consent).
 - ROPC supports local accounts only. Users can’t sign in with [federated identity providers](add-identity-provider.md) like Microsoft, Google+, Twitter, AD-FS, or Facebook.
 - [Session Management](session-behavior.md), including [keep me signed-in (KMSI)](session-behavior.md#enable-keep-me-signed-in-kmsi), is not applicable.
 
@@ -67,6 +67,9 @@ When using the ROPC flow, consider the following:
 
 ::: zone pivot="b2c-custom-policy"
 
+## Pre-requisite 
+If you've not done so, learn about custom policy starter pack in [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).
+
 ##  Create a resource owner policy
 
 1. Open the *TrustFrameworkExtensions.xml* file.

articles/active-directory-b2c/configure-authentication-sample-spa-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/15/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"

articles/active-directory-b2c/configure-user-input.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/15/2021
+ms.date: 10/22/2021
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -32,6 +32,10 @@ In this article, you collect a new attribute during your sign-up journey in Azur
 
 ## Add user attributes your user flow
 
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Under  **Azure services**, select  **Azure AD B2C**. Or use the search box to find and select  **Azure AD B2C**.
 1. In your Azure AD B2C tenant, select **User flows**.
 1. Select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. Select **User attributes** and then select the user attribute (for example, "City"). 
@@ -63,7 +67,7 @@ To provide a set list of values for the city attribute:
 1. [Enable language customization on the user flow](language-customization.md#support-requested-languages-for-ui_locales)
 1. Select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. On the **Languages** page for the user flow, select the language that you want to customize.
-1. Under **Page-level-resources files**, select **Local account sign up page**.
+1. Under **Page-level resources files**, select **Local account sign up page**.
 1. Select **Download defaults** (or **Download overrides** if you have previously edited this language).
 1. Create a `LocalizedCollections` attribute.
 
@@ -107,7 +111,7 @@ The `LocalizedCollections` is an array of `Name` and `Value` pairs. The order fo
 1. Select **User flows** and select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. Select **Languages**.
 1. Select the language that you want to translate to.
-1. Select the **Local account sign up page**.
+1. Under **Page-level-resources files**, select **Local account sign up page**.
 1. Select the folder icon, and select the JSON file to upload. The changes are saved to your user flow automatically.
 
 ## Test your user flow

articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -47,10 +47,10 @@ To enable sign-in for users with an Azure AD account from a specific Azure AD or
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Make sure you're using the directory that contains your organizational Azure AD tenant (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**.
+1. Under **Azure services**, select **App registrations** or search for and select **App registrations**.
 1. Select **New registration**.
 1. Enter a **Name** for your application. For example, `Azure AD B2C App`.
-1. Accept the default selection of **Accounts in this organizational directory only** for this application.
+1. Accept the default selection of **Accounts in this organizational directory only (Default Directory only - Single tenant)** for this application.
 1. For the **Redirect URI**, accept the value of **Web**, and enter the following URL in all lowercase letters, where `your-B2C-tenant-name` is replaced with the name of your Azure AD B2C tenant.
 
     ```

articles/active-directory-b2c/media/tutorial-create-tenant/show-menu-icon.png

@@ -313,10 +313,10 @@ For SAML apps, you need to configure several properties in the application regis
 
 When your SAML application makes a request to Azure AD B2C, the SAML AuthN request includes an `Issuer` attribute. The value of this attribute is typically the same as the application's metadata `entityID` value. Azure AD B2C uses this value to look up the application registration in the directory and read the configuration. For this lookup to succeed, `identifierUri` in the application registration must be populated with a value that matches the `Issuer` attribute.
 
-In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata. You will also need to find the `accessTokenAcceptedVersion` paramater and set the value to `2`.
+In the registration manifest, find the `identifierURIs` parameter and add the appropriate value. This value will be the same value that's configured in the SAML AuthN requests for `EntityId` at the application, and the `entityID` value in the application's metadata. You will also need to find the `accessTokenAcceptedVersion` parameter and set the value to `2`.
 
 > [!IMPORTANT]
-> If you do not update the `accessTokenAcceptedVersion` to `2` you will recive an error message requiring a verfied domain.
+> If you do not update the `accessTokenAcceptedVersion` to `2` you will recieve an error message requiring a verified domain.
 
 The following example shows the `entityID` value in the SAML metadata:
 

articles/active-directory-b2c/saml-service-provider.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/20/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -39,7 +39,7 @@ HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/r
 To configure an API Connector with HTTP basic authentication, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Under **Azure services**, select **Azure AD B2C**.
+2. Under **Azure services**, select **Azure AD B2C** or search for and select **Azure AD B2C**.
 3. Select **API connectors**, and then select the **API Connector** you want to configure.
 4. For the **Authentication type**, select **Basic**.
 5. Provide the **Username**, and **Password** of your REST API endpoint.

articles/active-directory-b2c/secure-rest-api.md

@@ -77,7 +77,7 @@ Learn more about [sign-in options](sign-in-options.md) or how to [set up the loc
 
 Azure AD B2C lets you manage common attributes of consumer account profiles. For example display name, surname, given name, city, and others.
 
-You can also extend the Azure AD schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multi-factor authentication. For more information, see:
+You can also extend the Azure AD schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multifactor authentication. For more information, see:
 
 * [User profile attributes](user-profile-attributes.md)
 * [Add user attributes and customize user input in](configure-user-input.md)
@@ -208,21 +208,21 @@ Multiple applications can use the same user flow or custom policy. A single appl
 
 For example, to sign in to an application, the application uses the *sign up or sign in* user flow. After the user has signed in, they may want to edit their profile, so the application initiates another authorization request, this time using the *profile edit* user flow.
 
-## Multi-factor authentication (MFA)
+## Multifactor authentication (MFA)
 
-Azure AD B2C multi-factor authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. 
+Azure AD B2C Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. 
 
 Your users may or may not be challenged for MFA based on configuration decisions that you can make as an administrator.
 
-See how to enable MFA in user flows in [Enable multi-factor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
+See how to enable MFA in user flows in [Enable multifactor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
 
 ## Conditional Access
 
 Azure AD Identity Protection risk-detection features, including risky users and risky sign-ins, are automatically detected and displayed in your Azure AD B2C tenant. You can create Conditional Access policies that use these risk detections to determine remediation actions and enforce organizational policies. 
 
 ![Conditional access flow](media/technical-overview/conditional-access-flow.png)
 
-Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or sign-ins may be blocked, or challenged with a specific remediation like multi-factor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md).
+Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or sign-ins may be blocked, or challenged with a specific remediation like multifactor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md).
 
 ## Password complexity
 
@@ -296,6 +296,11 @@ By integrating Azure Application Insights into Azure AD B2C custom policies, you
 
 For more information, see [Track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md).
 
+## Region availability and data residency
+Azure AD B2C service is generally available worldwide, for availability, with the option for data residency in regions as specified in [Products available by region](https://azure.microsoft.com/regions/services/). Data residency is determined by the country/region you select when you [create your tenant](tutorial-create-tenant.md). 
+
+Learn more about [Azure Active Directory B2C service Region availability & data residency](data-residency.md).
+
 ## Automation using Microsoft Graph API
 
 Use MS graph API to manage your Azure AD B2C directory. You can also create the Azure AD B2C directory itself. You can manage users, identity providers, user flows, custom policies and many more.