Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into abac-hns

Author: pauljewellmsft

articles/active-directory-b2c/analytics-with-application-insights.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.topic: how-to
 
-ms.date: 01/11/2024
+ms.date: 01/26/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -38,6 +38,8 @@ In Azure Active Directory B2C (Azure AD B2C), you can send event data directly t
 - Measure performance.
 - Create notifications from Application Insights.
 
+[!INCLUDE [active-directory-b2c-limited-to-custom-policy](../../includes/active-directory-b2c-public-preview.md)]
+
 ## Overview
 
 To enable custom event logs, add an Application Insights technical profile. In the technical profile, you define the Application Insights instrumentation key, the event name, and the claims to record. To post an event, add the technical profile as an orchestration step in a [user journey](userjourneys.md).
@@ -183,11 +185,13 @@ Open the *TrustFrameworkExtensions.xml* file from the starter pack. Add the tech
 
 ## Add the technical profiles as orchestration steps
 
-Add new orchestration steps that refer to the technical profiles.
+Add new orchestration steps that refer to the technical profiles.  
 
 > [!IMPORTANT]
 > After you add the new orchestration steps, renumber the steps sequentially without skipping any integers from 1 to N.
 
+1. Identify the policy file that contains your user journey, such as `SocialAndLocalAccounts/SignUpOrSignin.xml`, then open it.
+
 1. Call `AppInsights-SignInRequest` as the second orchestration step. This step tracks that a sign-up or sign-in request has been received.
 
    ```xml
@@ -199,10 +203,12 @@ Add new orchestration steps that refer to the technical profiles.
    </OrchestrationStep>
    ```
 
-1. Before the `SendClaims` orchestration step, add a new step that calls `AppInsights-UserSignup`. It's triggered when the user selects the sign-up button in a sign-up or sign-in journey.
+1. Before the `SendClaims` orchestration step, add a new step that calls `AppInsights-UserSignup`. It's triggered when the user selects the sign-up button in a sign-up or sign-in journey. You may need to update the orchestration step, `Order="8"`,to make sure you don't skip any integer from the first to the last orchestration step. 
 
    ```xml
-   <!-- Handles the user selecting the sign-up link in the local account sign-in page -->
+   <!-- Handles the user selecting the sign-up link in the local account sign-in page 
+    The `SendClaims` orchestration step comes after this one,
+    -->
    <OrchestrationStep Order="8" Type="ClaimsExchange">
      <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
@@ -221,10 +227,12 @@ Add new orchestration steps that refer to the technical profiles.
    </OrchestrationStep>
    ```
 
-1. After the `SendClaims` orchestration step, call `AppInsights-SignInComplete`. This step shows a successfully completed journey.
+1. After the `SendClaims` orchestration step, call `AppInsights-SignInComplete`. This step shows a successfully completed journey. You may need to update the orchestration step, `Order="10"`, to make sure you don't skip any integer from the first to the last orchestration step. 
 
    ```xml
-   <!-- Track that we have successfully sent a token -->
+   <!-- Track that we have successfully sent a token 
+    The `SendClaims` orchestration step come before this one,
+    -->
    <OrchestrationStep Order="10" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="TrackSignInComplete" TechnicalProfileReferenceId="AppInsights-SignInComplete" />

articles/active-directory-b2c/b2c-global-identity-funnel-based-design.md

@@ -2,16 +2,15 @@
 title: Build a global identity solution with funnel-based approach
 titleSuffix: Azure AD B2C
 description: Learn the funnel-based design consideration for Azure AD B2C to provide customer identity management for global customers.
-
 author: gargi-sinha
 manager: martinco
-
 ms.service: active-directory
-
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 01/26/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: I'm a developer, and I need to understand how to build a global identity solution using a funnel-based approach, so I can implement it in my organization's Azure AD B2C environment.
 ---
 
 # Build a global identity solution with funnel-based approach

articles/active-directory-b2c/b2c-global-identity-proof-of-concept-funnel.md

@@ -8,9 +8,11 @@ manager: martinco
 ms.service: active-directory
 
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 01/26/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: As a developer, I want to understand how to build a global identity solution using a funnel-based approach, so I can implement it in my organization's Azure AD B2C environment.
 ---
 
 # Azure Active Directory B2C global identity framework proof of concept for funnel-based configuration

articles/active-directory-b2c/b2c-global-identity-proof-of-concept-regional.md

@@ -1,16 +1,15 @@
 ---
 title: Azure Active Directory B2C global identity framework proof of concept for region-based configuration
 description: Learn how to create a proof of concept regional based approach for Azure AD B2C to provide customer identity and access management for global customers.
-
 author: gargi-sinha
 manager: martinco
-
 ms.service: active-directory
-
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 01/24/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: I'm a developer implementing Azure Active Directory B2C, and I want to configure region-based sign-up, sign-in, and password reset journeys. My goal is for users to be directed to the correct region and their data managed accordingly.
 ---
 
 # Azure Active Directory B2C global identity framework proof of concept for region-based configuration

articles/active-directory-b2c/b2c-global-identity-region-based-design.md

@@ -2,16 +2,15 @@
 title: Build a global identity solution with region-based approach
 titleSuffix: Azure AD B2C
 description: Learn the region-based design consideration for Azure AD B2C to provide customer identity management for global customers.
-
 author: gargi-sinha
 manager: martinco
-
 ms.service: active-directory
-
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 01/26/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: I'm a developer implementing a global identity solution. I need to understand the different scenarios and workflows for region-based design approach in Azure AD B2C. My goal is to design and implement the authentication and sign-up processes effectively for users from different regions.
 ---
 
 # Build a global identity solution with region-based approach

articles/active-directory-b2c/b2c-global-identity-solutions.md

@@ -2,16 +2,15 @@
 title: Azure Active Directory B2C global identity framework
 titleSuffix: Azure AD B2C
 description: Learn how to configure Azure AD B2C to provide customer identity and access management for global customers.
-
 author: gargi-sinha
 manager: martinco
-
 ms.service: active-directory
-
 ms.topic: conceptual
-ms.date: 12/15/2022
+ms.date: 01/26/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: I'm a developer building a customer-facing application. I need to understand the different approaches to implement an identity platform using Azure AD B2C tenants for a globally operating business model. I want to make an informed decision about the architecture that best suits my application's requirements.
 ---
 
 # Azure Active Directory B2C global identity framework

articles/active-directory-b2c/b2clogin.md

@@ -9,12 +9,12 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 01/26/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
 
-#Customer intent: As an Azure AD B2C application developer, I want to update the redirect URLs in my identity provider's applications to reference b2clogin.com or a custom domain, so that I can authenticate users with Azure AD B2C using the updated endpoints and policies.
+#Customer intent: As an Azure AD B2C application developer, I want to update the redirect URLs in my identity provider's applications to reference b2clogin.com or a custom domain, so that I can authenticate users with Azure AD B2C using the updated endpoints.
 
 ---
 
@@ -27,17 +27,18 @@ When you set up an identity provider for sign-up and sign-in in your Azure Activ
 The transition to b2clogin.com only applies to authentication endpoints that use Azure AD B2C policies (user flows or custom policies) to authenticate users. These endpoints have a `<policy-name>` parameter, which specifies the policy Azure AD B2C should use. [Learn more about Azure AD B2C policies](technical-overview.md#identity-experiences-user-flows-or-custom-policies). 
 
 Old endpoints may look like:
-- <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code>
-- <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize<b>?p=\<policy-name\></b></code>
+- <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code> or <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize<b>?p=\<policy-name\></b></code> for `/authorize` endpoint.
+- <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/logout</code> or <code>https://<b>login.microsoft.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/logout<b>?p=\<policy-name\></b></code> for `/logout` endpoint.
 
-A corresponding updated endpoint would look like:
-- <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code>
-- <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code>
+A corresponding updated endpoint would look similar to the following endpoints:
+- <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code> or  <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code> for the `/authorize` endpoint.
+- <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/logout</code> or <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/logout?<b>p=\<policy-name\></b></code> for the `/logout` endpoint.
 
-With Azure AD B2C [custom domain](./custom-domain.md) the corresponding updated endpoint would look like:
 
-- <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code>
-- <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code>
+With Azure AD B2C [custom domain](./custom-domain.md) the corresponding updated endpoint would look similar to the following endpoints. You can use either of these endpoints:
+
+- <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code> for the `/authorize` endpoint.
+- <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/logout</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/logout?<b>p=\<policy-name\></b></code> for the `/logout` endpoint.
 
 ## Endpoints that are not affected
 
@@ -49,6 +50,12 @@ This change doesn't affect all endpoints, which don't contain a policy parameter
 https://login.microsoftonline.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/token
 ```
 
+However, if you only want to obtain a token to authenticate users, then you can specify the policy that your application wishes to use to authenticate users. In this case, the updated `/token` endpoints  would look similar to the following examples.
+
+- <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/token</code> or  <code>https://<b>\<tenant-name\>.b2clogin.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/token?<b>p=\<policy-name\></b></code> when you use *b2clogin.com*. 
+
+-  <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/token</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/token?<b>p=\<policy-name\></b></code> when you use a custom domain.
+
 ## Overview of required changes
 
 There are several modifications you might need to make to migrate your applications from *login.microsoftonline.com* using Azure AD B2C endpoints:
@@ -149,4 +156,4 @@ For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migr
 [msal-dotnet]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
 [msal-dotnet-b2c]: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics
 [msal-js]: https://github.com/AzureAD/microsoft-authentication-library-for-js
-[msal-js-b2c]: ../active-directory/develop/msal-b2c-overview.md
+[msal-js-b2c]: ../active-directory/develop/msal-b2c-overview.md

articles/active-directory-b2c/custom-domain.md

@@ -6,7 +6,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 01/26/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -267,8 +267,8 @@ In the following redirect URI:
 https://<custom-domain-name>/<tenant-name>/oauth2/authresp
 ``` 
 
-- Replace **&lt;custom-domain-name&gt;** with your custom domain name.
-- Replace **&lt;tenant-name&gt;** with the name of your tenant, or your tenant ID.
+- Replace &lt;`custom-domain-name`&gt; with your custom domain name.
+- Replace &lt;`tenant-name`&gt; with the name of your tenant, or your tenant ID.
 
 The following example shows a valid OAuth redirect URI:
 
@@ -295,9 +295,9 @@ The custom domain integration applies to authentication endpoints that use Azure
 - <code>https://\<custom-domain\>/<tenant-name\>/<b>\<policy-name\></b>/oauth2/v2.0/token</code>
 
 Replace:
-- **custom-domain** with your custom domain
-- **tenant-name** with your tenant name or tenant ID
-- **policy-name** with your policy name.
+- &lt;`custom-domain`&gt; with your custom domain
+- &lt;`tenant-name`&gt; with your tenant name or tenant ID
+- &lt;`policy-name`&gt; with your policy name.
 
 The [SAML service provider](./saml-service-provider.md) metadata may look like the following sample: 
 

articles/active-directory-b2c/external-identities-videos.md

@@ -2,16 +2,16 @@
 title: Microsoft Azure Active Directory B2C external identity video series
 titleSuffix: Azure AD B2C
 description: Learn about external identities in Azure AD B2C in the Microsoft identity platform 
-
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: active-directory
-
 ms.topic: how-to
-ms.date: 06/08/2023
+ms.date: 01/26/2024
 ms.author: gasinh
 ms.subservice: B2C
+
+#customer intent: I'm a developers working with Azure Active Directory B2C. I need videos that provide a deep-dive into the architecture and features of the service. My goal is to gain a better understanding of how to implement and utilize Azure AD B2C in my applications.
 ---
 
 # Microsoft Azure Active Directory B2C external identity video series

articles/active-directory-b2c/identity-verification-proofing.md

@@ -2,15 +2,15 @@
 title: Identity proofing and verification for Azure AD B2C
 titleSuffix: Azure AD B2C
 description: Learn about our partners who integrate with Azure AD B2C to provide identity proofing and verification solutions 
-
 author: gargi-sinha
 manager: martinco
 ms.reviewer: kengaderdus
 ms.service: active-directory
-
 ms.topic: how-to
-ms.date: 01/18/2023
+ms.date: 01/26/2024
 ms.author: gasinh
+
+#customer intent: I'm a developer integrating Azure AD B2C, and I want to configure an identity verification and proofing provider. I need to combat identity fraud and create a trusted user experience for account registration.
 ---
 
 # Identity verification and proofing partners