Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.whatsnew/.external-identities.json

@@ -7,7 +7,7 @@
         "relativeLinkPrefix": "/azure/active-directory/external-identities"
     },
     "inclusionCriteria": {
-        "excludePullRequestTitles": true,
+        "omitPullRequestTitles" : true,
         "minAdditionsToFile" : 10,
         "maxFilesChanged": 50,
         "labels": [
@@ -17,7 +17,7 @@
     },
     "areas": [
         {
-            "name": ".",
+            "names": [ "."],
             "heading": "Azure Active Directory external identities"
         }
     ]

articles/active-directory-b2c/custom-email-sendgrid.md

@@ -60,10 +60,10 @@ Next, store the SendGrid API key in an Azure AD B2C policy key for your policies
 
 With a SendGrid account created and SendGrid API key stored in an Azure AD B2C policy key, create a SendGrid [dynamic transactional template](https://sendgrid.com/docs/ui/sending-email/how-to-send-an-email-with-dynamic-transactional-templates/).
 
-1. On the SendGrid site, open the [transactional templates](https://sendgrid.com/dynamic_templates) page and select **Create Template**.
-1. Enter a unique template name like `Verification email` and then select **Save**.
-1. To begin editing your new template, select **Add Version**.
-1. Select **Code Editor** and then **Continue**.
+1. On the SendGrid site, open the [transactional templates](https://sendgrid.com/dynamic_templates) page and select **Create a Dynamic Template**.
+1. Enter a unique template name like `Verification email` and then select **Create**.
+1. To begin editing your new template, select the template i.e. `Verification email`, then select **Add Version**.
+1. Select **Blank Template** and then **Code Editor**.
 1. In the HTML editor, paste following HTML template or use your own. The `{{otp}}` and `{{email}}` parameters will be replaced dynamically with the one-time password value and the user email address.
 
     ```HTML
@@ -158,8 +158,9 @@ With a SendGrid account created and SendGrid API key stored in an Azure AD B2C p
     </html>
     ```
 
-1. Expand **Settings** on the left, and for **Email Subject**, enter `{{subject}}`.
-1. Select **Save Template**.
+1. Expand **Settings** on the left, and for **Version Name**, enter a template version. 
+1. For **Subject**, enter `{{subject}}`.
+1. A the top of the page, select **Save**.
 1. Return to the **Transactional Templates** page by selecting the back arrow.
 1. Record the **ID** of template you created for use in a later step. For example, `d-989077fbba9746e89f3f6411f596fb96`. You specify this ID when you [add the claims transformation](#add-the-claims-transformation).
 

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -55,7 +55,7 @@ You learn how to register an application in the next tutorial.
 1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription your're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
 
     1. On the Azure portal, search for and select **Subscriptions**.
-    2. Select your subscription, and then in the left menu, select **Resource providers**. If you do not see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to open it.
+    2. Select your subscription, and then in the left menu, select **Resource providers**. If you don't see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to expand it.
     3. Make sure the **Microsoft.AzureActiveDirectory** row shows a status of **Registered**. If it doesn't, select the row, and then select **Register**.
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.

articles/active-directory/authentication/how-to-authentication-find-coverage-gaps.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/25/2021
+ms.date: 11/03/2021
 
 ms.author: justinha
 author: inbarckMS 
@@ -17,13 +17,13 @@ ms.collection: M365-identity-device-management
 ---
 # Find and address gaps in strong authentication coverage for your administrators
 
-Requiring multi-factor authentication (MFA) for the administrators in your tenant is one of the first steps you can take to increase the security of your tenant. In this article, we will cover how you can ensure all your administrators are covered by multi-factor authentication.
+Requiring multi-factor authentication (MFA) for the administrators in your tenant is one of the first steps you can take to increase the security of your tenant. In this article, we'll cover how to make sure all of your administrators are covered by multi-factor authentication.
 
 ## Detect current usage for Azure AD Built-in administrator roles
 
 The [Azure AD Secure Score](../fundamentals/identity-secure-score.md) provides a score for **Require MFA for administrative roles** in your tenant. This improvement action tracks the MFA usage of Global administrator, Security administrator, Exchange administrator, and SharePoint administrator. 
 
-There are different ways to check if your admins are covered by an MFA policies. 
+There are different ways to check if your admins are covered by an MFA policy. 
 
 - To troubleshoot sign-in for a specific administrator, you can use the sign-in logs. The sign-in logs let you filter **Authentication requirement** for specific users. Any sign-in where **Authentication requirement** is **Single-factor authentication** means there was no multi-factor authentication policy that was required for the sign-in.
 
@@ -33,19 +33,19 @@ There are different ways to check if your admins are covered by an MFA policies.
 
   ![Screenshot of the authentication activity details.](./media/how-to-authentication-find-coverage-gaps/details.png)
 
-- To choose which policy to enable based on your user licenses, we have a new MFA enablement wizard to help you [compare MFA policies](concept-mfa-licensing.md#compare-multi-factor-authentication-policies) and see which steps are right for your organization. The wizard shows admininstrators who were protected by MFA in the last 30 days.
+- To choose which policy to enable based on your user licenses, we have a new MFA enablement wizard to help you [compare MFA policies](concept-mfa-licensing.md#compare-multi-factor-authentication-policies) and see which steps are right for your organization. The wizard shows administrators who were protected by MFA in the last 30 days.
 
   ![Screenshot of the Multi-factor authentication enablement wizard.](./media/how-to-authentication-find-coverage-gaps/wizard.png)
 
-- To programmatically report for your tenant, you can run a [PowerShell script](https://github.com/microsoft/AzureADToolkit/blob/main/src/Find-UnprotectedUsersWithAdminRoles.ps1) to find all users with an active built-in or custom administrator role, and who is eligible for built-in and custom roles in Privileged Identity Management. The script then checks the sign-ins of these users and reports and users who do not have **Multi-factor authentication** for **Authentication requirement**.
+- To programmatically create a report listing all users with Admins roles in your tenant and their strong authentication status, you can run a [PowerShell script](https://github.com/microsoft/AzureADToolkit/blob/main/src/Find-UnprotectedUsersWithAdminRoles.ps1). This script enumerates all permanent and eligible built-in and custom role assignments as well as groups with roles assigned, and finds users that are either not registered for MFA or not signing in with MFA by evaluating their authentication methods and their sign-in activity.
 
 ## Enforce multi-factor authentication on your administrators
 
 Based on gaps you found, require administrators to use multi-factor authentication in one of the following ways:
 
 - If your administrators are licensed for Azure AD Premium, you can [create a Conditional Access policy](tutorial-enable-azure-mfa.md) to enforce MFA for administrators. You can also update this policy to require MFA from users who are in custom roles.  
 
-- Run the MFA enablement wizard to [choose your MFA policy](concept-mfa-licensing.md#compare-multi-factor-authentication-policies).
+- Run the [MFA enablement wizard](https://aka.ms/MFASetupGuide) to choose your MFA policy.
 
 - If you assign custom or built-in admin roles in [Privileged Identity Management](/privileged-identity-management/pim-configure.md), require multi-factor authentication upon role activation.
 

articles/active-directory/cloud-sync/reference-powershell.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 11/30/2020
+ms.date: 11/03/2021
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -17,21 +17,20 @@ ms.collection: M365-identity-device-management
 
 The AADCloudSyncTools module provides a set of useful tools that you can use to help manage your Azure AD Connect Cloud Sync deployments.
 
-## Pre-requisites
-The following pre-requisites are required:
+## Prerequisites
+The following prerequisites are required:
 
 - All the prerequisites for this module can be automatically installed using `Install-AADCloudSyncToolsPrerequisites`
-- This module uses MSAL authentication, so it requires MSAL.PS module  installed. To verify, in a PowerShell window, execute `Get-module MSAL.PS -ListAvailable`. If the module is installed correctly you will get a response. You can use `Install-AADCloudSyncToolsPrerequisites` to install the latest version of MSAL.PS
-- Although the AzureAD PowerShell module is not a pre-requisite for any functionality of this module, it is useful to have so it is also automatically installed with using `Install-AADCloudSyncToolsPrerequisites`.
-- Manually installing modules from PowerShell require TLS 1.2 enforcement. To ensure you can install modules, set the following in the PowerShell session before using
+- This module uses MSAL authentication, so it requires MSAL.PS module installed. To verify, in a PowerShell window, execute `Get-module MSAL.PS -ListAvailable`. If the module is installed correctly you will get a response. You can use `Install-AADCloudSyncToolsPrerequisites` to install the latest version of MSAL.PS
+- Although the AzureAD PowerShell module is not a prerequisite for any functionality of this module it is useful to be present, so it is also automatically installed when using `Install-AADCloudSyncToolsPrerequisites`. 
+- Installing modules from PowerShell Gallery requires TLS 1.2 enforcement. The cmdlet `Install-AADCloudSyncToolsPrerequisites` sets TLS 1.2 enforcement before installing all the prerequisites. To ensure that you can manually install modules, set the following in the PowerShell session before using `Install-Module`:
   ```
-   Install-Module:
   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 
   ```
 
 
 ## Install the AADCloudSyncTools PowerShell module
-To install and use the AADCloudSyncTools module use the following steps:
+To install and use AADCloudSyncTools module use the following steps:
 
 1. Open Windows PowerShell with administrative privileges
 2. Type or copy and paste the following: `Import-module -Name "C:\Program Files\Microsoft Azure AD Connect Provisioning Agent\Utility\AADCloudSyncTools"`
@@ -42,8 +41,12 @@ To install and use the AADCloudSyncTools module use the following steps:
 7. On the first run, the PoweShellGet module will be installed if not present. To load the new PowershellGet module close the PowerShell Window and open a new PowerShell session with administrative privileges. 
 8. Import the module again using step 2.
 9. Run `Install-AADCloudSyncToolsPrerequisites` to install the MSAL and AzureAD modules
-11. All pre-reqs should be successfully installed
+11. All prerequisites should be successfully installed
  ![Install module](media/reference-powershell/install-1.png)
+12. Every time you want to use AADCloudSyncTools module in new PowerShell session, enter or copy and paste the following:
+```
+Import-module "C:\Program Files\Microsoft Azure AD Connect Provisioning Agent\Utility\AADCloudSyncTools"
+```
 
 
 ## AADCloudSyncTools  Cmdlets
@@ -53,13 +56,13 @@ Uses the MSAL.PS module to request a token for the Azure AD administrator to acc
 
 ### Export-AADCloudSyncToolsLogs
 Exports and packages all the troubleshooting data in a compressed file, as follows:
- 1. Starts a verbose tracing with Start-AADCloudSyncToolsVerboseLogs.  You can find these trace logs in the folder C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace.
- 2. Collects a trace log for 3 minutes.
-   You can specify a different time with -TracingDurationMins or skip verbose tracing with -SkipVerboseTrace
- 3. Stops verbose tracing with Stop-AADCloudSyncToolsVerboseLogs
- 4. Collects Event Viewer Logs for the last 24 hours
- 5. Compresses all the agent logs, verbose logs and event viewer logs into a compressed zip file under the User's Documents folder. 
- </br>You can specify a different output folder with -OutputPath \<folder path\>
+ 1. Sets verbose tracing and starts collecting data from the provisioning agent (same as `Start-AADCloudSyncToolsVerboseLogs`)
+ <br>You can find these trace logs in the folder `C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace` </br>
+ 2. Stops data collection after 3 minutes and disables verbose tracing (same as `Stop-AADCloudSyncToolsVerboseLogs`)
+ <br>You can specify a different duration with `-TracingDurationMins` or completely skip verbose tracing with `-SkipVerboseTrace` </br>
+ 3. Collects Event Viewer Logs for the last 24 hours
+ 4. Compresses all the agent logs, verbose logs and event viewer logs into a compressed zip file under the User's Documents folder
+ <br>You can specify a different output folder with `-OutputPath <folder path>` </br>
 
 ### Get-AADCloudSyncToolsInfo
 Shows Azure AD Tenant details and internal variables state
@@ -120,4 +123,3 @@ Pauses synchronization.
 
 - [What is provisioning?](what-is-provisioning.md)
 - [What is Azure AD Connect cloud sync?](what-is-cloud-sync.md)
-

articles/active-directory/develop/TOC.yml

@@ -738,9 +738,9 @@
   items:
   - name: Videos
     href: identity-videos.md
-  - name: Microsoft identity platform developer blog
-    href: https://developer.microsoft.com/identity/blogs/
-  - name: Azure AD blog
+  - name: Microsoft identity platform - Microsoft 365 Developer Blog
+    href: https://devblogs.microsoft.com/microsoft365dev/category/microsoft-identity-platform/
+  - name: Azure Active Directory Identity Blog
     href: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity
   - name: Azure roadmap
     href: https://azure.microsoft.com/roadmap/?category=security-identity

articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md

@@ -3,15 +3,15 @@ title: "Migrate your JavaScript application from ADAL.js to MSAL.js | Azure"
 titleSuffix: Microsoft identity platform
 description: How to update your existing JavaScript application to use the Microsoft Authentication Library (MSAL) for authentication and authorization instead of the Active Directory Authentication Library (ADAL).
 services: active-directory
-author: KarenH444
+author: mmacy
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
 ms.date: 07/06/2021
-ms.author: karenhoran
+ms.author: marsma
 ms.custom: has-adal-ref
 #Customer intent: As an application developer, I want to learn how to change the code in my JavaScript application from using ADAL.js as its authentication library to MSAL.js.
 ---
@@ -321,7 +321,7 @@ The snippets below demonstrates the minimal code required for a single-page appl
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
-  <script 
+  <script
     type="text/javascript"
     src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.18/js/adal.min.js">
   </script>
@@ -374,8 +374,8 @@ The snippets below demonstrates the minimal code required for a single-page appl
 
     tokenButton.addEventListener('click', () => {
         authContext.acquireTokenPopup(
-            "https://graph.microsoft.com", 
-            null, null, 
+            "https://graph.microsoft.com",
+            null, null,
             function (error, token) {
                 console.log(error, token);
             }
@@ -398,8 +398,8 @@ The snippets below demonstrates the minimal code required for a single-page appl
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
-  <script 
-    type="text/javascript" 
+  <script
+    type="text/javascript"
     src="https://alcdn.msauth.net/browser/2.14.2/js/msal-browser.min.js">
   </script>
 </head>