Merge pull request #252450 from MicrosoftDocs/main

9/21/2023 AM Publish

Author: Taojunshen

articles/active-directory/azuread-dev/TOC.yml

@@ -49,7 +49,7 @@
         href: ../develop/single-sign-on-saml-protocol.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
       - name: Sign-out
         href: ../develop/single-sign-out-saml-protocol.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
-      - name: How Azure AD uses the SAML protocol
+      - name: How Microsoft Entra ID uses the SAML protocol
         href: ../develop/saml-protocol-reference.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
     - name: WS-Federation
       items:
@@ -69,7 +69,7 @@
     items:
     - name: Applications and service principals
       href: ../develop/app-objects-and-service-principals.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
-    - name: How and why apps are added to Azure AD
+    - name: How and why apps are added to Microsoft Entra ID
       href: ../develop/how-applications-are-added.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
     - name: Single tenant and multi-tenant apps
       href: ../develop/single-and-multi-tenant-apps.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
@@ -167,7 +167,7 @@
     href: videos.md
   - name: Azure roadmap
     href: https://azure.microsoft.com/roadmap/?category=security-identity
-  - name: Azure AD blog
+  - name: Microsoft Entra blog
     href: https://cloudblogs.microsoft.com/enterprisemobility/?product=azure-active-directory
   - name: Microsoft identity platform developer blog
     href: https://devblogs.microsoft.com/microsoft365dev/category/microsoft-identity-platform/

articles/active-directory/azuread-dev/about-microsoft-identity-platform.md

@@ -26,7 +26,7 @@ With the unified Microsoft identity platform (v2.0), you can write code once and
 
 With Microsoft identity platform, expand your reach to these kinds of users:
 
-- Work and school accounts (Azure AD provisioned accounts)
+- Work and school accounts (Microsoft Entra ID provisioned accounts)
 - Personal accounts (such as Outlook.com or Hotmail.com)
 - Your customers who bring their own email or social identity (such as LinkedIn, Facebook, Google) via MSAL and Azure AD B2C
 

articles/active-directory/azuread-dev/active-directory-acs-migration.md

@@ -73,10 +73,10 @@ In this scenario, a developer has an application running on a server that needs
 
 ### Authenticating a confidential client application running on a server, on behalf of a user
 
-In this scenario, a developer has a web application running on a server that needs to access a remote resource, such as a web API. The web API does not allow anonymous calls, so it must be called from an authorized service on behalf of an authenticated user. The web API is pre-configured to trust access tokens issued by a specific Azure AD tenant, and Azure AD is pre-configured to issue access tokens for that resource to a service with client credentials. Once the user is authenticated in the web application, the application can get an authorization code for the user from Azure AD. The web application can then use ADAL to obtain an access token and refresh token on behalf of a user using the authorization code and client credentials associated with the application from Azure AD. Once the web application is in possession of the access token, it can call the web API until the token expires. When the token expires, the web application can use ADAL to get a new access token by using the refresh token that was previously received. For a code sample that demonstrates this scenario, see [Native client to Web API to Web API](https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof).
+In this scenario, a developer has a web application running on a server that needs to access a remote resource, such as a web API. The web API does not allow anonymous calls, so it must be called from an authorized service on behalf of an authenticated user. The web API is pre-configured to trust access tokens issued by a specific Microsoft Entra tenant, and Microsoft Entra ID is pre-configured to issue access tokens for that resource to a service with client credentials. Once the user is authenticated in the web application, the application can get an authorization code for the user from Microsoft Entra ID. The web application can then use ADAL to obtain an access token and refresh token on behalf of a user using the authorization code and client credentials associated with the application from Microsoft Entra ID. Once the web application is in possession of the access token, it can call the web API until the token expires. When the token expires, the web application can use ADAL to get a new access token by using the refresh token that was previously received. For a code sample that demonstrates this scenario, see [Native client to Web API to Web API](https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof).
 
 ## See Also
 
 - [The Azure Active Directory developer's guide](v1-overview.md)
-- [Authentication scenarios for Azure Active directory](v1-authentication-scenarios.md)
+- [Authentication scenarios for Azure Active Directory](v1-authentication-scenarios.md)
 - [Azure Active Directory code samples](sample-v1-code.md)

articles/active-directory/azuread-dev/active-directory-authentication-libraries.md

@@ -483,7 +483,7 @@ By default, ADAL logging does not capture or log any personal identifiable infor
 
 #### ADAL library errors
 
-To explore specific ADAL errors, the source code in the [azure-activedirectory-library-for-dotnet repository](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/blob/8f6d560fbede2247ec0e217a21f6929d4375dcaa/src/ADAL.PCL/Utilities/Constants.cs#L58) is the best error reference.
+To explore specific ADAL errors, the source code in the [`azure-activedirectory-library-for-dotnet` repository](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/blob/8f6d560fbede2247ec0e217a21f6929d4375dcaa/src/ADAL.PCL/Utilities/Constants.cs#L58) is the best error reference.
 
 #### Guidance for error logging code
 
@@ -493,7 +493,7 @@ ADAL .NET logging changes depending on the platform being worked on. Refer to th
 
 #### ADAL library errors
 
-To explore specific ADAL errors, the source code in the [azure-activedirectory-library-for-android repository](https://github.com/AzureAD/azure-activedirectory-library-for-android/blob/dev/adal/src/main/java/com/microsoft/aad/adal/ADALError.java#L33) is the best error reference.
+To explore specific ADAL errors, the source code in the [`azure-activedirectory-library-for-android` repository](https://github.com/AzureAD/azure-activedirectory-library-for-android/blob/dev/adal/src/main/java/com/microsoft/aad/adal/ADALError.java#L33) is the best error reference.
 
 #### Operating System errors
 
@@ -534,7 +534,7 @@ adb logcat > "C:\logmsg\logfile.txt";
 
 #### ADAL library errors
 
-To explore specific ADAL errors, the source code in the [azure-activedirectory-library-for-objc repository](https://github.com/AzureAD/azure-activedirectory-library-for-objc/blob/dev/ADAL/src/ADAuthenticationError.m#L295) is the best error reference.
+To explore specific ADAL errors, the source code in the [`azure-activedirectory-library-for-objc` repository](https://github.com/AzureAD/azure-activedirectory-library-for-objc/blob/dev/ADAL/src/ADAuthenticationError.m#L295) is the best error reference.
 
 #### Operating system errors
 
@@ -577,7 +577,7 @@ window.Logging = {
 
 * [Azure AD Authentication Libraries][AAD-Auth-Libraries]
 * [Azure AD Authentication Scenarios][AAD-Auth-Scenarios]
-* [Integrating Applications with Azure Active Directory][AAD-Integrating-Apps]
+* [Integrating Applications with Azure AD Authentication][AAD-Integrating-Apps]
 
 Use the comments section that follows, to provide feedback and help us refine and shape our content.
 
@@ -590,4 +590,3 @@ Use the comments section that follows, to provide feedback and help us refine an
 
 <!--Image references-->
 [AAD-Sign-In]:./media/active-directory-devhowto-multi-tenant-overview/sign-in-with-microsoft-light.png
-

articles/active-directory/azuread-dev/active-directory-devhowto-adal-error-handling.md

@@ -25,8 +25,8 @@ When developing a new application, it's important to know the differences betwee
 ![Who can sign in with v1.0 and v2.0 endpoints](media/azure-ad-endpoint-comparison/who-can-signin.svg)
 
 * The v1.0 endpoint allows only work and school accounts to sign in to your application (Azure AD)
-* The Microsoft identity platform endpoint allows work and school accounts from Azure AD and personal Microsoft accounts (MSA), such as hotmail.com, outlook.com, and msn.com, to sign in.
-* Both endpoints also accept sign-ins of *[guest users](../external-identities/what-is-b2b.md)* of an Azure AD directory for applications configured as *[single-tenant](../develop/single-and-multi-tenant-apps.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)* or for *multi-tenant* applications configured to point to the tenant-specific endpoint (`https://login.microsoftonline.com/{TenantId_or_Name}`).
+* The Microsoft identity platform endpoint allows work and school accounts from Microsoft Entra ID and personal Microsoft accounts (MSA), such as hotmail.com, outlook.com, and msn.com, to sign in.
+* Both endpoints also accept sign-ins of *[guest users](../external-identities/what-is-b2b.md)* of a Microsoft Entra directory for applications configured as *[single-tenant](../develop/single-and-multi-tenant-apps.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)* or for *multi-tenant* applications configured to point to the tenant-specific endpoint (`https://login.microsoftonline.com/{TenantId_or_Name}`).
 
 The Microsoft identity platform endpoint allows you to write apps that accept sign-ins from personal Microsoft accounts, and work and school accounts. This gives you the ability to write your app completely account-agnostic. For example, if your app calls the [Microsoft Graph](https://graph.microsoft.io), some additional functionality and data will be available to work accounts, such as their SharePoint sites or directory data. But for many actions, such as [Reading a user's mail](/graph/api/user-list-messages), the same code can access the email for both personal and work and school accounts.
 
@@ -124,7 +124,7 @@ The Microsoft identity platform endpoint will evolve to eliminate the restrictio
 
 ### Restrictions on app registrations
 
-For each app that you want to integrate with the Microsoft identity platform endpoint, you can create an app registration in the new [**App registrations** experience](https://aka.ms/appregistrations) in the Azure portal. Existing Microsoft account apps aren't compatible with the portal, but all Azure AD apps are, regardless of where or when they were registered.
+For each app that you want to integrate with the Microsoft identity platform endpoint, you can create an app registration in the new [**App registrations** experience](https://aka.ms/appregistrations) in the Azure portal. Existing Microsoft account apps aren't compatible with the portal, but all Microsoft Entra apps are, regardless of where or when they were registered.
 
 App registrations that support work and school accounts and personal accounts have the following caveats:
 
@@ -160,7 +160,7 @@ To better understand the scope of protocol functionality supported in the Micros
 
 #### SAML usage
 
-If you've used Active Directory Authentication Library (ADAL) in Windows applications, you might have taken advantage of Windows Integrated authentication, which uses the Security Assertion Markup Language (SAML) assertion grant. With this grant, users of federated Azure AD tenants can silently authenticate with their on-premises Active Directory instance without entering credentials. While [SAML is still a supported protocol](../develop/saml-protocol-reference.md) for use with enterprise users, the v2.0 endpoint is only for use with OAuth 2.0 applications.
+If you've used Active Directory Authentication Library (ADAL) in Windows applications, you might have taken advantage of Windows Integrated authentication, which uses the Security Assertion Markup Language (SAML) assertion grant. With this grant, users of federated Microsoft Entra tenants can silently authenticate with their on-premises Active Directory instance without entering credentials. While [SAML is still a supported protocol](../develop/saml-protocol-reference.md) for use with enterprise users, the v2.0 endpoint is only for use with OAuth 2.0 applications.
 
 ## Next steps
 

articles/active-directory/azuread-dev/azure-ad-endpoint-comparison.md

@@ -16,14 +16,14 @@ ms.workload: identity
 ROBOTS: NOINDEX
 ---
 
-# Developer guidance for the Azure Active Directory Conditional Access feature
+# Developer guidance for the Azure AD Conditional Access feature
 
 [!INCLUDE [active-directory-azuread-dev](../../../includes/active-directory-azuread-dev.md)]
 
 > [!NOTE]
-> For the Microsoft identity platform version of this article, see [Developer guidance for Azure Active Directory Conditional Access](../develop/v2-conditional-access-dev-guide.md).
+> For the Microsoft identity platform version of this article, see [Developer guidance for Microsoft Entra Conditional Access](../develop/v2-conditional-access-dev-guide.md).
 
-The Conditional Access feature in Azure Active Directory (Azure AD) offers one of several ways that you can use to secure your app and protect a service. Conditional Access enables developers and enterprise customers to protect services in a multitude of ways including:
+The Conditional Access feature in Microsoft Entra ID offers one of several ways that you can use to secure your app and protect a service. Conditional Access enables developers and enterprise customers to protect services in a multitude of ways including:
 
 * Multi-factor authentication
 * Allowing only Intune enrolled devices to access specific services
@@ -89,7 +89,7 @@ Developers can take this challenge and append it onto a new request to Azure AD.
 
 ### Prerequisites
 
-Azure AD Conditional Access is a feature included in [Azure AD Premium](../fundamentals/whatis.md). You can learn more about licensing requirements in the [unlicensed usage report](../reports-monitoring/overview-reports.md). Developers can join the [Microsoft Developer Network](/), which includes a free subscription to the Enterprise Mobility Suite, which includes Azure AD Premium.
+Microsoft Entra Conditional Access is a feature included in [Microsoft Entra ID P1 or P2](../fundamentals/whatis.md). You can learn more about licensing requirements in the [unlicensed usage report](../reports-monitoring/overview-reports.md). Developers can join the [Microsoft Developer Network](/), which includes a free subscription to the Enterprise Mobility Suite, which includes Microsoft Entra ID P1 or P2.
 
 ### Considerations for specific scenarios
 
@@ -176,7 +176,7 @@ To try out this scenario, see our [JS SPA On-behalf-of code sample](https://gith
 
 ## See also
 
-* To learn more about the capabilities, see [Conditional Access in Azure Active Directory](../conditional-access/overview.md).
-* For more Azure AD code samples, see [GitHub repo of code samples](https://github.com/azure-samples?utf8=%E2%9C%93&q=active-directory).
+* To learn more about the capabilities, see [Conditional Access in Microsoft Entra ID](../conditional-access/overview.md).
+* For more Microsoft Entra ID code samples, see [GitHub repo of code samples](https://github.com/azure-samples?utf8=%E2%9C%93&q=active-directory).
 * For more info on the ADAL SDK's and access the reference documentation, see [library guide](active-directory-authentication-libraries.md).
 * To learn more about multi-tenant scenarios, see [How to sign in users using the multi-tenant pattern](../develop/howto-convert-app-to-be-multi-tenant.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json).

articles/active-directory/azuread-dev/conditional-access-dev-guide.md

@@ -2,7 +2,7 @@
 
 title: Azure Active Directory for developers
 summary: |
-  Azure Active Directory (Azure AD) is a cloud identity service that allows developers to build apps that sign in users with a Microsoft work or school account. Azure AD supports building single-tenant line-of-business (LOB) apps as well as multi-tenant apps.
+  Azure Active Directory is a cloud identity service that allows developers to build apps that sign in users with a Microsoft work or school account. Azure AD supports building single-tenant line-of-business (LOB) apps as well as multi-tenant apps.
 
   IMPORTANT: This content is for the older Azure AD v1.0 endpoint, use the Microsoft identity platform (https://aka.ms/identityplatform) for new projects.
 
@@ -38,4 +38,4 @@ landingContent:
           - text: What is the Microsoft identity platform?
             url: ../develop/v2-overview.md
           - text: Migrate apps from ADAL to MSAL
-            url: ../develop/msal-migration.md
+            url: ../develop/msal-migration.md