Merge pull request #189772 from MicrosoftDocs/main

2/25 AM Publish

Author: huypub

articles/active-directory-domain-services/tutorial-create-replica-set.md

@@ -111,6 +111,7 @@ To delete a replica set, complete the following steps:
 1. Choose your managed domain, such as *aaddscontoso.com*.
 1. On the left-hand side, select **Replica sets**. From the list of replica sets, select the **...** context menu next to the replica set you want to delete.
 1. Select **Delete** from the context menu, then confirm you want to delete the replica set.
+1. In the Azure ADDS management VM, access the DNS console and manually delete DNS records for the domain controllers from the deleted replica set.
 
 > [!NOTE]
 > Replica set deletion may be a time-consuming operation.

articles/active-directory/develop/mobile-app-quickstart-portal-android.md

@@ -34,7 +34,7 @@ Applications must be represented by an app object in Azure Active Directory so t
 ### Step 1: Configure your application in the Azure portal
 For the code sample in this quickstart to work, add a **Redirect URI** compatible with the Auth broker.
 > [!div id="makechanges" class="nextstepaction" class="configure-app-button"]
-> [Make these changes for me]()
+> <button>Make this change for me</button>
 
 > [!div id="appconfigured" class="alert alert-info"]
 > ![Already configured](media/quickstart-v2-android/green-check.png) Your application is configured with these attributes

articles/active-directory/develop/mobile-app-quickstart-portal-ios.md

@@ -35,9 +35,9 @@ The quickstart applies to both iOS and macOS apps. Some steps are needed only fo
 ![Shows how the sample app generated by this quickstart works](media/quickstart-v2-ios/ios-intro.svg)
 
 #### Step 1: Configure your application
-For the code sample for this quickstart to work, add a **Redirect URI** compatible with the Auth broker.
+For the code sample in this quickstart to work, add a **Redirect URI** compatible with the Auth broker.
 > [!div id="makechanges" class="nextstepaction" class="configure-app-button"]
-> [Make this change for me]()
+> <button>Make this change for me</button>
 
 > [!div id="appconfigured" class="alert alert-info"]
 > ![Already configured](media/quickstart-v2-ios/green-check.png) Your application is configured with these attributes

articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md

@@ -307,9 +307,6 @@ In the code above:
 
 You can find more details about how Microsoft.Identity.Web enables you to create web apps in <https://aka.ms/ms-id-web/webapp>
 
-> [!WARNING]
-> Currently, Microsoft.Identity.Web does not support the scenario of **Individual User Accounts** (storing user accounts in-app) when using Azure AD as and external login provider. For details, see: [AzureAD/microsoft-identity-web#133](https://github.com/AzureAD/microsoft-identity-web/issues/133)
-
 # [ASP.NET](#tab/aspnet)
 
 The code related to authentication in an ASP.NET web app and web APIs is located in the [App_Start/Startup.Auth.cs](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/a2da310539aa613b77da1f9e1c17585311ab22b7/WebApp/App_Start/Startup.Auth.cs#L17-L61) file.

articles/active-directory/manage-apps/f5-big-ip-oracle-jde-easy-button.md

@@ -43,7 +43,7 @@ The secure hybrid access solution for this scenario is made up of several compon
 
 **Azure AD:** Security Assertion Markup Language (SAML) Identity Provider (IdP) responsible for verification of user credentials, Conditional Access (CA), and SSO to the BIG-IP.
 
-**BIG-IP APM:** Reverse proxy and SAML service provider (SP) to the application, delegating authentication to the SAML IdP before performing header-based SSO to the Oracle service.
+**BIG-IP:** Reverse proxy and SAML service provider (SP) to the application, delegating authentication to the SAML IdP before performing header-based SSO to the Oracle service.
 
 SHA for this scenario supports both SP and IdP initiated flows. The following image illustrates the SP initiated flow.
 
@@ -146,9 +146,9 @@ Initiate the **Easy Button** configuration to set up a SAML Service Provider (SP
 
 ### Configuration Properties
 
-The **Configuration Properties** tab creates up a new application config and SSO object. Consider **Azure Service Account Details** section to be the client application you registered in your Azure AD tenant earlier. These settings allow a BIG-IP to programmatically register a SAML application directly in your tenant, along with the properties you would normally configure manually. Easy Button does this for every BIG-IP APM service being enabled for SHA.
+The **Configuration Properties** tab creates a new application config and SSO object. Consider **Azure Service Account Details** section to be the client application you registered in your Azure AD tenant earlier. These settings allow a BIG-IP to programmatically register a SAML application directly in your tenant, along with the properties you would normally configure manually. Easy Button does this for every BIG-IP APM service being enabled for SHA.
 
-Some of these are global settings so can be re-used for publishing more applications, further reducing deployment time and effort.
+Some of these are global settings can be re-used for publishing more applications, further reducing deployment time and effort.
 
 1. Provide a unique **Configuration Name** that enables an admin to easily distinguish between Easy Button configurations
 

articles/active-directory/reports-monitoring/howto-download-logs.md

@@ -12,7 +12,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 05/14/2021
+ms.date: 02/25/2022
 ms.author: markvi
 ms.reviewer: besiler 
 
@@ -39,8 +39,6 @@ This article explains how to download activity logs in Azure AD.
 
 - By downloading the logs, you can control for how long logs are stored. 
 
-- You can download up to 250 000 records. If you want to download more data, use the reporting API.
-
 - Your download is based on the filter you have set. 
 
 - Azure AD supports the following formats for your download:
@@ -51,6 +49,7 @@ This article explains how to download activity logs in Azure AD.
 
 - The timestamps in the downloaded files are always based on UTC.
 
+- For large data sets (> 250 000 records), you should use the reporting API to download the data.
 
 
 ## What license do you need?

articles/active-directory/verifiable-credentials/media/verifiable-credentials-configure-tenant/issuer-service-key-vault-access-policy.png

@@ -7,7 +7,7 @@ author: barclayn
 manager: karenhoran
 ms.author: barclayn
 ms.topic: tutorial
-ms.date: 10/08/2021
+ms.date: 02/24/2022
 # Customer intent: As an enterprise, we want to enable customers to manage information about themselves by using verifiable credentials.
 
 ---
@@ -31,7 +31,7 @@ The following diagram illustrates the Azure AD Verifiable Credentials architectu
 
 ![Diagram that illustrates the Azure AD Verifiable Credentials architecture.](media/verifiable-credentials-configure-tenant/verifiable-credentials-architecture.png)
 
-See a [video walkthrough](https://www.youtube.com/watch?v=8jqjHjQo-3c) of setting up the Azure AD Verifiable Credential service, including all prerequisites, like Azure AD and an Azure subscription.
+See a [video walkthrough](https://www.youtube.com/watch?v=8jqjHjQo-3c) going over the setup of the Azure AD Verifiable Credential service.
 
 ## Prerequisites
 
@@ -82,6 +82,8 @@ After you create your key vault, Verifiable Credentials generates a set of keys
 
 A Key Vault [access policy](../../key-vault/general/assign-access-policy.md) defines whether a specified security principal can perform operations on Key Vault secrets and keys. Set access policies in your key vault for both the administrator account of the Azure AD Verifiable Credentials service, and for the Request Service API principal that you created.
 
+### Set access policies for the Verifiable Credentials Admin user
+
 1. In the [Azure portal](https://portal.azure.com/), go to the key vault you use for this tutorial.
 
 1. Under **Settings**, select **Access policies**.
@@ -94,20 +96,34 @@ A Key Vault [access policy](../../key-vault/general/assign-access-policy.md) def
 
 1. To save the changes, select **Save**.
 
+### Set access policies for the Verifiable Credentials Issuer and Request services
+
 1. Select **+ Add Access Policy** to add permission to the service principal of the **Verifiable Credential Request Service**.
 
 1. In **Add access policy**:
 
     1. For **Key permissions**, select **Get** and **Sign**.
 
-    1. For **Secret permissions**, select **Get**.
-
     1. For **Select principal**, select **Verifiable Credential Request Service**.
 
     1. Select **Add**.  
         
-       ![Screenshot that demonstrates how to add an access policy for the Verifiable Credential Request Service.](media/verifiable-credentials-configure-tenant/set-key-vault-service-principal-access-policy.png)
+    :::image type="content" source="media/verifiable-credentials-configure-tenant/request-service-key-vault-access-policy.png" alt-text="Screenshot that demonstrates how to add an access policy for the Verifiable Credential Issuer Service." :::
+
+The access policies for the Verifiable Credentials Issuer service should be added automatically. If the **Verifiable Credential Issuer Service** doesn't appear in the list of access policies, take the following steps to manually add access policies to the service.
+
+1. Select **+ Add Access Policy** to add permission to the service principal of the **Verifiable Credential Issuer Service**.
+
+1. In **Add access policy**:
+
+    1. For **Key permissions**, select **Get** and **Sign**.
+
+    1. For **Select principal**, select **Verifiable Credential Issuer Service**.
+
+    1. Select **Add**.  
 
+     :::image type="content" source="media/verifiable-credentials-configure-tenant/issuer-service-key-vault-access-policy.png" alt-text="Screenshot that demonstrates how to add an access policy for the Verifiable Credential Request Service." :::
+       
 1. Select **Save** to save the new policy you created.
 
 ## Register an application in Azure AD
@@ -166,7 +182,7 @@ To set up Azure AD Verifiable Credentials, follow these steps:
 
     1. **Organization name**: Enter a name to reference your business within Verifiable Credentials. Your customers don't see this name.
 
-    1. **Domain**: Enter a domain that's added to a service endpoint in your decentralized identity (DID) document. The domain is what binds your DID to something tangible that the user might know about your business. Microsoft Authenticator and other digital wallets use this information to validate that your DID is linked to your domain. If the wallet can verify the DID, it displays a verified symbol. If the wallet can't verify the DID, it informs the user that the credential was issued by an organization it couldn't validate.   
+    1. **Domain**: Enter a domain that's added to a service endpoint in your decentralized identity (DID) document. The domain is what binds your DID to something tangible that the user might know about your business. Microsoft Authenticator and other digital wallets use this information to validate that your DID is linked to your domain. If the wallet can verify the DID, it displays a verified symbol. If the wallet can't verify the DID, it informs the user that the credential was issued by an organization it couldn't validate.
             
         >[!IMPORTANT]
         > The domain can't be a redirect. Otherwise, the DID and domain can't be linked. Make sure to use HTTPS for the domain. For example: `https://contoso.com`.
@@ -180,4 +196,4 @@ To set up Azure AD Verifiable Credentials, follow these steps:
 ## Next steps
 
 - [Learn how to issue Azure AD Verifiable Credentials from a web application](verifiable-credentials-configure-issuer.md).
-- [Learn how to verify Azure AD Verifiable Credentials](verifiable-credentials-configure-verifier.md).
+- [Learn how to verify Azure AD Verifiable Credentials](verifiable-credentials-configure-verifier.md).