Merge branch 'master' of https://github.com/Microsoft/azure-docs-pr into azureadds-linux-domain-join

Author: iainfoulds

.openpublishing.publish.config.json

@@ -90,6 +90,12 @@
       "url": "https://github.com/Azure/azure-docs-json-samples",
       "branch": "master"
     },
+    {
+      "path_to_root": "samples-key-vault-dotnet-quickstart",
+      "url": "https://github.com/Azure-Samples/key-vault-dotnet-core-quickstart",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "samples-mediaservices-integration",
       "url": "https://github.com/Azure-Samples/media-services-dotnet-functions-integration",

.openpublishing.redirection.json

@@ -309,7 +309,7 @@
       href: b2clogin.md
     - name: Migrate web API to b2clogin.com
       href: multiple-token-endpoints.md
-      displayName: migrate, b2clogin, owin, jwt
+      displayName: migrate, b2clogin, owin
   - name: Automation
     items:
     - name: Export usage report
@@ -318,6 +318,9 @@
       href: active-directory-b2c-devquickstarts-graph-dotnet.md
   - name: Audit logs
     href: active-directory-b2c-reference-audit-logs.md
+  - name: Secure API Management API
+    href: secure-api-management.md
+    displayName: apim, api management, migrate, b2clogin.com
   - name: Compliance
     items:
     - name: User access

articles/active-directory-b2c/TOC.yml

@@ -38,13 +38,15 @@ After you have a B2C tenant, you need to register your application using the [Az
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Choose your Azure AD B2C tenant by selecting your account in the top right corner of the page.
-3. In the left-hand navigation pane, choose **All Services**, click **App Registrations**, and click **Add**.
+3. In the left-hand navigation pane, choose **All Services**, click **App Registrations**, and click **New registration**.
 4. Follow the prompts and create a new application. 
-    1. Select **Web App / API** as the Application Type.    
-    2. Provide **any Sign-on URL** (e.g. `https://B2CGraphAPI`) as it's not relevant for this example.  
+    1. Add an appropriate name
+    2. Select **Accounts in this Organizational directory only**
+    3. Select **Web** as the Application Type and provide **any Sign-on URL** (e.g. `https://B2CGraphAPI`) as it's not relevant for this example.  
+    4. Click Register.
 5. The application will now show up in the list of applications, click on it to obtain the **Application ID** (also known as Client ID). Copy it as you'll need it in a later section.
-6. In the Settings menu, click **Keys**.
-7. In the **Passwords** section, enter the key description and select a duration, and then click **Save**. Copy the key value (also known as Client Secret) for use in a later section.
+6. In the Settings menu, click **Certificates & secrets**.
+7. In the **Client secrets** section, click on **New client secret**, provide a description for the secret and select a duration, and then click **Add**. Copy the value of the secret (also known as Client Secret) for use in a later section.
 
 ## Configure create, read and update permissions for your application
 Now you need to configure your application to get all the required permissions to create, read, update and delete users.

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/08/2019
+ms.date: 08/31/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -39,11 +39,9 @@ User accounts for applications must always be created through a sign-up user flo
 
 ### Which social identity providers do you support now? Which ones do you plan to support in the future?
 
-We currently support Facebook, Google+, LinkedIn, Amazon, Twitter (preview), WeChat (preview), Weibo (preview), and QQ (Preview). We will add support for other popular social identity providers based on customer demand.
+We currently support several social identity providers including Amazon, Facebook, GitHub (preview), Google, LinkedIn, Microsoft Account (MSA), QQ (preview), Twitter, WeChat (preview), and Weibo (preview). We evaluate adding support for other popular social identity providers based on customer demand.
 
-Azure AD B2C has also added support for [custom policies](active-directory-b2c-overview-custom.md). These custom policies allow a developer to create their own policy with any identity provider that supports [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) or SAML.
-
-Get started with custom policies by checking out our [custom policy starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack).
+Azure AD B2C also supports [custom policies](active-directory-b2c-overview-custom.md). Custom policies allow you to create your own policy for any identity provider that supports [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) or SAML. Get started with custom policies by checking out our [custom policy starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack).
 
 ### Can I configure scopes to gather more information about consumers from various social identity providers?
 
@@ -122,9 +120,9 @@ No, Azure AD B2C does not support the same set of reports as Azure AD Premium. H
 
 Yes!  Read about [language customization](active-directory-b2c-reference-language-customization.md), which is in public preview. We provide translations for 36 languages, and you can override any string to suit your needs.
 
-### Can I use my own URLs on my sign-up and sign-in pages that are served by Azure AD B2C? For instance, can I change the URL from login.microsoftonline.com to login.contoso.com?
+### Can I use my own URLs on my sign-up and sign-in pages that are served by Azure AD B2C? For instance, can I change the URL from contoso.b2clogin.com to login.contoso.com?
 
-Not currently. This feature is on our roadmap. Verifying your domain in the **Domains** tab in the Azure portal does not accomplish this goal.
+Not currently. This feature is on our roadmap. Verifying your domain in the **Domains** tab in the Azure portal does not accomplish this goal. However, with b2clogin.com, we offer a [neutral top level domain](b2clogin.md), and thus the external appearance can be implemented without the mention of Microsoft.
 
 ### How do I delete my Azure AD B2C tenant?
 
@@ -141,7 +139,7 @@ Follow these steps to delete your Azure AD B2C tenant:
 1. Select **View all applications**
 1. Select the application named **b2c-extensions-app**, select **Delete**, and then select **Yes** when prompted.
 1. Under **Manage**, select **User settings**.
-1. Under **LinkedIn account connections**, select **No**, then select **Save**.
+1. If present, under **LinkedIn account connections**, select **No**, then select **Save**.
 1. Under **Manage**, select **Properties**
 1. Under **Access management for Azure resources**, select **Yes**, and then select **Save**.
 1. Sign out of the Azure portal and then sign back in to refresh your access.

articles/active-directory-b2c/active-directory-b2c-faqs.md

@@ -51,7 +51,7 @@ The customer identity and access management (CIAM) service in Azure includes:
 
 Azure AD B2C interacts with identity providers, users, other systems, and with the local user directory in sequence to achieve an identity task. For example, sign in a user, register a new user, or reset a password. The Identity Experience Framework and a policy (also called a user journey or a trust framework policy) establishes multi-party trust and explicitly defines the actors, the actions, the protocols, and the sequence of steps to complete.
 
-The Identity Experience Framework is a fully configurable, policy-driven, cloud-based Azure platform that orchestrates trust between entities in standard protocol formats such as OpenID Connect, OAuth, SAML, WSFed, and a few non-standard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences that support HTML and CSS.
+The Identity Experience Framework is a fully configurable, policy-driven, cloud-based Azure platform that orchestrates trust between entities in standard protocol formats such as OpenID Connect, OAuth, SAML, and a few non-standard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences that support HTML and CSS.
 
 A custom policy is represented as one or several XML-formatted files that refer to each other in a hierarchical chain. The XML elements define the claims schema, claims transformations, content definitions, claims providers, technical profiles, and user journey orchestration steps, among other elements. A custom policy is accessible as one or several XML files that are executed by the Identity Experience Framework when invoked by a relying party. Developers configuring custom policies must define the trusted relationships in careful detail to include metadata endpoints, exact claims exchange definitions, and configure secrets, keys, and certificates as needed by each identity provider.
 

articles/active-directory-b2c/active-directory-b2c-overview-custom.md

@@ -1,6 +1,6 @@
 ---
-title: Quickstart - Set up sign-in for a desktop app using Azure Active Directory B2C | Microsoft Docs
-description: Run a sample ASP.NET desktop application that uses Azure Active Directory B2C to provide account sign-in.
+title: Quickstart - Set up sign-in for a desktop app using Azure Active Directory B2C
+description: Run a sample WPF desktop application that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: quickstart
 ms.custom: mvc
-ms.date: 11/30/2018
+ms.date: 09/12/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -23,7 +23,7 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 ## Prerequisites
 
 - [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
-- A social account from either Facebook, Google, Microsoft, or Twitter.
+- A social account from either Facebook, Google, or Microsoft.
 - [Download a zip file](https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop/archive/master.zip) or clone the sample web app from GitHub.
 
     ```
@@ -41,10 +41,10 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 
     ![Screenshot of the sample WPF application](media/active-directory-b2c-quickstarts-desktop-app/wpf-sample-application.png)
 
-    The sample supports several sign-up options. These options include using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, Microsoft, or Twitter.
+    The sample supports several sign-up options. These options include using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, or Microsoft.
 
 
-2. Azure AD B2C presents a custom login page for a fictitious brand called Wingtip Toys for the sample web app. To sign up using a social identity provider, click the button of the identity provider you want to use.
+2. Azure AD B2C presents a sign-in page for a fictitious company called Fabrikam for the sample web application. To sign up using a social identity provider, click the button of the identity provider you want to use.
 
     ![Sign In or Sign Up page showing identity providers](media/active-directory-b2c-quickstarts-desktop-app/sign-in-or-sign-up-wpf.png)
 
@@ -62,7 +62,7 @@ Azure AD B2C provides functionality to allow users to update their profiles. The
 
     ![Edit profile button highlighted in WPF sample app](media/active-directory-b2c-quickstarts-desktop-app/edit-profile-wpf.png)
 
-2. Choose the identity provider associated with the account you created. For example, if you used Twitter as the identity provider when you created your account, choose Twitter to modify the associated profile details.
+2. Choose the identity provider associated with the account you created. For example, if you used Facebook as the identity provider when you created your account, choose Facebook to modify the associated profile details.
 
 3. Change your **Display name** or **City**, and then click **Continue**.
 

articles/active-directory-b2c/active-directory-b2c-quickstarts-desktop-app.md

@@ -1,5 +1,5 @@
 ---
-title: Quickstart - Set up sign-in for a single-page app using Azure Active Directory B2C | Microsoft Docs
+title: Quickstart - Set up sign-in for a single-page app using Azure Active Directory B2C
 description: Run a sample single-page application that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: quickstart
-ms.date: 10/24/2018
+ms.date: 09/12/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -23,7 +23,7 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 
 - [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
 - Install [Node.js](https://nodejs.org/en/download/)
-- A social account from either Facebook, Google, Microsoft, or Twitter.
+- A social account from either Facebook, Google, or Microsoft.
 - [Download a zip file](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp/archive/master.zip) or clone the sample web app from GitHub.
 
     ```
@@ -54,9 +54,9 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 
     ![Single-page application sample app shown in browser](media/active-directory-b2c-quickstarts-spa/sample-app-spa.png)
 
-    The sample supports several sign-up options including using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, Microsoft, or Twitter.
+    The sample supports several sign-up options including using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, or Microsoft.
 
-2. Azure AD B2C presents a custom login page for a fictitious brand called Wingtip Toys for the sample web app. To sign up using a social identity provider, click the button of the identity provider you want to use.
+2. Azure AD B2C presents a sign-in page for a fictitious company called Fabrikam for the sample web application. To sign up using a social identity provider, click the button of the identity provider you want to use.
 
     ![Sign In or Sign Up page showing identity provider buttons](media/active-directory-b2c-quickstarts-spa/sign-in-or-sign-up-spa.png)
 

articles/active-directory-b2c/active-directory-b2c-quickstarts-spa.md

@@ -1,5 +1,5 @@
 ---
-title: Quickstart - Set up sign in for an ASP.NET application using Azure Active Directory B2C | Microsoft Docs
+title: Quickstart - Set up sign in for an ASP.NET application using Azure Active Directory B2C
 description: Run a sample ASP.NET web app that uses Azure Active Directory B2C to provide account sign-in.
 services: active-directory-b2c
 author: mmacy
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.topic: quickstart
 ms.custom: mvc
-ms.date: 11/30/2018
+ms.date: 09/12/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -22,14 +22,14 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 ## Prerequisites
 
 - [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
-- A social account from either Facebook, Google, Microsoft, or Twitter.
+- A social account from Facebook, Google, or Microsoft.
 - [Download a zip file](https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi/archive/master.zip) or clone the sample web application from GitHub.
 
     ```
     git clone https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi.git
     ```
 
-    These two projects are in the sample solution:
+    There are two projects are in the sample solution:
 
     - **TaskWebApp** - A web application that creates and edits a task list. The web application uses the **sign-up or sign-in** user flow to sign up or sign in users.
     - **TaskService** - A web API that supports the create, read, update, and delete task list functionality. The web API is protected by Azure AD B2C and called by the web application.
@@ -51,9 +51,9 @@ Azure Active Directory (Azure AD) B2C provides cloud identity management to keep
 
     ![Sample ASP.NET web app in browser with sign up/sign link highlighted](media/active-directory-b2c-quickstarts-web-app/web-app-sign-in.png)
 
-    The sample supports several sign-up options including using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, Microsoft, or Twitter.
+    The sample supports several sign-up options including using a social identity provider or creating a local account using an email address. For this quickstart, use a social identity provider account from either Facebook, Google, or Microsoft.
 
-2. Azure AD B2C presents a custom sign-in page for a fictitious brand called Wingtip Toys for the sample web application. To sign up using a social identity provider, click the button of the identity provider you want to use.
+2. Azure AD B2C presents a sign-in page for a fictitious company called Fabrikam for the sample web application. To sign up using a social identity provider, click the button of the identity provider you want to use.
 
     ![Sign In or Sign Up page showing identity provider buttons](media/active-directory-b2c-quickstarts-web-app/sign-in-or-sign-up-web.png)