Merge branch 'main' into MHDSMetadataSurveyE_19Jun25redux

Author: KendalBond007

.openpublishing.redirection.json

@@ -7058,6 +7058,12 @@
       "source_path": "articles/cyclecloud/release-notes/ccws/2025.02.06.md",
       "redirect_url": "/azure/cyclecloud/release-notes/ccws/2025-02-06",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/reliability/whats-new.md",
+      "redirect_url": "/azure/reliability/overview",
+      "redirect_document_id": false
     }
   ]
 }
+

articles/active-directory-b2c/billing.md

@@ -5,7 +5,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: reference
-ms.date: 05/20/2025
+ms.date: 06/10/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: fasttrack-edit
@@ -87,33 +87,6 @@ A subscription linked to an Azure AD B2C tenant can be used for the billing of A
 
 After you complete these steps for an Azure AD B2C tenant, your Azure subscription is billed based on your Azure Direct or Enterprise Agreement details, if applicable.
 
-
-<a name='change-your-azure-ad-pricing-tier'></a>
-
-## Change your Microsoft Entra pricing tier
-
-A tenant must be linked to the appropriate Azure pricing tier based on the features you want to use with your Azure AD B2C tenant. Premium features require Azure AD B2C Premium P1 or P2, as described in the [Azure Active Directory B2C pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/). 
-
-In some cases, you'll need to upgrade your pricing tier as you use new features. For example, if you want to use [Identity Protection](conditional-access-identity-protection-overview.md), risk-based Conditional Access policies, and any future Premium P2 capabilities with Azure AD B2C.
-
-To change your pricing tier, follow these steps:
-
-1. Sign in to the [Azure portal](https://portal.azure.com/).
-
-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra ID tenant from the **Directories + subscriptions** menu.
-
-1. In the search box at the top of the portal, enter the name of your Azure AD B2C tenant. Then select the tenant in the search results under **Resources**.
-    
-    ![Screenshot that shows how to select an Azure AD B2C tenant in Azure portal.](media/billing/select-azure-ad-b2c-tenant.png)
-
-1. On the resource **Overview** page, under **Pricing tier**, select **change**.
-
-   ![Screenshot that shows how to change the pricing tier.](media/billing/change-pricing-tier.png)
- 
-1. Select the pricing tier that includes the features you want to enable.
-
-   ![Screenshot that shows how to select the pricing tier.](media/billing/select-tier.png)
-
 Learn about the [Microsoft Entra ID features, which are supported in Azure AD B2C](supported-azure-ad-features.md). 
 
 

articles/active-directory-b2c/conditional-access-identity-protection-overview.md

@@ -4,7 +4,7 @@ description: Learn how Identity Protection gives you visibility into risky sign-
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: overview
-ms.date: 05/20/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 author: kengaderdus
 manager: mwongerapk
@@ -24,7 +24,7 @@ If you're already familiar with [Identity Protection](../active-directory/identi
 ![Conditional Access in a B2C tenant](media/conditional-access-identity-protection-overview/conditional-access-b2c.png)
 
 > [!NOTE]
-> Azure AD B2C **Premium P2** is required to create risky sign-in policies. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies. For more information, see [Change your Azure AD B2C pricing tier](billing.md#change-your-azure-ad-pricing-tier).
+> Azure AD B2C **Premium P2** is required to create risky sign-in policies but it has now been deprecated as of May 1, 2025.. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies.
 
 ## Benefits of Identity Protection and Conditional Access for Azure AD B2C
 

articles/active-directory-b2c/conditional-access-user-flow.md

@@ -5,7 +5,7 @@ description: Learn how to add Conditional Access to Azure AD B2C user flows. Con
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: overview
-ms.date: 02/18/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 author: kengaderdus
 manager: CelesteDG
@@ -86,7 +86,7 @@ When using the Microsoft Entra Conditional Access, consider the following:
 
 ## Pricing tier
 
-Azure AD B2C **Premium P2** is required to create risky sign-in policies. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies. For more information, see [Change your Azure AD B2C pricing tier](billing.md#change-your-azure-ad-pricing-tier)
+Azure AD B2C **Premium P2** is required to create risky sign-in policies but it has now been deprecated as of May 1, 2025. **Premium P1** tenants can create a policy that is based on location, application, user-based, or group-based policies.
 
 ## Prepare your Azure AD B2C tenant
 
@@ -438,4 +438,4 @@ To review the result of a Conditional Access event:
 
 ## Related content
 
-[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)
+[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)

articles/active-directory-b2c/custom-email-mailjet.md

@@ -45,7 +45,7 @@ If you don't already have one, start by setting up a Mailjet account (Azure cust
 2. Navigate to the [API Key Management page](https://dev.mailjet.com/email/guides/senders-and-domains/#use-a-sender-on-all-api-keys-(metasender)). Record the **API Key** and **Secret Key** for use in a later step. Both keys are generated automatically when your account is created.
 
 > [!IMPORTANT]
-> Mailjet offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://documentation.mailjet.com/hc/articles/360043101973-What-is-a-dedicated-IP). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [How do I warm up my IP ?](https://documentation.mailjet.com/hc/articles/1260803352789-How-do-I-warm-up-my-IP-).
+> Mailjet offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://documentation.mailjet.com/hc/en-us/articles/1260803352789-Dedicated-IPs-What-They-Are-and-How-to-Warm-Them-Up). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [How do I warm up my IP ?](https://documentation.mailjet.com/hc/articles/1260803352789-How-do-I-warm-up-my-IP-).
 
 ## Create Azure AD B2C policy key
 

articles/active-directory-b2c/faq.yml

@@ -8,7 +8,7 @@ metadata:
   ms.service: azure-active-directory
 
   ms.topic: faq
-  ms.date: 10/01/2024
+  ms.date: 06/12/2024
   ms.author: godonnell
   ms.subservice: b2c
   ms.custom: b2c-support, has-azure-ad-ps-ref,azure-ad-ref-level-one-done
@@ -269,7 +269,7 @@ sections:
       - question: |
           Can I purchase Microsoft Entra ID P1 and Microsoft Entra ID P2 licensing for my Azure AD B2C tenant?
         answer: |
-          No, Azure AD B2C tenants don't use Microsoft Entra ID P1 or Microsoft Entra ID P2 licensing. Azure AD B2C uses [Azure AD B2C Premium P1 or P2](billing.md#change-your-azure-ad-pricing-tier) licenses, which are different from Microsoft Entra ID P1 or P2 licenses for a Standard Microsoft Entra tenant. Azure AD B2C tenants natively support some features that are similar to Microsoft Entra ID P1 or P2 features, as explained in [Supported Microsoft Entra ID features](supported-azure-ad-features.md).
+          No, Azure AD B2C tenants don't use Microsoft Entra ID P1 or Microsoft Entra ID P2 licensing. Azure AD B2C uses Premium P1 or P2 licenses, which are no longer available for purchase as of May 1, 2025. They are different from Microsoft Entra ID P1 or P2 licenses for a Standard Microsoft Entra tenant. Azure AD B2C tenants natively support some features that are similar to Microsoft Entra ID P1 or P2 features, as explained in [Supported Microsoft Entra ID features](supported-azure-ad-features.md).
          
       - question: |
           Can I use a group-based assignment for Microsoft Entra Enterprise Applications in my Azure AD B2C tenant?

articles/active-directory-b2c/page-layout.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 02/27/2025
+ms.date: 06/12/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -65,6 +65,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## Self-asserted page (selfasserted)
 
+**2.1.35**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI.
+  
 **2.1.34**
 - Input labels are now consistently visible and accessible, enhancing user experience and clarity. A new `enableInputLabel` feature flag has been introduced, which is enabled by default, allowing clients to toggle the visibility of input labels according to their preferences.
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.
@@ -224,6 +227,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 > [!TIP]
 > If you localize your page to support multiple locales, or languages in a user flow. The [localization IDs](localization-string-ids.md) article provides the list of localization IDs that you can use for the page version you select.
 
+**2.1.23**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI.
+  
 **2.1.22**
 - Input labels are now consistently visible and accessible, enhancing user experience and clarity. A new `enableInputLabel` feature flag has been introduced, which is enabled by default, allowing clients to toggle the visibility of input labels according to their preferences.
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.
@@ -324,6 +330,9 @@ Azure AD B2C page layout uses the following versions of the [jQuery library](htt
 
 ## MFA page (multifactor)
 
+**1.2.21**
+- Enhanced CAPTCHA error handling now ensures that any validation failures—such as “unmatched challenge”—returned by the backend are consistently captured and displayed in the UI. 
+
 **1.2.20**
 - Resolved a problem with CAPTCHA input boxes to ensure smoother and more accurate interactions for Finnish language users.
 

articles/active-directory-b2c/partner-f5.md

@@ -140,7 +140,7 @@ To upgrade the Guided Configuration, go to my.f5.com for [K85454683: Upgrade F5
 
 Use BIG-IP configured with a client SSL profile to secure client-side traffic over TLS. Import a certificate that matches the domain name, used by the public-facing URL for your app. We recommend you use a public certificate authority, but you can use BIG-IP self-signed certificates for testing.
 
-To add and manage certificates in the BIG-IP VE, go to techdocs.f5.com for [BIG-IP System: SSL Administration](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-13-0-0.html).
+To add and manage certificates in the BIG-IP VE, go to techdocs.f5.com for [BIG-IP System: SSL Administration](https://techdocs.f5.com/en-us/bigip-17-5-0/big-ip-system-ssl-administration.html).
 
 
 ## Guided Configuration
@@ -453,4 +453,4 @@ The same access log provides detail.
   9. In the top-left corner, select **Apply Access Policy**. 
   10. Select **Apply**.
 
-For more information, go to techdocs.f5.com for [OAuth client and resource server troubleshooting tips](https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/37.html#GUID-774384BC-CF63-469D-A589-1595D0DDFBA2)
+For more information, go to techdocs.f5.com for [OAuth client and resource server troubleshooting tips](https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-access-policy-manager-oauth-configuration/apm-oauth-client-and-resource-server.html)

articles/active-directory-b2c/phone-based-mfa.md

@@ -82,7 +82,7 @@ You can use the workbook to understand phone-based MFA events and identify poten
 3. Mitigate fraudulent sign-ups by following the steps in the next section.
 
 
-## Mitigate fraudulent sign-ups
+## Mitigate fraudulent sign-ups for user flow
 
 Take the following actions to help mitigate fraudulent sign-ups.
 
@@ -97,12 +97,13 @@ Take the following actions to help mitigate fraudulent sign-ups.
    1. Sign in to the [Azure portal](https://portal.azure.com) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
    1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
    1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-   1. Select the user flow, and then select **Languages**. Select the language for your organization's geographic location to open the language details panel. (For this example, we'll select **English en** for the United States). Select **Multifactor authentication page**, and then select **Download defaults (en)**.
+   1. Select the user flow, and then select **Languages**. Select the language for your organization's primary geographic location to open the language details panel. (For this example, we'll select **English en** for the United States). Select **Multifactor authentication page**, and then select **Download defaults (en)**.
 
       ![Upload new overrides to download defaults](media/phone-based-mfa/download-defaults.png)
 
    1. Open the JSON file that was downloaded in the previous step. In the file, search for `DEFAULT`, and replace the line with `"Value": "{\"DEFAULT\":\"Country/Region\",\"US\":\"United States\"}"`. Be sure to set `Overrides` to `true`.
 
+ To implement SMS blocking effectively, make sure the Overrides setting is enabled (set to true) only for your organization’s primary or default language. Do not enable Overrides for any secondary or non-primary languages, as this can cause unexpected SMS blocking. Since the countryList in the JSON file acts as an allow list, be sure to include all countries that should be permitted to send SMS in this list for the primary language configuration when Overrides is true.
    > [!NOTE]
    > You can customize the list of allowed country codes in the `countryList` element (see the [Phone factor authentication page example](localization-string-ids.md#phone-factor-authentication-page-example)).
 
@@ -111,6 +112,50 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
       ![Country code drop-down](media/phone-based-mfa/country-code-drop-down.png)
 
+## Mitigate fraudulent sign-ups for custom policy
+
+To help prevent fraudulent sign-ups, remove any country codes that do not apply to your organization by following these steps:
+
+1. Locate the policy file that defines the `RelyingParty`. For example, in the [Starter Pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack), this is usually the SignUpOrSignin.xml file.
+
+1. In the `BuildingBlocks` section of this policy file, add the following code. Make sure to include only the country codes relevant to your organization:
+
+   ```xml
+    <BuildingBlocks>
+
+      <ContentDefinitions>
+        <ContentDefinition Id="api.phonefactor">
+          <LoadUri>~/tenant/templates/AzureBlue/multifactor-1.0.0.cshtml</LoadUri>
+          <DataUri>urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.20</DataUri>
+          <Metadata>
+            <Item Key="TemplateId">azureBlue</Item>
+          </Metadata>
+          <LocalizedResourcesReferences MergeBehavior="Prepend">
+            <!-- Add only primary business language here -->
+            <LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.phonefactor.en" />        
+          </LocalizedResourcesReferences>
+        </ContentDefinition>
+      </ContentDefinitions>
+
+      <Localization Enabled="true">
+        <SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
+          <!-- Add only primary business language here -->
+          <SupportedLanguage>en</SupportedLanguage>
+        </SupportedLanguages>
+
+        <!-- Phone factor for primary business language -->
+        <LocalizedResources Id="api.phonefactor.en">
+          <LocalizedStrings>
+           <LocalizedString ElementType="UxElement" StringId="countryList">{"DEFAULT":"Country/Region","JP":"Japan","BG":"Bulgaria","US":"United States"}</LocalizedString>
+          </LocalizedStrings>
+        </LocalizedResources>
+      </Localization>
+
+     </BuildingBlocks>
+    ```
+   
+The countryList acts as an allow list. Only the countries you specify in this list (for example, Japan, Bulgaria, and the United States) are permitted to use MFA. All other countries are blocked.
+
 ## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md)