MicrosoftDocs
diff --git a/‎.openpublishing.publish.config.json
Lines changed: 6 additions & 0 deletions b/‎.openpublishing.publish.config.json
Lines changed: 6 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-setup-fb-app.md
Lines changed: 7 additions & 7 deletions b/‎articles/active-directory-b2c/active-directory-b2c-setup-fb-app.md
Lines changed: 7 additions & 7 deletions
diff --git a/‎articles/active-directory-b2c/ropc-custom.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/ropc-custom.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-b2c/tutorial-create-tenant.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/tutorial-create-tenant.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/develop/authentication-scenarios.md
Lines changed: 5 additions & 8 deletions b/‎articles/active-directory/develop/authentication-scenarios.md
Lines changed: 5 additions & 8 deletions
diff --git a/‎articles/active-directory/devices/hybrid-azuread-join-federated-domains.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/devices/hybrid-azuread-join-federated-domains.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/devices/hybrid-azuread-join-managed-domains.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/devices/hybrid-azuread-join-managed-domains.md
Lines changed: 3 additions & 3 deletions
@@ -306,6 +306,12 @@
       "branch": "master",
       "branch_mapping": {}
     },
+    {
+      "path_to_root": "cosmosdb-nodejs-get-started",
+      "url": "https://github.com/Azure-Samples/azure-cosmos-db-sql-api-nodejs-getting-started",
+      "branch": "master",
+      "branch_mapping": {}
+    },
     {
       "path_to_root": "cognitive-services-content-moderator-samples",
       "url": "https://github.com/Azure-Samples/cognitive-services-content-moderator-samples",
 
@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/11/2018
+ms.date: 06/05/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -20,26 +20,26 @@ ms.subservice: B2C
 To use a Facebook account as an [identity provider](active-directory-b2c-reference-oauth-code.md) in Azure Active Directory (Azure AD) B2C, you need to create an application in your tenant that represents it. If you don’t already have a Facebook account, you can get it at [https://www.facebook.com/](https://www.facebook.com/).
 
 1. Sign in to [Facebook for developers](https://developers.facebook.com/) with your Facebook account credentials.
-2. If you have not already done so, you need to register as a Facebook developer. To do this, select **Register** on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.
-3. Select **My Apps** and then click **Add a New App**. 
+2. If you have not already done so, you need to register as a Facebook developer. To do this, select **Get Started** on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.
+3. Select **My Apps** and then **Add New App**.
 4. Enter a **Display Name** and a valid **Contact Email**.
 5. Click **Create App ID**. This may require you to accept Facebook platform policies and complete an online security check.
 6. Select **Settings** > **Basic**.
 7. Choose a **Category**, for example `Business and Pages`. This value is required by Facebook, but not used for Azure AD B2C.
 8. At the bottom of the page, select **Add Platform**, and then select **Website**.
 9. In **Site URL**, enter `https://your-tenant-name.b2clogin.com/` replacing `your-tenant-name` with the name of your tenant. Enter a URL for the **Privacy Policy URL**, for example `http://www.contoso.com`. The policy URL is a page you maintain to provide privacy information for your application.
 10. Select **Save Changes**.
-11. At the top of the page, copy the value of **App ID**. 
+11. At the top of the page, copy the value of **App ID**.
 12. Click **Show** and copy the value of **App Secret**. You use both of them to configure Facebook as an identity provider in your tenant. **App Secret** is an important security credential.
-13. Select **Products**, and then select **Set up** under **Facebook Login**.
-14. Select **Settings** under **Facebook Login**.
+13. Select the plus sign next to **PRODUCTS**, and then select **Set up** under **Facebook Login**.
+14. Under **Facebook Login**, select **Settings**.
 15. In **Valid OAuth redirect URIs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant. Click **Save Changes** at the bottom of the page.
 16. To make your Facebook application available to Azure AD B2C, click the Status selector at the top right of the page and turn it **On** to make the Application public, and then click **Confirm**.  At this point the Status should change from **Development** to **Live**.
 
 ## Configure a Facebook account as an identity provider
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant. 
+2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
 3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 4. Select **Identity providers**, and then select **Add**.
 5. Enter a **Name**. For example, enter *Facebook*.
 
@@ -136,7 +136,7 @@ Complete the steps in [Get started with custom policies in Azure Active Director
     </TechnicalProfile>
     ```
 
-    Replace the **DefaultValue** of **client_id** and **resource_id** with the Application ID of the ProxyIdentityExperienceFramework application that you created in the prerequisite tutorial.
+    Replace the **DefaultValue** of **client_id** with the Application ID of the ProxyIdentityExperienceFramework application that you created in the prerequisite tutorial. Then replace **DefaultValue** of **resource_id** with the Application ID  of the IdentityExperienceFramework application that you also created in the prerequisite tutorial.  
 
 5. Add following **ClaimsProvider** elements with their technical profiles to the **ClaimsProviders** element:
 
 
@@ -30,7 +30,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 ## Create an Azure AD B2C tenant
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Make sure that you are using the directory that contains your subscription by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains it. This directory is different than the one that will contain your Azure AD B2C tenant.
+2. Make sure that you are using the directory that contains your subscription by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains it. This directory is different from the one that will contain your Azure AD B2C tenant.
 
     ![Switch to subscription directory](./media/tutorial-create-tenant/switch-directory-subscription.png)
 
 
@@ -82,14 +82,11 @@ The following diagram shows a simplified Microsoft identity platform provisionin
 
 In this provisioning flow:
 
-|   |   |
-|---|---|
-| 1 | A user from tenant B attempts to sign in with the app |
-| 2 | The user credentials are acquired and verified |
-| 3 | The user is prompted to consent for the app to gain access to tenant B |
-| 4 | Microsoft identity platform uses the application object in A as a blueprint for creating a service principal in tenant B |
-| 5 | The user receives the requested token |
-|   |   |
+1. A user from tenant B attempts to sign in with the app, the authorization endpoint requests a token for the application.
+1. The user credentials are acquired and verified for authentication
+1. The user is prompted to provide consent for the app to gain access to tenant B
+1. Microsoft identity platform uses the application object in tenant A as a blueprint for creating a service principal in tenant B
+1. The user receives the requested token
 
 You can repeat this process as many times as you want for other tenants (C, D, and so on). Tenant A retains the blueprint for the app (application object). Users and admins of all the other tenants where the app is given consent retain control over what the application is allowed to do through the corresponding service principal object in each tenant. For more information, see [Application and service principal objects in Microsoft identity platform](app-objects-and-service-principals.md).
 
 
@@ -70,7 +70,7 @@ Hybrid Azure AD join requires the devices to have access to the following Micros
 
 Beginning with Windows 10 1803, if the instantaneous Hybrid Azure AD join for federated environment using AD FS fails, we rely on Azure AD Connect to sync the computer object in Azure AD that is subsequently used to complete the device registration for Hybrid Azure AD join. Verify that Azure AD Connect has synchronized the computer objects of the devices you want to be hybrid Azure AD joined to Azure AD. If the computer objects belong to specific organizational units (OU), then these OUs need to be configured for synchronization in Azure AD connect as well. To learn more on how to synchronize computer objects using Azure AD Connect, see the article on [Configure filtering using Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering).
 
-If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/previous-versions/tn-archive/cc302643(v=technet.10). 
+If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/previous-versions/tn-archive/cc302643(v=technet.10)). 
 
 If you are not using WPAD and need to configure proxy settings on your computer, you can do so starting with Windows 10 1709, by [configuring WinHTTP settings using a group policy object (GPO)](https://blogs.technet.microsoft.com/netgeeks/2018/06/19/winhttp-proxy-settings-deployed-by-gpo/).
 
@@ -150,7 +150,7 @@ To successfully complete hybrid Azure AD join of your Windows down-level devices
 
 Additionally, you need to enable **Allow updates to status bar via script** in the user’s local intranet zone.
 
-### install Microsoft Workplace Join for Windows down-level computers
+### Install Microsoft Workplace Join for Windows down-level computers
 
 To register Windows down-level devices, organizations must install [Microsoft Workplace Join for non-Windows 10 computers](https://www.microsoft.com/download/details.aspx?id=53554) available on the Microsoft Download Center.
 
@@ -164,7 +164,7 @@ To verify the device registration state in your Azure tenant, you can use the **
 
 When using the **Get-MSolDevice** cmdlet to check the service details:
 
-- An object with the **device id** that matches the ID on the Windows client must exist.
+- An object with the **device ID** that matches the ID on the Windows client must exist.
 - The value for **DeviceTrustType** must be **Domain Joined**. This is equivalent to the **Hybrid Azure AD joined** state on the Devices page in the Azure AD portal.
 - The value for **Enabled** must be **True** and **DeviceTrustLevel** must be **Managed** for devices that are used in conditional access.
 
 
@@ -64,7 +64,7 @@ Hybrid Azure AD join requires the devices to have access to the following Micros
 - `https://device.login.microsoftonline.com`
 - `https://autologon.microsoftazuread-sso.com` (If you are using or planning to use Seamless SSO)
 
-If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/previous-versions/tn-archive/cc302643(v=technet.10). 
+If your organization requires access to the Internet via an outbound proxy, Microsoft recommends [implementing Web Proxy Auto-Discovery (WPAD)](https://docs.microsoft.com/previous-versions/tn-archive/cc995261(v%3dtechnet.10)) to enable Windows 10 computers to do device registration with Azure AD. If you are encountering issues with configuring and managing WPAD, go to [troubleshooting automatic detection](https://docs.microsoft.com/previous-versions/tn-archive/cc302643(v=technet.10)). 
 
 If you are not using WPAD and need to configure proxy settings on your computer, you can do so starting with Windows 10 1709, by [configuring WinHTTP settings using a group policy object (GPO)](https://blogs.technet.microsoft.com/netgeeks/2018/06/19/winhttp-proxy-settings-deployed-by-gpo/).
 
@@ -143,7 +143,7 @@ Additionally, you need to enable **Allow updates to status bar via script** in t
 
 To successfully complete hybrid Azure AD join of your Windows down-level devices in a managed domain that is using [Password Hash Sync (PHS)](https://docs.microsoft.com/azure/active-directory/hybrid/whatis-phs) or [Pass Through Authentication (PTA)](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-pta) as your Azure AD cloud authentication method, you must also [configure Seamless SSO](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-sso-quick-start#step-2-enable-the-feature).
 
-### install Microsoft Workplace Join for Windows down-level computers
+### Install Microsoft Workplace Join for Windows down-level computers
 
 To register Windows down-level devices, organizations must install [Microsoft Workplace Join for non-Windows 10 computers](https://www.microsoft.com/download/details.aspx?id=53554) available on the Microsoft Download Center.
 
@@ -157,7 +157,7 @@ To verify the device registration state in your Azure tenant, you can use the **
 
 When using the **Get-MSolDevice** cmdlet to check the service details:
 
-- An object with the **device id** that matches the id on the Windows client must exist.
+- An object with the **device ID** that matches the ID on the Windows client must exist.
 - The value for **DeviceTrustType** must be **Domain Joined**. This is equivalent to the **Hybrid Azure AD joined** state on the Devices page in the Azure AD portal.
 - The value for **Enabled** must be **True** and **DeviceTrustLevel** must be **Managed** for devices that are used in conditional access.