MicrosoftDocs
diff --git a/‎.gitignore
Lines changed: 1 addition & 1 deletion b/‎.gitignore
Lines changed: 1 addition & 1 deletion
diff --git a/‎.vscode/settings.json
Lines changed: 58 additions & 0 deletions b/‎.vscode/settings.json
Lines changed: 58 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/claim-resolver-overview.md
Lines changed: 8 additions & 8 deletions b/‎articles/active-directory-b2c/claim-resolver-overview.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/active-directory-b2c/phone-number-claims-transformations.md
Lines changed: 15 additions & 5 deletions b/‎articles/active-directory-b2c/phone-number-claims-transformations.md
Lines changed: 15 additions & 5 deletions
diff --git a/‎articles/active-directory-domain-services/create-ou.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-domain-services/create-ou.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/app-provisioning/application-provisioning-configure-api.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/app-provisioning/application-provisioning-configure-api.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/app-provisioning/customize-application-attributes.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/app-provisioning/export-import-provisioning-configuration.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/app-provisioning/export-import-provisioning-configuration.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/app-provisioning/how-provisioning-works.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/app-provisioning/how-provisioning-works.md
Lines changed: 3 additions & 3 deletions
@@ -3,7 +3,6 @@
 Thumbs.db
 
 # Visual Studio and VS Code files
-.settings.json
 .vscode/*
 .vs/*
 log/
@@ -24,3 +23,4 @@ AzureMigration.ps1
 !/.vscode/extensions.json
 .gitignore
 **/.vscode/settings.json
+!/.vscode/settings.json
@@ -0,0 +1,58 @@
+{
+    "markdown.docsetLanguages": [
+        ".NET Core CLI",
+        "Apache",
+        "ASPX",
+        "AzCopy",
+        "Azure CLI",
+        "Azure CLI (Interactive)",
+        "Azure Powershell",
+        "Azure Powershell (Interactive)",
+        "Bash",
+        "C",
+        "C#",
+        "C# (Interactive)",
+        "C++",
+        "CSS",
+        "DAX Power BI",
+        "Diff",
+        "Dockerfile",
+        "DOS",
+        "F#",
+        "Go",
+        "Gradle",
+        "Groovy",
+        "HTML",
+        "HTTP",
+        "Ini",
+        "Java",
+        "JavaScript",
+        "JSON",
+        "Kotlin",
+        "Kusto",
+        "Markdown",
+        "MS Graph (Interactive)",
+        "Objective C",
+        "PHP",
+        "Plaintext no highlight",
+        "PostgreSQL & PL/pgSQL",
+        "PowerShell",
+        "PowerShell (Interactive)",
+        "Properties",
+        "Python",
+        "R",
+        "Razor CSHTML",
+        "Ruby",
+        "Scala",
+        "Shell",
+        "Solidity",
+        "SQL",
+        "Swift",
+        "Terraform (HCL)",
+        "TypeScript",
+        "VB.NET",
+        "XAML",
+        "XML",
+        "YAML"
+    ]
+}
@@ -102,7 +102,7 @@ Any parameter name included as part of an OIDC or OAuth2 request can be mapped t
 
 ## Using claim resolvers 
 
-You can use claims resolvers with following elements: 
+You can use claims resolvers with the following elements: 
 
 | Item | Element | Settings |
 | ----- | ----------------------- | --------|
@@ -119,16 +119,16 @@ You can use claims resolvers with following elements:
 |[RelyingParty](relyingparty.md#technicalprofile) technical profile| `OutputClaim`| 2 |
 
 Settings: 
-1. The `IncludeClaimResolvingInClaimsHandling` metadata must set to `true`
-1. The input or output claims attribute `AlwaysUseDefaultValue` must set to `true`
+1. The `IncludeClaimResolvingInClaimsHandling` metadata must be set to `true`.
+1. The input or output claims attribute `AlwaysUseDefaultValue` must be set to `true`.
 
 ## Claim resolvers samples
 
 ### RESTful technical profile
 
 In a [RESTful](restful-technical-profile.md) technical profile, you may want to send the user language, policy name, scope, and client ID. Based on these claims the REST API can run custom business logic, and if necessary raise a localized error message.
 
-The following example shows a RESTful technical profile:
+The following example shows a RESTful technical profile with this scenario:
 
 ```XML
 <TechnicalProfile Id="REST">
@@ -156,9 +156,9 @@ Using claim resolvers, you can prepopulate the sign-in name or direct sign-in to
 
 ### Dynamic UI customization
 
-Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints so that you can dynamically render the page content. For example, you can change the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization-dynamic.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
+Azure AD B2C enables you to pass query string parameters to your HTML content definition endpoints to dynamically render the page content. For example, this allows the ability to modify the background image on the Azure AD B2C sign-up or sign-in page based on a custom parameter that you pass from your web or mobile application. For more information, see [Dynamically configure the UI by using custom policies in Azure Active Directory B2C](custom-policy-ui-customization-dynamic.md). You can also localize your HTML page based on a language parameter, or you can change the content based on the client ID.
 
-The following example passes in the query string a parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
+The following example passes in the query string parameter named **campaignId** with a value of `hawaii`, a **language** code of `en-US`, and **app** representing the client ID:
 
 ```XML
 <UserJourneyBehaviors>
@@ -170,7 +170,7 @@ The following example passes in the query string a parameter named **campaignId*
 </UserJourneyBehaviors>
 ```
 
-As a result Azure AD B2C sends the above parameters to the HTML content page:
+As a result, Azure AD B2C sends the above parameters to the HTML content page:
 
 ```
 /selfAsserted.aspx?campaignId=hawaii&language=en-US&app=0239a9cc-309c-4d41-87f1-31288feb2e82
@@ -207,7 +207,7 @@ With Azure Application Insights and claim resolvers you can gain insights on use
 
 ### Relying party policy
 
-In a [Relying party](relyingparty.md) policy technical profile, you may want to send the tenant ID, or correlation ID to the relying party application. 
+In a [Relying party](relyingparty.md) policy technical profile, you may want to send the tenant ID, or correlation ID to the relying party application within the JWT. 
 
 ```XML
 <RelyingParty>
 
@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/12/2020
+ms.date: 02/14/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -28,7 +28,8 @@ This claim validates the format of the phone number. If it is in a valid format,
 
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| InputClaim | inputClaim | string | The claim of string type converting from. |
+| InputClaim | phoneNumberString | string |  The string claim for the phone number. The phone number has to be in international format, complete with a leading "+" and country code. If input claim `country` is provided, the phone number is in local format (without the country code). |
+| InputClaim | country | string | [Optional] The string claim for the country code of the phone number in ISO3166 format (the two-letter ISO-3166 country code). |
 | OutputClaim | outputClaim | phoneNumber | The result of this claims transformation. |
 
 The **ConvertStringToPhoneNumberClaim** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md) or [display control](display-controls.md). The **UserMessageIfClaimsTransformationInvalidPhoneNumber** self-asserted technical profile metadata controls the error message that is presented to the user.
@@ -40,7 +41,8 @@ You can use this claims transformation to ensure that the provided string claim
 ```XML
 <ClaimsTransformation Id="ConvertStringToPhoneNumber" TransformationMethod="ConvertStringToPhoneNumberClaim">
   <InputClaims>
-    <InputClaim ClaimTypeReferenceId="phoneString" TransformationClaimType="inputClaim" />
+    <InputClaim ClaimTypeReferenceId="phoneString" TransformationClaimType="phoneNumberString" />
+    <InputClaim ClaimTypeReferenceId="countryCode" TransformationClaimType="country" />
   </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="outputClaim" />
@@ -59,11 +61,19 @@ The self-asserted technical profile that calls the validation technical profile
 </TechnicalProfile>
 ```
 
-### Example
+### Example 1
 
 - Input claims:
-  - **inputClaim**: +1 (123) 456-7890
+  - **phoneNumberString**: 045 456-7890
+  - **country**: DK
 - Output claims:
+  - **outputClaim**: +450546148120
+
+### Example 2
+
+- Input claims:
+  - **phoneNumberString**: +1 (123) 456-7890
+- Output claims: 
   - **outputClaim**: +11234567890
 
 ## GetNationalNumberAndCountryCodeFromPhoneNumberString
 
@@ -50,7 +50,7 @@ When you create custom OUs in an Azure AD DS managed domain, you gain additional
 * A default OU for *AADDC Users* is created that contains all the synchronized user accounts from your Azure AD tenant.
     * You can't move users or groups from the *AADDC Users* OU to custom OUs that you create. Only user accounts or resources created in the Azure AD DS managed domain can be moved into custom OUs.
 * User accounts, groups, service accounts, and computer objects that you create under custom OUs aren't available in your Azure AD tenant.
-    * These objects don't show up using the Azure AD Graph API or in the Azure AD UI; they're only available in your Azure AD DS managed domain.
+    * These objects don't show up using the Microsoft Graph API or in the Azure AD UI; they're only available in your Azure AD DS managed domain.
 
 ## Create a custom OU
 
 
@@ -1,6 +1,6 @@
 ---
-title: Use MS Graph APIs to configure provisioning - Azure Active Directory | Microsoft Docs
-description: Need to set up provisioning for multiple instances of an application? Learn how to save time by using MS Graph APIs to automate the configuration of automatic provisioning.
+title: Use Microsoft Graph APIs to configure provisioning - Azure Active Directory | Microsoft Docs
+description: Need to set up provisioning for multiple instances of an application? Learn how to save time by using the Microsoft Graph APIs to automate the configuration of automatic provisioning.
 services: active-directory
 documentationcenter: ''
 author: msmimart
@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 
 # Configure provisioning using Microsoft Graph APIs
 
-The Azure portal is a convenient way to configure provisioning for individual apps one at a time. But if you're creating several—or even hundreds—of instances of an application, it can be easier to automate app creation and configuration with Microsoft Graph APIs. This article outlines how to automate provisioning configuration through APIs. This method is commonly used for applications like [Amazon Web Services](../saas-apps/amazon-web-service-tutorial.md#configure-azure-ad-sso).
+The Azure portal is a convenient way to configure provisioning for individual apps one at a time. But if you're creating several—or even hundreds—of instances of an application, it can be easier to automate app creation and configuration with the Microsoft Graph APIs. This article outlines how to automate provisioning configuration through APIs. This method is commonly used for applications like [Amazon Web Services](../saas-apps/amazon-web-service-tutorial.md#configure-azure-ad-sso).
 
 **Overview of steps for using Microsoft Graph APIs to automate provisioning configuration**
 
 
@@ -108,7 +108,7 @@ Applications and systems that support customization of the attribute list includ
 - Salesforce
 - ServiceNow
 - Workday
-- Azure Active Directory ([Azure AD Graph API default attributes](https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#user-entity) and custom directory extensions are supported)
+- Azure Active Directory ([Microsoft Graph REST API v1.0 reference](https://docs.microsoft.com/graph/api/overview?view=graph-rest-1.0) and custom directory extensions are supported)
 - Apps that support [SCIM 2.0](https://tools.ietf.org/html/rfc7643), where attributes defined in the [core schema](https://tools.ietf.org/html/rfc7643) need to be added
 
 > [!NOTE]
@@ -129,7 +129,7 @@ When editing the list of supported attributes, the following properties are prov
 - **Multi-value?** - Whether the attribute supports multiple values.
 - **Exact case?** - Whether the attributes values are evaluated in a case-sensitive way.
 - **API Expression** - Don't use, unless instructed to do so by the documentation for a specific provisioning connector (such as Workday).
-- **Referenced Object Attribute** - If it's a Reference type attribute, then this menu lets you select the table and attribute in the target application that contains the value associated with the attribute. For example, if you have an attribute named "Department" whose stored value references an object in a separate "Departments" table, you would select "Departments.Name". The reference tables and the primary ID fields supported for a given application are pre-configured and currently can't be edited using the Azure portal, but can be edited using the [Graph API](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/synchronization-configure-with-custom-target-attributes).
+- **Referenced Object Attribute** - If it's a Reference type attribute, then this menu lets you select the table and attribute in the target application that contains the value associated with the attribute. For example, if you have an attribute named "Department" whose stored value references an object in a separate "Departments" table, you would select "Departments.Name". The reference tables and the primary ID fields supported for a given application are pre-configured and currently can't be edited using the Azure portal, but can be edited using the [Microsoft Graph API](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/synchronization-configure-with-custom-target-attributes).
 
 #### Provisioning a custom extension attribute to a SCIM compliant application
 The SCIM RFC defines a core user and group schema, while also allowing for extensions to the schema to meet your application's needs. To add a custom attribute to a SCIM application:
 
@@ -1,6 +1,6 @@
 ---
-title: 'Export or import your provisioning configuration by using Graph API | Microsoft Docs'
-description: Learn how to export and import provisioning configuration using Graph API.
+title: 'Export or import your provisioning configuration by using the Microsoft Graph API | Microsoft Docs'
+description: Learn how to export and import provisioning configuration using the Microsoft Graph API.
 services: active-directory
 author: cmmdesai
 documentationcenter: na
@@ -18,14 +18,14 @@ ms.author: chmutali
 
 ms.collection: M365-identity-device-management
 ---
-# Export or import your provisioning configuration by using Graph API
+# Export or import your provisioning configuration by using the Microsoft Graph API
 
-You can use Microsoft Graph API and Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration. 
+You can use the Microsoft Graph API and the Microsoft Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration. 
 
 ## Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
 
 1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your  provisioning application. For e.g. if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app. 
-1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Graph Explorer operations.
+1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Microsoft Graph Explorer operations.
 
    ![Workday App Service Principal ID](./media/export-import-provisioning-configuration/wd_export_01.png)
 
@@ -34,7 +34,7 @@ You can use Microsoft Graph API and Graph Explorer to export your User Provision
 1. Launch [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
 1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Admin or App Admin credentials.
 
-    ![Graph Sign-in](./media/export-import-provisioning-configuration/wd_export_02.png)
+    ![Microsoft Graph Sign-in](./media/export-import-provisioning-configuration/wd_export_02.png)
 
 1. Upon successful sign-in, you will see the user account details in the left-hand pane.
 
 
@@ -88,7 +88,7 @@ Note that the userPrincipalName for a guest user is often stored as "alias#EXT#@
 
 ## Provisioning cycles: Initial and incremental
 
-When Azure AD is the source system, the provisioning service uses the [Differential Query feature of the Azure AD Graph API](https://msdn.microsoft.com/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-differential-query) to monitor users and groups. The provisioning service runs an initial cycle against the source system and target system, followed by periodic incremental cycles.
+When Azure AD is the source system, the provisioning service uses the [Use delta query to track changes in Microsoft Graph data](https://docs.microsoft.com/graph/delta-query-overview) to monitor users and groups. The provisioning service runs an initial cycle against the source system and target system, followed by periodic incremental cycles.
 
 ### Initial cycle
 
@@ -139,8 +139,8 @@ After the initial cycle, all other cycles will:
 
 The provisioning service continues running back-to-back incremental cycles indefinitely, at intervals defined in the [tutorial specific to each application](../saas-apps/tutorial-list.md). Incremental cycles continue until one of the following events occurs:
 
-- The service is manually stopped using the Azure portal, or using the appropriate Graph API command 
-- A new initial cycle is triggered using the **Clear state and restart** option in the Azure portal, or using the appropriate Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
+- The service is manually stopped using the Azure portal, or using the appropriate Microsoft Graph API command.
+- A new initial cycle is triggered using the **Clear state and restart** option in the Azure portal, or using the appropriate Microsoft Graph API command. This action clears any stored watermark and causes all source objects to be evaluated again.
 - A new initial cycle is triggered because of a change in attribute mappings or scoping filters. This action also clears any stored watermark and causes all source objects to be evaluated again.
 - The provisioning process goes into quarantine (see below) because of a high error rate, and stays in quarantine for more than four weeks. In this event, the service will be automatically disabled.