Merge pull request #202222 from MicrosoftDocs/main

6/20 PM Publish

Author: huypub

articles/active-directory-b2c/embedded-login.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 08/17/2021
+ms.date: 06/17/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -74,11 +74,11 @@ The **Sources** attribute contains the URI of your web application. Add a space
 - The URI must use the https scheme.  
 - The full URI of the web app must be specified. Wildcards are not supported.
 
-In addition, we recommend that you also block your own domain name from being embedded in an iframe by setting the Content-Security-Policy and X-Frame-Options headers respectively on your application pages. This will mitigate security concerns around older browsers related to nested embedding of iframes.
+In addition, we recommend that you also block your own domain name from being embedded in an iframe by setting the `Content-Security-Policy` and `X-Frame-Options` headers respectively on your application pages. This will mitigate security concerns around older browsers related to nested embedding of iframes.
 
 ## Adjust policy user interface
 
-With Azure AD B2C [user interface customization](customize-ui.md), you have almost full control over the HTML and CSS content presented to users. Follow the steps for customizing an HTML page using content definitions. To fit the Azure AD B2C user interface into the iframe size, provide clean HTML page without background and extra spaces.  
+With Azure AD B2C [user interface customization](customize-ui.md), you have almost full control over the HTML and CSS content presented to users. Follow the steps for customizing an HTML page using content definitions. To fit the Azure AD B2C user interface into the iframe size, provide clean HTML page without a background and extra spaces.  
 
 The following CSS code hides the Azure AD B2C HTML elements and adjusts the size of the panel to fill the iframe.
 
@@ -96,9 +96,9 @@ div.api_container{
 }
 ```
 
-In some cases, you might want to notify to your application of which Azure AD B2C page is currently being presented. For example, when a user selects the sign-up option, you might want the application to respond by hiding the links for signing in with a social account or adjusting the iframe size.
+In some cases, you may want to notify your application about the Azure AD B2C page that's currently being presented. For example, when a user selects the sign-up option, you may want the application to respond by hiding the links for signing in with a social account or adjusting the iframe size.
 
-To notify your application of the current Azure AD B2C page, [enable your policy for JavaScript](./javascript-and-page-layout.md), and then use HTML5 post messages. The following JavaScript code sends a post message to the app with `signUp`:
+To notify your application about the current Azure AD B2C page, [enable your policy for JavaScript](./javascript-and-page-layout.md), and then use HTML5 to post messages. The following JavaScript code sends a post message to the app with `signUp`:
 
 ```javascript
 window.parent.postMessage("signUp", '*');
@@ -108,7 +108,7 @@ window.parent.postMessage("signUp", '*');
 
 When a user selects the sign-in button, the [web app](integrate-with-app-code-samples.md#web-apps-and-apis) generates an authorization request that takes the user to Azure AD B2C sign-in experience. After sign-in is complete, Azure AD B2C returns an ID token, or authorization code, to the configured redirect URI within your application.
 
-To support embedded login, the iframe **src** property points to the sign-in controller, such as `/account/SignUpSignIn`, which generates the authorization request and redirects the user to Azure AD B2C policy.
+To support embedded login, the iframe `src` attribute points to the sign-in controller, such as `/account/SignUpSignIn`, which generates the authorization request and redirects the user to Azure AD B2C policy.
 
 ```html
 <iframe id="loginframe" frameborder="0" src="/account/SignUpSignIn"></iframe>
@@ -134,9 +134,9 @@ The redirect URI can be the same redirect URI used by the iframe. You can skip t
 
 ## Configure a single-page application
 
-For a single-page application, you'll also need to a second "sign-in" HTML page that loads into the iframe. This sign-in page hosts the authentication library code that generates the authorization code and returns the token.
+For a single-page application, you'll also need a second "sign-in" HTML page that loads into the iframe. This sign-in page hosts the authentication library code that generates the authorization code and returns the token.
 
-When the single-page application needs the access token, use JavaScript code to obtain the access token from the iframe and object that contains it.
+When the single-page application needs the access token, use JavaScript code to obtain the access token from the iframe and the object that contains it.
 
 > [!NOTE]
 > Running MSAL 2.0 in an iframe is not currently supported.

articles/active-directory-b2c/whats-new-docs.md

@@ -13,7 +13,7 @@ manager: CelesteDG
 
 # Azure Active Directory B2C: What's new
 
-Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md).
+Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md) and [Azure AD B2C developer release notes](custom-policy-developer-notes.md)
 
 
 ## May 2022

articles/active-directory-domain-services/network-considerations.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 01/06/2022
+ms.date: 06/20/2022
 ms.author: justinha
 
 ---
@@ -42,7 +42,7 @@ As you design the virtual network for Azure AD DS, the following considerations
 
 A managed domain connects to a subnet in an Azure virtual network. Design this subnet for Azure AD DS with the following considerations:
 
-* A managed domain must be deployed in its own subnet. Don't use an existing subnet or a gateway subnet. This includes the usage of remote gateways settings in the virtual network peering which puts the managed domain in an unsupported state.
+* A managed domain must be deployed in its own subnet. Using an existing subnet, gateway subnet, or remote gateways settings in the virtual network peering is unsupported.
 * A network security group is created during the deployment of a managed domain. This network security group contains the required rules for correct service communication.
     * Don't create or use an existing network security group with your own custom rules.
 * A managed domain requires 3-5 IP addresses. Make sure that your subnet IP address range can provide this number of addresses.

articles/active-directory/conditional-access/troubleshoot-conditional-access-what-if.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: troubleshooting
-ms.date: 03/04/2022
+ms.date: 06/17/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -23,22 +23,22 @@ The What If tool is located in the **Azure portal** > **Azure Active Directory**
 
 ![Conditional Access What If tool at default state](./media/troubleshoot-conditional-access-what-if/conditional-access-what-if-tool.png)
 
-> [!NOTE]
-> The What If tool currently does not evaluate policies in report-only mode.
-
 ## Gathering information
 
-The What If tool requires only a **User** to get started. 
+The What If tool requires only a **User** or **Workload identity** to get started. 
 
 The following additional information is optional but will help to narrow the scope for specific cases.
 
-* Cloud apps or actions
+* Cloud apps, actions, or authentication context
 * IP address 
 * Country/Region
 * Device platform
-* Client apps (preview)
-* Device state (preview) 
+* Client apps
+* Device state
 * Sign-in risk
+* User risk level
+* Service principal risk (Preview)
+* Filter for devices
 
 This information can be gathered from the user, their device, or the Azure AD sign-ins log.
 
@@ -52,11 +52,11 @@ At any point, you can select **Reset** to clear any criteria input and return to
 
 ### Policies that will apply
 
-This list will show which Conditional Access policies would apply given the conditions. The list will include both the grant and session controls that apply. Examples include requiring multi-factor authentication to access a specific application.
+This list will show which Conditional Access policies would apply given the conditions. The list will include both the grant and session controls that apply including those from policies in report-only mode. Examples include requiring multi-factor authentication to access a specific application. 
 
 ### Policies that will not apply
 
-This list will show Conditional Access policies that wouldn't apply if the conditions applied. The list will include any policies and the reason why they don't apply. Examples include users and groups that may be excluded from a policy.
+This list will show Conditional Access policies that wouldn't apply if the conditions applied. The list will include any policies and the reason why they don't apply including those from policies in report-only mode. Examples include users and groups that may be excluded from a policy.
 
 ## Use case
 
@@ -72,7 +72,7 @@ This test could be expanded to incorporate other data points to narrow the scope
 
 ## Next steps
 
-* [What is Conditional Access?](overview.md)
+* [What is Conditional Access report-only mode?](concept-conditional-access-report-only.md)
 * [What is Azure Active Directory Identity Protection?](../identity-protection/overview-identity-protection.md)
 * [What is a device identity?](../devices/overview.md)
 * [How it works: Azure AD Multi-Factor Authentication](../authentication/concept-mfa-howitworks.md)

articles/active-directory/develop/authorization-basics.md

@@ -2,7 +2,7 @@
 title: Authorization basics
 description: Learn about the basics of authorization in the Microsoft identity platform.
 services: active-directory
-author: Chrispine-Chiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.workload: identity 
 ms.date: 07/23/2021
 ms.custom: template-concept
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: johngarland, mamarxen, ianbe, marsma
 
 #Customer intent: As an application developer, I want to understand the basic concepts of authorization in the Microsoft identity platform.

articles/active-directory/develop/custom-rbac-for-developers.md

@@ -2,7 +2,7 @@
 title: Custom role-based access control (RBAC) for application developers - Microsoft identity platform
 description: Learn about what custom RBAC is and why it's important to implement in your applications.
 services: active-directory
-author: Chrispine-Chiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.workload: identity 
 ms.date: 11/15/2021
 ms.custom: template-concept
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: john.garland, maggie.marxen, ian.bennett, marsma
 
 #Customer intent: As a developer, I want to learn about custom RBAC and why I need to use it in my application.

articles/active-directory/develop/howto-implement-rbac-for-apps.md

@@ -2,15 +2,15 @@
 title: Implement role-based access control in apps
 description: Learn how to implement role-based access control in your applications.
 services: active-directory
-author: Chrispine-Chiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity 
 ms.date: 09/17/2021
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: johngarland, mamarxen, ianbe, marsma
 
 #Customer intent: As an application developer, I want to learn how to implement role-based access control in my apps so I can ensure that only those users with the right access privileges can access my app's functionality.

articles/active-directory/develop/secure-group-access-control.md

@@ -2,7 +2,7 @@
 title: Secure access control using groups in Azure AD
 description: Learn about how groups are used to securely control access to resources in Azure AD.
 services: active-directory
-author: chrischiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.workload: identity 
 ms.date: 2/21/2022
 ms.custom: template-concept
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: jodah, marsma
 
 # Customer intent: As a developer, I want to learn how to most securely use Azure AD groups to control access to resources.

articles/active-directory/develop/secure-least-privileged-access.md

@@ -2,7 +2,7 @@
 title: "Increase app security with the principle of least privilege"
 description: Learn how the principle of least privilege can help increase the security of your application, its data, and which features of the Microsoft identity platform you can use to implement least privileged access.
 services: active-directory
-author: Chrispine-Chiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.workload: identity
 ms.date: 09/09/2021
 ms.custom: template-concept
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: yuhko, saumadan, marsma
 
 # Customer intent: As a developer, I want to learn about the principle of least privilege and the features of the Microsoft identity platform that I can use to ensure my application and its users are restricted to actions and have access to only the data they need perform their tasks.

articles/active-directory/develop/security-best-practices-for-app-registration.md

@@ -2,7 +2,7 @@
 title: Best practices for Azure AD application registration configuration
 description: Learn about a set of best practices and general guidance on Azure AD application registration configuration.
 services: active-directory
-author: Chrispine-Chiedo
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
@@ -11,7 +11,7 @@ ms.topic: conceptual
 ms.workload: identity
 ms.date: 07/8/2021
 ms.custom: template-concept
-ms.author: cchiedo
+ms.author: celested
 ms.reviewer: saumadan, marsma
 ---