Merge pull request #234501 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST, 4/14

Author: ttorble

.openpublishing.redirection.healthcare-apis.json

@@ -654,7 +654,11 @@
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings.md",
-          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontenttemplate-mappings",
+          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontent-mappings",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-iotjsonpathcontenttemplate-mappings.md",
+          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontent-mappings",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-button.md",

articles/active-directory/develop/reference-app-manifest.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
 ms.workload: identity
-ms.date: 05/19/2022
+ms.date: 04/13/2023
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: sureshja
@@ -260,9 +260,9 @@ Example:
     "keyCredentials": [
         {
            "customKeyIdentifier":null,
-           "endDate":"2018-09-13T00:00:00Z",
+           "endDateTime":"2018-09-13T00:00:00Z",
            "keyId":"<guid>",
-           "startDate":"2017-09-12T00:00:00Z",
+           "startDateTime":"2017-09-12T00:00:00Z",
            "type":"AsymmetricX509Cert",
            "usage":"Verify",
            "value":null
@@ -425,10 +425,12 @@ Example:
     "passwordCredentials": [
       {
         "customKeyIdentifier": null,
-        "endDate": "2018-10-19T17:59:59.6521653Z",
+        "displayName": "Generated by App Service",
+        "endDateTime": "2022-10-19T17:59:59.6521653Z",
+        "hint": "Nsn",
         "keyId": "<guid>",
-        "startDate":"2016-10-19T17:59:59.6521653Z",
-        "value":null
+        "secretText": null,        
+        "startDateTime":"2022-10-19T17:59:59.6521653Z"
       }
     ],
 ```
@@ -638,4 +640,4 @@ Use the following comments section to provide feedback that helps refine and sha
 [IMPLICIT-GRANT]:v1-oauth2-implicit-grant-flow.md
 [INTEGRATING-APPLICATIONS-AAD]: ./quickstart-register-app.md
 [O365-PERM-DETAILS]: /graph/permissions-reference
-[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
+[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/

articles/active-directory/develop/web-app-quickstart-portal-node-js-ciam.md

@@ -15,31 +15,26 @@ ms.date: 04/12/2023
 
 # Portal quickstart for React SPA
 
-> [!div renderon="portal" class="sxs-lookup"]
 > In this quickstart, you download and run a code sample that demonstrates how a React single-page application (SPA) can sign in users with Azure AD CIAM.
->
+
+> [!div renderon="portal" id="display-on-portal" class="sxs-lookup"]
 > ## Prerequisites
 >
 > * Azure subscription - [Create an Azure subscription for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
 > * [Node.js](https://nodejs.org/en/download/)
 > * [Visual Studio Code](https://code.visualstudio.com/download) or another code editor
 >
-> ## Download the code
->
-> > [!div class="nextstepaction"]
-> > [Download the code sample](https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial/archive/react-quickstart.zip)
->
 > ## Run the sample
 >
 > 1. Unzip the downloaded file.
 >
-> 1. Locate the folder that contains the `package.json` file in your terminal, then run the following command:
+> 1. In your terminal, locate the folder that contains the `package.json` file, then run the following command:
 >
 >     ```console
 >     npm install && npm start
 >     ```
 >
 > 1. Open your browser and visit `http://locahost:3000`.
 >
-> 1. Select the **Sign-in** link on the navigation bar.
+> 1. Select the **Sign-in** link on the navigation bar, then follow the prompts.
 >

articles/active-directory/external-identities/code-samples.md

@@ -6,23 +6,25 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: sample
-ms.date: 03/14/2022
+ms.date: 04/06/2023
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
 ms.custom: it-pro, seo-update-azuread-jan, has-adal-ref
-ms.collection: M365-identity-device-management
+ms.collection: engagement-fy23, M365-identity-device-management
+
+# Customer intent: As a tenant administrator, I want to bulk-invite external users to an organization from email addresses that I've stored in a .csv file.
 ---
 
 # Azure Active Directory B2B collaboration code and PowerShell samples
 
 ## PowerShell example
 
-You can bulk-invite external users to an organization from email addresses that you've stored in a .CSV file.
+You can bulk-invite external users to an organization from email addresses that you've stored in a .csv file.
 
-1. Prepare the .CSV file
-   Create a new CSV file and name it invitations.csv. In this example, the file is saved in C:\data, and contains the following information:
+1. Prepare the .csv file
+   Create a new .csv file and name it invitations.csv. In this example, the file is saved in C:\data, and contains the following information:
 
    Name                  |  InvitedUserEmailAddress
    --------------------- | --------------------------
@@ -57,7 +59,7 @@ This cmdlet sends an invitation to the email addresses in invitations.csv. More
 
 ## Code sample
 
-The code sample illustrates how to call the invitation API and get the redemption URL. Use the redemption URL to send a custom invitation email. The email can be composed with an HTTP client, so you can customize how it looks and send it through the Microsoft Graph API.
+The code sample illustrates how to call the invitation API and get the redemption URL. Use the redemption URL to send a custom invitation email. You can compose the email with an HTTP client, so you can customize how it looks and send it through the Microsoft Graph API.
 
 
 # [HTTP](#tab/http)
@@ -217,4 +219,4 @@ const inviteRedeemUrl = await sendInvite();
 
 ## Next steps
 
-- [What is Azure AD B2B collaboration?](what-is-b2b.md)
+- [Samples for guest user self-service sign-up](code-samples-self-service-sign-up.md)

articles/active-directory/fundamentals/whats-deprecated-azure-ad.md

@@ -32,7 +32,7 @@ Use the following table to learn about changes including deprecations, retiremen
 |Microsoft Authenticator app [Number matching](../authentication/how-to-mfa-number-match.md)|Feature change|May 8, 2023|
 |[My Groups experience](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Feature change|May 2023|
 |[My Apps browser extension](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Feature change|May 2023|
-|[System-preferred authentication methods](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Feature change|On GA|
+|[System-preferred authentication methods](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Feature change|Sometime after GA|
 |[Azure AD Authentication Library (ADAL)](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Retirement|Jun 30, 2023|
 |[Azure AD Graph API](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Deprecation|Jun 30, 2023|
 |[Azure AD PowerShell and MSOnline PowerShell](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448)|Deprecation|Jun 30, 2023|

articles/active-directory/fundamentals/whats-new-archive.md

@@ -9047,209 +9047,3 @@ For more information, see [Azure AD password reset from the login screen](../aut
 
 ---
 
-## March 2018
-
-### Certificate expire notification
-
-**Type:** Fixed
-**Service category:** Enterprise Apps
-**Product capability:** SSO
-
-Azure AD sends a notification when a certificate for a gallery or non-gallery application is about to expire.
-
-Some users did not receive notifications for enterprise applications configured for SAML-based single sign-on. This issue was resolved. Azure AD sends notification for certificates expiring in 7, 30 and 60 days. You are able to see this event in the audit logs.
-
-For more information, see:
-
-- [Manage Certificates for federated single sign-on in Azure Active Directory](../manage-apps/manage-certificates-for-federated-single-sign-on.md)
-- [Audit activity reports in the Azure portal](../reports-monitoring/concept-audit-logs.md)
-
----
-
-### Twitter and GitHub identity providers in Azure AD B2C
-
-**Type:** New feature
-**Service category:** B2C - Consumer Identity Management
-**Product capability:** B2B/B2C
-
-You can now add Twitter or GitHub as an identity provider in Azure AD B2C. Twitter is moving from public preview to GA. GitHub is being released in public preview.
-
-For more information, see [What is Azure AD B2B collaboration?](../external-identities/what-is-b2b.md).
-
----
-
-### Restrict browser access using Intune Managed Browser with Azure AD application-based Conditional Access for iOS and Android
-
-**Type:** New feature
-**Service category:** Conditional Access
-**Product capability:** Identity Security & Protection
-
-**Now in public preview!**
-
-**Intune Managed Browser SSO:** Your employees can use single sign-on across native clients (like Microsoft Outlook) and the Intune Managed Browser for all Azure AD-connected apps.
-
-**Intune Managed Browser Conditional Access Support:** You can now require employees to use the Intune Managed browser using application-based Conditional Access policies.
-
-Read more about this in our [blog post](https://cloudblogs.microsoft.com/enterprisemobility/2018/03/15/the-intune-managed-browser-now-supports-azure-ad-sso-and-conditional-access/).
-
-For more information, see:
-
-- [Setup application-based Conditional Access](../conditional-access/app-based-conditional-access.md)
-
-- [Configure managed browser policies](/mem/intune/apps/manage-microsoft-edge)
-
----
-
-### App Proxy Cmdlets in PowerShell GA Module
-
-**Type:** New feature
-**Service category:** App Proxy
-**Product capability:** Access Control
-
-Support for Application Proxy cmdlets is now in the PowerShell GA Module! This does require you to stay updated on PowerShell modules - if you become more than a year behind, some cmdlets may stop working.
-
-For more information, see [AzureAD](/powershell/module/Azuread/).
-
----
-
-### Office 365 native clients are supported by Seamless SSO using a non-interactive protocol
-
-**Type:** New feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-User using Office 365 native clients (version 16.0.8730.xxxx and above) get a silent sign-on experience using Seamless SSO. This support is provided by the addition a non-interactive protocol (WS-Trust) to Azure AD.
-
-For more information, see [How does sign-in on a native client with Seamless SSO work?](../hybrid/how-to-connect-sso-how-it-works.md#how-does-sign-in-on-a-native-client-with-seamless-sso-work)
-
----
-
-### Users get a silent sign-on experience, with Seamless SSO, if an application sends sign-in requests to Azure AD's tenant endpoints
-
-**Type:** New feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-Users get a silent sign-on experience, with Seamless SSO, if an application (for example, `https://contoso.sharepoint.com`) sends sign-in requests to Azure AD's tenant endpoints - that is, `https://login.microsoftonline.com/contoso.com/<..>` or `https://login.microsoftonline.com/<tenant_ID>/<..>` - instead of Azure AD's common endpoint (`https://login.microsoftonline.com/common/<...>`).
-
-For more information, see [Azure Active Directory Seamless Single Sign-On](../hybrid/how-to-connect-sso.md).
-
----
-
-### Need to add only one Azure AD URL, instead of two URLs previously, to users' Intranet zone settings to roll out Seamless SSO
-
-**Type:** New feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-To roll out Seamless SSO to your users, you need to add only one Azure AD URL to the users' Intranet zone settings by using group policy in Active Directory: `https://autologon.microsoftazuread-sso.com`. Previously, customers were required to add two URLs.
-
-For more information, see [Azure Active Directory Seamless Single Sign-On](../hybrid/how-to-connect-sso.md).
-
----
-
-### New Federated Apps available in Azure AD app gallery
-
-**Type:** New feature
-**Service category:** Enterprise Apps
-**Product capability:** 3rd Party Integration
-
-In March 2018, we've added these 15 new apps with Federation support to our app gallery:
-
-[Boxcryptor](../saas-apps/boxcryptor-tutorial.md), [CylancePROTECT](../saas-apps/cylanceprotect-tutorial.md), Wrike, [SignalFx](../saas-apps/signalfx-tutorial.md), Assistant by FirstAgenda, [YardiOne](../saas-apps/yardione-tutorial.md), Vtiger CRM, inwink, [Amplitude](../saas-apps/amplitude-tutorial.md), [Spacio](../saas-apps/spacio-tutorial.md), [ContractWorks](../saas-apps/contractworks-tutorial.md), [Bersin](../saas-apps/bersin-tutorial.md), [Mercell](../saas-apps/mercell-tutorial.md), [Trisotech Digital Enterprise Server](../saas-apps/trisotechdigitalenterpriseserver-tutorial.md), [Qumu Cloud](../saas-apps/qumucloud-tutorial.md).
-
-For more information about the apps, see [SaaS application integration with Azure Active Directory](../saas-apps/tutorial-list.md).
-
-For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](../manage-apps/v2-howto-app-gallery-listing.md).
-
----
-
-### PIM for Azure Resources is generally available
-
-**Type:** New feature
-**Service category:** Privileged Identity Management
-**Product capability:** Privileged Identity Management
-
-If you are using Azure AD Privileged Identity Management for directory roles, you can now use PIM's time-bound access and assignment capabilities for Azure Resource roles such as Subscriptions, Resource Groups, Virtual Machines, and any other resource supported by Azure Resource Manager. Enforce multifactor authentication when activating roles Just-In-Time, and schedule activations in coordination with approved change windows. In addition, this release adds enhancements not available during public preview including an updated UI, approval workflows, and the ability to extend roles expiring soon and renew expired roles.
-
-For more information, see [PIM for Azure resources (Preview)](../privileged-identity-management/azure-pim-resource-rbac.md)
-
----
-
-### Adding Optional Claims to your apps tokens (public preview)
-
-**Type:** New feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-Your Azure AD app can now request custom or optional claims in JWTs or SAML tokens.  These are claims about the user or tenant that are not included by default in the token, due to size or applicability constraints.  This is currently in public preview for Azure AD apps on the v1.0 and v2.0 endpoints.  See the documentation for information on what claims can be added and how to edit your application manifest to request them.
-
-For more information, see [Optional claims in Azure AD](../develop/active-directory-optional-claims.md).
-
----
-
-### Azure AD supports PKCE for more secure OAuth flows
-
-**Type:** New feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-Azure AD docs have been updated to note support for PKCE, which allows for more secure communication during the OAuth 2.0 Authorization Code grant flow.  Both S256 and plaintext code_challenges are supported on the v1.0 and v2.0 endpoints.
-
-For more information, see [Request an authorization code](../develop/v2-oauth2-auth-code-flow.md#request-an-authorization-code).
-
----
-
-### Support for provisioning all user attribute values available in the Workday Get_Workers API
-
-**Type:** New feature
-**Service category:** App Provisioning
-**Product capability:** 3rd Party Integration
-
-The public preview of inbound provisioning from Workday to Active Directory and Azure AD now supports the ability to extract and provisioning all attribute values available in the Workday Get_Workers API. This adds supports for hundreds of additional standard and custom attributes beyond the ones shipped with the initial version of the Workday inbound provisioning connector.
-
-For more information, see: [Customizing the list of Workday user attributes](../saas-apps/workday-inbound-tutorial.md#customizing-the-list-of-workday-user-attributes)
-
----
-
-### Changing group membership from dynamic to static, and vice versa
-
-**Type:** New feature
-**Service category:** Group Management
-**Product capability:** Collaboration
-
-It is possible to change how membership is managed in a group. This is useful when you want to keep the same group name and ID in the system, so any existing references to the group are still valid; creating a new group would require updating those references.
-We've updated the Azure portal to support this functionality. Now, customers can convert existing groups from dynamic membership to assigned membership and vice-versa. The existing PowerShell cmdlets are also still available.
-
-For more information, see [Dynamic membership rules for groups in Azure Active Directory](../enterprise-users/groups-dynamic-membership.md)
-
----
-
-### Improved sign-out behavior with Seamless SSO
-
-**Type:** Changed feature
-**Service category:** Authentications (Logins)
-**Product capability:** User Authentication
-
-Previously, even if users explicitly signed out of an application secured by Azure AD, they would be automatically signed back in using Seamless SSO if they were trying to access an Azure AD application again within their corpnet from their domain joined devices. With this change, sign out is supported.  This allows users to choose the same or different Azure AD account to sign back in with, instead of being automatically signed in using Seamless SSO.
-
-For more information, see [Azure Active Directory Seamless Single Sign-On](../hybrid/how-to-connect-sso.md)
-
----
-
-### Application Proxy Connector Version 1.5.402.0 Released
-
-**Type:** Changed feature
-**Service category:** App Proxy
-**Product capability:** Identity Security & Protection
-
-This connector version is gradually being rolled out through November. This new connector version includes the following changes:
-
-- The connector now sets domain level cookies instead subdomain level. This ensures a smoother SSO experience and avoids redundant authentication prompts.
-- Support for chunked encoding requests
-- Improved connector health monitoring
-- Several bug fixes and stability improvements
-
-For more information, see [Understand Azure AD Application Proxy connectors](../app-proxy/application-proxy-connectors.md).
-
----