Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.json

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 03/02/2020
+ms.date: 02/12/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -47,7 +47,7 @@ The **ClaimType** element contains the following elements:
 | Element | Occurrences | Description |
 | ------- | ----------- | ----------- |
 | DisplayName | 1:1 | The title that's displayed to users on various screens. The value can be [localized](localization.md). |
-| DataType | 1:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection can be used. Primitive data type represents the equivalent of C# variable data type. stringCollection represents a collection of strings. For more information see [C# Types and variables](https://docs.microsoft.com/dotnet/csharp/tour-of-csharp/types-and-variables). Date follows ISO 8601 convention. |
+| DataType | 1:1 | The type of the claim. The data types of boolean, date, dateTime, int, long, string, stringCollection and phoneNumber can be used. Primitive data type represents the equivalent of C# variable data type. stringCollection represents a collection of strings. For more information see [C# Types and variables](https://docs.microsoft.com/dotnet/csharp/tour-of-csharp/types-and-variables). Date follows ISO 8601 convention. |
 | DefaultPartnerClaimTypes | 0:1 | The partner default claim types to use for a specified protocol. The value can be overwritten in the **PartnerClaimType** specified in the **InputClaim** or **OutputClaim** elements. Use this element to specify the default name for a protocol.  |
 | Mask | 0:1 | An optional string of masking characters that can be applied when displaying the claim. For example, the phone number 324-232-4343 can be masked as XXX-XXX-4343. |
 | UserHelpText | 0:1 | A description of the claim type that can be helpful for users to understand its purpose. The value can be [localized](localization.md). |

articles/active-directory-b2c/claimsschema.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 03/18/2019
+ms.date: 02/12/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -68,7 +68,7 @@ Custom policy/Identity Experience Framework capabilities are under constant and
 | Relying Party OAUTH1 |  |  |  | Not supported. |
 | Relying Party OAUTH2 |  |  | X |  |
 | Relying Party OIDC |  |  | X |  |
-| Relying Party SAML | X |  |  |  |
+| Relying Party SAML |  |X  |  |  |
 | Relying Party WSFED | X |  |  |  |
 | REST API with basic and certificate auth |  |  | X | For example, Azure Logic Apps. |
 
@@ -81,7 +81,7 @@ Custom policy/Identity Experience Framework capabilities are under constant and
 | Azure Email subsystem for email verification |  |  | X |  |
 | Multi-language support|  |  | X |  |
 | Predicate Validations |  |  | X | For example, password complexity. |
-| Using third party email service providers | X |  |  |  |
+| Using third party email service providers |  |X  |  |  |
 
 ### Content Definition
 

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/17/2019
+ms.date: 02/12/2020
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -29,7 +29,7 @@ This claim validates the format of the phone number. If it is in a valid format,
 | Item | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
 | InputClaim | inputClaim | string | The claim of string type converting from. |
-| OutputClaim | outputClaim | string | The result of this claims transformation. |
+| OutputClaim | outputClaim | phoneNumber | The result of this claims transformation. |
 
 The **ConvertStringToPhoneNumberClaim** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md) or [display control](display-controls.md). The **UserMessageIfClaimsTransformationInvalidPhoneNumber** self-asserted technical profile metadata controls the error message that is presented to the user.
 

articles/active-directory-b2c/phone-number-claims-transformations.md

@@ -64,7 +64,7 @@
   items:
   - name: Self-service password reset
     items:
-    - name: Deploy self-service password reset
+    - name: Deployment guide
       href: howto-sspr-deployment.md
     - name: Pre-register authentication data
       href: howto-sspr-authenticationdata.md
@@ -74,7 +74,7 @@
       href: howto-sspr-windows.md
   - name: Cloud-based MFA
     items:
-    - name: Deploy cloud-based MFA
+    - name: Deployment guide
       href: howto-mfa-getstarted.md
     - name: Per user MFA
       href: howto-mfa-userstates.md

articles/active-directory/authentication/TOC.yml

@@ -12,7 +12,7 @@ metadata:
   ms.topic: landing-page
   author: iainfoulds
   ms.author: iainfou
-  ms.date: 08/20/2019
+  ms.date: 02/11/2020
   ms.collection: M365-identity-device-management
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
@@ -43,16 +43,16 @@ landingContent:
             url: concept-sspr-howitworks.md
           - text: Password writeback
             url: concept-sspr-writeback.md
-      - linkListType: quickstart
+      - linkListType: tutorial
         links:
-          - text: Self-service password reset quickstart
-            url: quickstart-sspr.md
+          - text: Enable self-service password reset
+            url: tutorial-enable-sspr.md
+          - text: Enable password writeback to on-premises
+            url: tutorial-enable-writeback.md
       - linkListType: deploy
         links:
-          - text: Deploy Azure AD self-service password reset
+          - text: Deployment guide for self-service password reset
             url: howto-sspr-deployment.md
-          - text: Enable password writeback
-            url: howto-sspr-writeback.md
           - text: Enable password reset from the Windows login screen
             url: howto-sspr-windows.md
 
@@ -65,13 +65,13 @@ landingContent:
             url: concept-mfa-howitworks.md
       - linkListType: tutorial
         links:
-          - text: Pilot Azure MFA for specific applications
-            url: tutorial-mfa-applications.md
-          - text: Use risk detections to trigger Multi-Factor Authentication and password changes
+          - text: Enable Azure Multi-Factor Authentication
+            url: tutorial-enable-azure-mfa.md
+          - text: Enable risk-based Azure Multi-Factor Authentication
             url: tutorial-risk-based-sspr-mfa.md
       - linkListType: deploy
         links:
-          - text: Deploy Azure Multi-Factor Authentication
+          - text: Deployment guide for Azure Multi-Factor Authentication
             url: howto-mfa-getstarted.md
           - text: Use NPS extension to integrate on-premises applications
             url: howto-mfa-nps-extension.md

articles/active-directory/authentication/index.yml

@@ -176,6 +176,8 @@
   items:
   - name: Glossary
     href: ../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json
+  - name: Videos
+    href: videos.md
   - name: Azure roadmap
     href: https://azure.microsoft.com/roadmap/?category=security-identity
   - name: Azure AD blog

articles/active-directory/azuread-dev/TOC.yml

@@ -53,5 +53,8 @@ The following articles provide detailed information about APIs, protocol message
 | [Glossary](../develop/developer-glossary.md?toc=/azure/active-directory/azuread-dev/toc.json&bc=/azure/active-directory/azuread-dev/breadcrumb/toc.json)                                      | Terminology and definitions of words that are used throughout this documentation. |
 |  |  |
 
+## Videos
+
+See [Azure Active Directory developer platform videos](videos.md) for help migrating to the new Microsoft identity platform.
 
 [!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/azuread-dev/v1-overview.md

@@ -0,0 +1,71 @@
+---
+title: Azure ADAL to MSAL migration videos | Azure
+description: Videos that help you migrate from the Azure Active Directory developer platform to the Microsoft identity platform
+services: active-directory
+author: mmacy
+manager: CelesteDG
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 02/12/2020
+ms.author: marsma
+ms.custom: aaddev
+ms.reviewer: celested
+titleSuffix: Microsoft identity platform
+---
+
+# Azure Active Directory developer platform videos
+
+Learn about the new Microsoft identity platform and how to migrate to it from the Azure Active Directory (Azure AD) developer platform. The videos are typically 1-2 minutes long.
+
+## Migrate from v1.0 to v2.0
+
+**Learn about migrating to the the latest version of the Microsoft identity platform**
+
+:::row:::
+    :::column:::
+        New Microsoft identity platform overview
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/bNlcFuIo3r8]
+    :::column-end:::
+    :::column:::
+        Introduction to the MSAL libraries
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/apbbx2n4tnU]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Endpoints and the benefits of moving to v2.0
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+     :::column:::
+        Migrating your ADAL codebase to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/xgL_z9yCnrE]
+    :::column-end:::
+:::row-end:::
+:::row:::
+    :::column:::
+        Why migrate from ADAL to MSAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/qpdC45tZYDg]
+    :::column-end:::
+    :::column:::
+        Advantages of MSAL over ADAL
+    :::column-end:::
+    :::column:::
+        > [!VIDEO https://www.youtube.com/embed/q-TDszj2O-4]
+    :::column-end:::
+:::row-end:::
+
+## Next steps
+
+Learn about the new [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop)

articles/active-directory/azuread-dev/videos.md

@@ -0,0 +1,147 @@
+---
+
+title: Tutorial for bulk inviting B2B collaboration users - Azure Active Directory | Microsoft Docs
+description: In this tutorial, you learn how to use PowerShell and a CSV file to send bulk invitations to external Azure AD B2B collaboration guest users.
+
+services: active-directory
+ms.service: active-directory
+ms.subservice: B2B
+ms.topic: tutorial
+ms.date: 02/11/2020
+
+ms.author: mimart
+author: msmimart
+manager: celestedg
+ms.reviewer: mal
+
+#customer intent: As a tenant administrator, I want to send B2B invitations to multiple external users at the same time so that I can avoid having to send individual invitations to each user.
+
+ms.collection: M365-identity-device-management
+---
+
+# Tutorial: Use PowerShell to bulk invite Azure AD B2B collaboration users
+
+If you use Azure Active Directory (Azure AD) B2B collaboration to work with external partners, you can invite multiple guest users to your organization at the same time. In this tutorial, you learn how to use PowerShell to send bulk invitations to external users. Specifically, you do the following:
+
+> [!div class="checklist"]
+> * Prepare a comma-separated value (.csv) file with the user information
+> * Run a PowerShell script to send invitations
+> * Verify the users were added to the directory
+
+If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. 
+
+## Prerequisites
+
+### Install the latest AzureADPreview module
+
+Make sure that you install the latest version of the Azure AD PowerShell for Graph module (AzureADPreview). 
+
+First, check which modules you have installed. Open Windows PowerShell as an elevated user (Run as administrator), and run the following command:
+
+```powershell
+Get-Module -ListAvailable AzureAD*
+```
+
+Based on the output, do one of the following:
+
+- If no results are returned, run the following command to install the AzureADPreview module:
+  
+   ```powershell
+   Install-Module AzureADPreview
+   ```
+
+- If only the AzureAD module shows up in the results, run the following commands to install the AzureADPreview module: 
+
+   ```powershell
+   Uninstall-Module AzureAD
+   Install-Module AzureADPreview
+   ```
+
+- If only the AzureADPreview module shows up in the results, but you receive a message that indicates there's a later version, run the following commands to update the module:
+
+   ```powershell
+   Uninstall-Module AzureADPreview
+   Install-Module AzureADPreview
+   ```
+
+You may receive a prompt that you're installing the module from an untrusted repository. This occurs if you haven't previously set the PSGallery repository as a trusted repository. Press **Y** to install the module.
+
+### Get test email accounts
+
+You need two or more test email accounts that you can send the invitations to. The accounts must be from outside your organization. You can use any type of account, including social accounts such as gmail.com or outlook.com addresses.
+
+## Prepare the CSV file
+
+In Microsoft Excel, create a CSV file with the list of invitee user names and email addresses. Make sure to include the **Name** and **InvitedUserEmailAddress** column headings.
+
+For example, create a worksheet in the following format:
+
+![PowerShell output showing pending user acceptance](media/tutorial-bulk-invite/AddUsersExcel.png)
+
+Save the file as **C:\BulkInvite\Invitations.csv**. 
+
+If you don't have Excel, you can create a CSV file in any text editor, such as Notepad. Separate each value with a comma, and each row with a new line. 
+
+## Sign in to your tenant
+
+Run the following command to connect to the tenant domain:
+
+```powershell
+Connect-AzureAD -TenantDomain "<Tenant_Domain_Name>"
+```
+
+For example, `Connect-AzureAD -TenantDomain "contoso.onmicrosoft.com"`.
+
+When prompted, enter your credentials.
+
+## Send bulk invitations
+
+To send the invitations, run the following PowerShell script (where **c:\bulkinvite\invitations.csv** is the path of the CSV file):
+
+```powershell
+$invitations = import-csv c:\bulkinvite\invitations.csv
+
+$messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo
+
+$messageInfo.customizedMessageBody = "Hello. You are invited to the Contoso organization."
+
+foreach ($email in $invitations)
+   {New-AzureADMSInvitation `
+      -InvitedUserEmailAddress $email.InvitedUserEmailAddress `
+      -InvitedUserDisplayName $email.Name `
+      -InviteRedirectUrl https://myapps.microsoft.com `
+      -InvitedUserMessageInfo $messageInfo `
+      -SendInvitationMessage $true
+   }
+```
+
+The script sends an invitation to the email addresses in the Invitations.csv file. You should see output similar to the following for each user:
+
+![PowerShell output showing pending user acceptance](media/tutorial-bulk-invite/B2BBulkImport.png)
+
+## Verify users exist in the directory
+
+To verify that the invited users were added to Azure AD, run the following command:
+
+```powershell
+ Get-AzureADUser -Filter "UserType eq 'Guest'"
+```
+
+You should see the users that you invited listed, with a user principal name (UPN) in the format *emailaddress*#EXT#\@*domain*. For example, *lstokes_fabrikam.com#EXT#\@contoso.onmicrosoft.com*, where contoso.onmicrosoft.com is the organization from which you sent the invitations.
+
+## Clean up resources
+
+When no longer needed, you can delete the test user accounts in the directory. Run the following command to delete a user account:
+
+```powershell
+ Remove-AzureADUser -ObjectId "<UPN>"
+```
+
+For example: `Remove-AzureADUser -ObjectId "lstokes_fabrikam.com#EXT#@contoso.onmicrosoft.com"`
+
+## Next steps
+
+In this tutorial, you sent bulk invitations to guest users outside of your organization. Next, learn how the invitation redemption process works.
+
+> [!div class="nextstepaction"]
+> [Learn about the Azure AD B2B collaboration invitation redemption process](redemption-experience.md)