Merge pull request #250911 from MicrosoftDocs/main

9/11/2023 AM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -23402,6 +23402,111 @@
             "redirect_url": "/entra/msal/python/advanced/msal-python-token-cache-serialization",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-python-adfs-support.md",
+            "redirect_url": "/entra/msal/python/advanced/msal-python-adfs-support",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-error-handling-dotnet.md",
+            "redirect_url": "/entra/msal/dotnet/advanced/exceptions/msal-error-handling",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-logging-dotnet.md",
+            "redirect_url": "/entra/msal/dotnet/advanced/exceptions/msal-logging",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-acquire-token-silently.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/acquire-token-silently",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-adfs-support.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/desktop-mobile/adfs-support",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-b2c-considerations.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/desktop-mobile/social-identities",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-clear-token-cache.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/clear-token-cache",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-client-assertions.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/msal-net-client-assertions",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-differences-adal-net.md",
+            "redirect_url": "/entra/msal/dotnet/how-to/differences-adal-msal-net",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-initializing-client-applications.md",
+            "redirect_url": "/entra/msal/dotnet/getting-started/initializing-client-applications",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-instantiate-confidential-client-config-options.md",
+            "redirect_url": "/entra/msal/dotnet/getting-started/instantiate-confidential-client-config-options",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-instantiate-public-client-config-options.md",
+            "redirect_url": "/entra/msal/dotnet/getting-started/instantiate-public-client-config-options",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-migration-confidential-client.md",
+            "redirect_url": "/entra/msal/dotnet/how-to/migrate-confidential-client",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-migration-public-client.md",
+            "redirect_url": "/entra/msal/dotnet/how-to/migrate-public-client",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-provide-httpclient.md",
+            "redirect_url": "/entra/msal/dotnet/advanced/httpclient",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-token-cache-serialization.md",
+            "redirect_url": "/entra/msal/dotnet/how-to/token-cache-serialization",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-user-gets-consent-for-multiple-resources.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/user-gets-consent-for-multiple-resources",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-uwp-considerations.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/desktop-mobile/uwp",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-web-browsers.md",
+            "redirect_url": "/entra/msal/dotnet/acquiring-tokens/using-web-browsers",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/msal-net-migration.md",
+            "redirect_url": "/entra/msal/dotnet/how-to/msal-net-migration",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/develop/microsoft-identity-web.md",
+            "redirect_url": "/entra/msal/dotnet/microsoft-identity-web/",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/networking/azure-orbital-overview.md",
             "redirect_url": "/azure/orbital/overview",

articles/active-directory-b2c/add-ropc-policy.md

@@ -22,6 +22,9 @@ zone_pivot_groups: b2c-policy-type
 
 In Azure Active Directory B2C (Azure AD B2C), the resource owner password credentials (ROPC) flow is an OAuth standard authentication flow. In this flow, an application, also known as the relying party, exchanges valid credentials for tokens. The credentials include a user ID and password. The tokens returned are an ID token, access token, and a refresh token.
 
+> [!WARNING]
+> We recommend that you _don't_ use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application and carries risks that aren't present in other flows. You should only use this flow when other more secure flows aren't viable.
+
 ## ROPC flow notes
 
 In Azure Active Directory B2C (Azure AD B2C), the following options are supported:

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: authentication
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 06/22/2023
+ms.date: 09/08/2023
 
 ms.author: justinha
 author: mjsantani
@@ -74,8 +74,9 @@ In addition to choosing who can be nudged, you can define how many days a user c
 
 To enable a registration campaign in the Azure portal, complete the following steps:
 
-1. In the Azure portal, click **Security** > **Authentication methods** > **Registration campaign**.
-1. For **State**, click **Microsoft managed** or **Enabled**. In the following screenshot, the registration campaign is **Microsoft managed**. That setting allows Microsoft to set the default value to be either enabled or disabled. For the registration campaign, the Microsoft managed value is Enabled for voice call and SMS users with free and trial subscriptions. For more information, see [Protecting authentication methods in Azure Active Directory](concept-authentication-default-enablement.md).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Registration campaign**.
+1. For **State**, click **Microsoft managed** or **Enabled**. In the following screenshot, the registration campaign is **Microsoft managed**. That setting allows Microsoft to set the default value to be either Enabled or Disabled. For the registration campaign, the Microsoft managed value is Enabled for voice call and text message users with free and trial subscriptions. For more information, see [Protecting authentication methods in Azure Active Directory](concept-authentication-default-enablement.md).
 
    ![Screenshot of enabling a registration campaign.](./media/how-to-nudge-authenticator-app/registration-campaign.png)
 

articles/active-directory/cloud-infrastructure-entitlement-management/product-rule-based-anomalies.md

@@ -1,6 +1,6 @@
 ---
-title: Create and view rule-based anomalies and anomaly triggers in Permissions Management
-description: How to create and view rule-based anomalies and anomaly triggers in Permissions Management.
+title: Create and view rule-based anomaly alerts and alert triggers in Permissions Management
+description: How to create and view rule-based anomaly alerts and alert triggers in Permissions Management.
 services: active-directory
 author: jenniferf-skc
 manager: amycolannino
@@ -12,13 +12,20 @@ ms.date: 02/23/2022
 ms.author: jfields
 ---
 
-# Create and view rule-based anomaly alerts and anomaly triggers
+# Create and view rule-based anomaly alerts and alert triggers
 
-Rule-based anomalies identify recent activity in Permissions Management that is determined to be unusual based on explicit rules defined in the activity trigger. The goal of rule-based anomaly is high precision detection.
+Rule-based anomalies identify recent activity in Permissions Management that is determined to be unusual based on explicit rules defined in the alert trigger. The goal of rule-based anomaly alerts is high-precision detection.
+
+You can configure rule-based anomaly alert triggers for the following conditions:
+- **Any Resource Accessed for the First Time**: The identity accesses a resource for the first time during the specified time interval.
+- **Identity Performs a Particular Task for the First Time**: The identity does a specific task for the first time during the specified time interval.
+- **Identity Performs a Task for the First Time**: The identity performs any task for the first time during the specified time interval.
+
+Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
 
 ## View rule-based anomaly alerts
 
-1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
+1. In the Permissions Management home page, select **Alerts** (the bell icon).
 1. Select **Rule-Based Anomaly**, and then select the **Alerts** subtab.
 
     The **Alerts** subtab displays the following information:
@@ -49,11 +56,11 @@ Rule-based anomalies identify recent activity in Permissions Management that is
      - **Details**: Displays details about **Authorization System Type**, **Authorization Systems**, **Resources**, **Tasks**, **Identities**, and **Activity**
      - **Activity**: Displays details about the **Identity Name**, **Resource Name**, **Task Name**, **Date/Time**, **Inactive For**, and **IP Address**. Selecting the "eye" icon displays the **Raw Events Summary**
 
-## Create a rule-based anomaly trigger
+## Create a rule-based anomaly alert trigger
 
-1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
+1. In the Permissions Management home page, select **Alerts** (the bell icon).
 1. Select **Rule-Based Anomaly**, and then select the **Alerts** subtab.
-1. Select **Create Anomaly Trigger**.
+1. Select **Create Alert Trigger**.
 
 1. In the **Alert Name** box, enter a name for the alert.
 1. Select the **Authorization System**, **AWS**, **Azure**, or **GCP**.
@@ -72,9 +79,9 @@ Rule-based anomalies identify recent activity in Permissions Management that is
 1. On the **Configuration** tab, to update the **Time Interval**, select **90 Days**, **60 Days**, or **30 Days** from the **Time range** dropdown.
 1. Select **Save**.
 
-## View a rule-based anomaly trigger
+## View a rule-based anomaly alert trigger
 
-1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
+1. In the Permissions Management home page, select **Alerts** (the bell icon).
 1. Select **Rule-Based Anomaly**, and then select the **Alert Triggers** subtab.
 
     The **Alert Triggers** subtab displays the following information:
@@ -113,7 +120,7 @@ Rule-based anomalies identify recent activity in Permissions Management that is
 
 ## Next steps
 
-- For an overview on activity triggers, see [View information about activity triggers](ui-triggers.md).
+- For an overview on alerts and alert triggers, see [View information about alerts and alert triggers](ui-triggers.md).
 - For information on activity alerts and alert triggers, see [Create and view activity alerts and alert triggers](how-to-create-alert-trigger.md).
-- For information on finding outliers in identity's behavior, see [Create and view statistical anomalies and anomaly triggers](product-statistical-anomalies.md).
-- For information on permission analytics triggers, see [Create and view permission analytics triggers](product-permission-analytics.md).
+- For information on finding outliers in identity's behavior, see [Create and view statistical anomaly alerts and alert triggers](product-statistical-anomalies.md).
+- For information on permission analytics alerts and alert triggers, see [Create and view permission analytics alerts and alert triggers](product-permission-analytics.md).

articles/active-directory/develop/TOC.yml

@@ -643,6 +643,8 @@
         - name: National clouds and MSAL
           displayName: china, germany, gov, 21vianet
           href: msal-national-cloud.md
+        - name: Application configuration
+          href: msal-client-application-configuration.md
         - name: MSAL Android
           items:
             - name: Library initialization
@@ -748,66 +750,12 @@
                   href: msal-js-known-issues-ie-edge-browsers.md
         - name: MSAL.NET
           displayName: ASP.NET Core, Xamarin
-          items:
-            - name: Library initialization
-              items:
-                - name: Microsoft.Identity.Web (MSAL wrapper)
-                  displayName: auth, library, .NET Core, msal
-                  href: microsoft-identity-web.md
-                - name: Application configuration
-                  href: msal-client-application-configuration.md
-                - name: Application initialization
-                  href: msal-net-initializing-client-applications.md
-                - name: Confidential client instantiation
-                  href: msal-net-instantiate-confidential-client-config-options.md
-                - name: Confidential client credentials (cert, secret, assertion)
-                  displayName: certificate
-                  href: msal-net-client-assertions.md
-                - name: Public client instantiation
-                  href: msal-net-instantiate-public-client-config-options.md
-                - name: Instantiation with custom HttpClient
-                  href: msal-net-provide-httpclient.md
-                - name: Web browser interaction (system and embedded)
-                  href: msal-net-web-browsers.md
-                - name: Universal Windows Platform
-                  href: msal-net-uwp-considerations.md
-            - name: Authentication and single sign-on (SSO)
-              displayName: caching, token caching, caching tokens
-              items:
-                - name: Get a token from the cache
-                  displayName: acquire access token
-                  href: msal-net-acquire-token-silently.md
-                - name: Clear the token cache
-                  href: msal-net-clear-token-cache.md
-                - name: Serialize the token cache
-                  displayName: serialization
-                  href: msal-net-token-cache-serialization.md
-                - name: Get consent for several resources
-                  href: msal-net-user-gets-consent-for-multiple-resources.md
-            - name: Connections and integrations
-              items:
-                - name: Integrate with AD FS
-                  href: msal-net-adfs-support.md
-                - name: Integrate with Azure AD B2C
-                  href: msal-net-b2c-considerations.md
-            - name: Logging and error handling
-              displayName: MSAL.NET
-              items:
-                - name: Handle errors and exceptions in MSAL.NET
-                  displayName: handling, catch
-                  href: msal-error-handling-dotnet.md
-                - name: Logging in MSAL.NET
-                  href: msal-logging-dotnet.md
-            - name: Migration to MSAL.NET
-              items:
-                - name: Migrate from ADAL.NET to MSAL.NET
-                  href: msal-net-migration.md
-                - name: Migrate confidential client apps to MSAL.NET
-                  href: msal-net-migration-confidential-client.md
-                - name: Migrate public client apps to MSAL.NET
-                  href: msal-net-migration-public-client.md
-                - name: Differences between ADAL.NET and MSAL.NET
-                  href: msal-net-differences-adal-net.md
+          href: /entra/msal/dotnet
+        - name: Microsoft.Identity.Web (MSAL wrapper)
+          displayName: auth, library, .NET Core, msal
+          href: /entra/msal/dotnet/microsoft-identity-web/
+        - name: Application configuration
+          href: msal-client-application-configuration.md
         - name: MSAL Node
           displayName: Node.js
           items:

articles/active-directory/develop/certificate-credentials.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 02/27/2023
 ms.author: owenrichards
 ms.reviewer: kenwith

articles/active-directory/develop/custom-claims-provider-reference.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 03/06/2023
 ms.author: davidmu
 ms.reviewer: jassuri