You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| {tenant} | Yes | Name of your Azure AD B2C tenant |
146
146
| {policy} | Yes | The user flow that was used to acquire the authorization code. You can't use a different user flow in this request. Add this parameter to the query string, not to the POST body. |
147
147
| client_id | Yes | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application. |
148
-
| client_secret | Yes| The application secret that was generated in the [Azure portal](https://portal.azure.com/). This application secret is an important security artifact. You should store it securely on your server. Change this client secret on a periodic basis. |
148
+
| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, threfore not used on this flow. If using a client secret, please change it on a periodic basis. |
149
149
| code | Yes | The authorization code that you acquired in the beginning of the user flow. |
150
150
| grant_type | Yes | The type of grant, which must be `authorization_code` for the authorization code flow. |
151
151
| redirect_uri | Yes | The `redirect_uri` parameter of the application where you received the authorization code. |
| {tenant} | Yes | Name of your Azure AD B2C tenant |
215
215
| {policy} | Yes | The user flow that was used to acquire the original refresh token. You can't use a different user flow in this request. Add this parameter to the query string, not to the POST body. |
216
216
| client_id | Yes | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application. |
217
-
| client_secret | Yes| The application secret that was generated in the [Azure portal](https://portal.azure.com/). This application secret is an important security artifact. You should store it securely on your server. Change this client secret on a periodic basis. |
217
+
| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, threfore not used on this call. If using a client secret, please change it on a periodic basis. |
218
218
| grant_type | Yes | The type of grant, which must be a refresh token for this part of the authorization code flow. |
219
219
| refresh_token | Yes | The original refresh token that was acquired in the second part of the flow. The `offline_access` scope must be used in both the authorization and token requests in order to receive a refresh token. |
220
220
| redirect_uri | No | The `redirect_uri` parameter of the application where you received the authorization code. |
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/password-policy.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,6 +20,9 @@ To manage user security in Azure Active Directory Domain Services (Azure AD DS),
20
20
21
21
This article shows you how to create and configure a fine-grained password policy in Azure AD DS using the Active Directory Administrative Center.
22
22
23
+
> [!NOTE]
24
+
> Password policies are only available for Azure AD DS managed domains created using the Resource Manager deployment model. For older managed domains created using Classic, [migrate from the Classic virtual network model to Resource Manager][migrate-from-classic].
25
+
23
26
## Before you begin
24
27
25
28
To complete this article, you need the following resources and privileges:
@@ -30,6 +33,7 @@ To complete this article, you need the following resources and privileges:
30
33
* If needed, [create an Azure Active Directory tenant][create-azure-ad-tenant] or [associate an Azure subscription with your account][associate-azure-ad-tenant].
31
34
* An Azure Active Directory Domain Services managed domain enabled and configured in your Azure AD tenant.
32
35
* If needed, complete the tutorial to [create and configure an Azure Active Directory Domain Services instance][create-azure-ad-ds-instance].
36
+
* The Azure AD DS instance must have been created using the Resource Manager deployment model. If needed, [Migrate from the Classic virtual network model to Resource Manager][migrate-from-classic].
33
37
* A Windows Server management VM that is joined to the Azure AD DS managed domain.
34
38
* If needed, complete the tutorial to [create a management VM][tutorial-create-management-vm].
35
39
* A user account that's a member of the *Azure AD DC administrators* group in your Azure AD tenant.
@@ -126,3 +130,4 @@ For more information about password policies and using the Active Directory Admi
0 commit comments