Merge pull request #99066 from MicrosoftDocs/master

12/16 AM Publish

Author: huypub

articles/active-directory-b2c/connect-with-saml-service-providers.md

@@ -61,7 +61,7 @@ If you don't yet have a SAML service provider and an associated metadata endpoin
 To build a trust relationship between your service provider and Azure AD B2C, you need to provide X509 certificates and their private keys.
 
 * **Service provider certificates**
-  * Certificate with a private key stored in your Web App. This certificate is used to by your service provider to sign the SAML request sent to Azure AD B2C. Azure AD B2C reads the public key from the service provider metadata to validate the signature.
+  * Certificate with a private key stored in your Web App. This certificate is used by your service provider to sign the SAML request sent to Azure AD B2C. Azure AD B2C reads the public key from the service provider metadata to validate the signature.
   * (Optional) Certificate with a private key stored in your Web App. Azure AD B2C reads the public key from the service provider metadata to encrypt the SAML assertion. The service provider then uses the private key to decrypt the assertion.
 * **Azure AD B2C certificates**
   * Certificate with a private key in Azure AD B2C. This certificate is used by Azure AD B2C to sign the SAML response sent to your service provider. Your service provider reads the Azure AD B2C metadata public key to validate the signature of the SAML response.
@@ -96,7 +96,7 @@ If you don't already have a certificate, you can use a self-signed certificate f
 Next, upload the SAML assertion and response signing certificate to Azure AD B2C.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and browse to your Azure AD B2C tenant.
-1. Select **Settings** > **Identity Experience Framework** > **Policy Keys**.
+1. Under **Policies**, select **Identity Experience Framework** and then **Policy keys**.
 1. Select **Add**, and then select **Options** > **Upload**.
 1. Enter a **Name**, for example *SamlIdpCert*. The prefix *B2C_1A_* is automatically added to the name of your key.
 1. Upload your certificate using the upload file control.
@@ -318,7 +318,7 @@ For this tutorial, in which you use the SAML test application, set the `url` pro
 
 #### LogoutUrl (Optional)
 
-This optional property represents the `Logout` URL (`SingleLogoutService` URL in the relying party metadata), and the `BindingType` for this is assumed to be `HttpDirect`.
+This optional property represents the `Logout` URL (`SingleLogoutService` URL in the relying party metadata), and the `BindingType` for this is assumed to be `Http-Redirect`.
 
 For this tutorial which uses the SAML test application, leave `logoutUrl` set to `https://samltestapp2.azurewebsites.net/logout`:
 
@@ -374,4 +374,4 @@ The following SAML relying party (RP) scenarios are supported via your own metad
 You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
 
 <!-- LINKS - External -->
-[samltest]: https://aka.ms/samltestapp
+[samltest]: https://aka.ms/samltestapp

articles/active-directory-b2c/custom-email.md

@@ -256,7 +256,8 @@ The `GenerateOtp` technical profile generates a code for the email address. The
         <InputClaim ClaimTypeReferenceId="verificationCode" PartnerClaimType="otpToVerify" />
       </InputClaims>
     </TechnicalProfile>
-  </ClaimsProviders>
+   </TechnicalProfiles>
+</ClaimsProviders>
 ```
 
 ## Add a REST API technical profile

articles/active-directory/develop/howto-add-app-roles-in-azure-ad-apps.md

@@ -121,7 +121,7 @@ Once you've added app roles in your application, you can assign users and groups
 
 - [Authorization in a web app using Azure AD application roles & role claims (Sample)](https://github.com/Azure-Samples/active-directory-dotnet-webapp-roleclaims)
 - [Using Security Groups and Application Roles in your apps (Video)](https://www.youtube.com/watch?v=V8VUPixLSiM)
-- [Azure Active Directory, now with Group Claims and Application Roles](https://cloudblogs.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles)
+- [Azure Active Directory, now with Group Claims and Application Roles](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-Active-Directory-now-with-Group-Claims-and-Application/ba-p/243862)
 - [Azure Active Directory app manifest](https://docs.microsoft.com/azure/active-directory/develop/reference-app-manifest)
 - [AAD Access tokens](access-tokens.md)
 - [AAD `id_tokens`](id-tokens.md)

articles/active-directory/develop/msal-net-xamarin-android-considerations.md

@@ -3,7 +3,7 @@ title: Xamarin Android considerations (MSAL.NET) | Azure
 titleSuffix: Microsoft identity platform
 description: Learn about specific considerations when using Xamarin Android with the Microsoft Authentication Library for .NET (MSAL.NET).
 services: active-directory
-author: TylerMSFT
+author: jmprieur
 manager: CelesteDG
 
 ms.service: active-directory
@@ -80,6 +80,23 @@ The `AndroidManifest.xml` should contain the following values:
 </activity>
 ```
 
+Or, you can [create the activity in code](https://docs.microsoft.com/xamarin/android/platform/android-manifest#the-basics) and not manually edit `AndroidManifest.xml`. For that, you must create a class that has the `Activity` and `IntentFilter` attribute. A class that represents the same values of the above xml would be:
+
+```csharp
+  [Activity]
+  [IntentFilter(new[] { Intent.ActionView },
+        Categories = new[] { Intent.CategoryBrowsable, Intent.CategoryDefault },
+        DataHost = "auth",
+        DataScheme = "msal{client_id}")]
+  public class MsalActivity : BrowserTabActivity
+  {
+  }
+```
+
+### XamarinForms 4.3.X manifest
+
+The code generated by XamarinForms 4.3.x sets the `package` attribute to `com.companyname.{appName}` in the `AndroidManifest.xml`. You might want to change the value to be same as the `MainActivity.cs` namespace, if you use the `DataScheme` as `msal{client_id}`.
+
 ## Use the embedded web view (optional)
 
 By default MSAL.NET uses the system web browser, which enables you to get SSO with Web applications and other apps. In some rare cases, you might want to specify that you want to use the embedded web view. For more information, see [MSAL.NET uses a Web browser](msal-net-web-browsers.md) and [Android system browser](msal-net-system-browser-android-considerations.md).
@@ -124,4 +141,4 @@ More details and samples are provided in the [Android Specific Considerations](h
 
 | Sample | Platform | Description |
 | ------ | -------- | ----------- |
-|[https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the AADD v2.0 endpoint, and access the Microsoft Graph with the resulting token. <br>![Topology](media/msal-net-xamarin-android-considerations/topology.png) |
+|[https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the AADD v2.0 endpoint, and access the Microsoft Graph with the resulting token. <br>![Topology](media/msal-net-xamarin-android-considerations/topology.png) |

articles/active-directory/develop/msal-net-xamarin-ios-considerations.md

@@ -3,7 +3,7 @@ title: Xamarin iOS considerations (MSAL.NET) | Azure
 titleSuffix: Microsoft identity platform
 description: Learn about specific considerations when using Xamarin iOS with the Microsoft Authentication Library for .NET (MSAL.NET).
 services: active-directory
-author: TylerMSFT
+author: jmprieur
 manager: CelesteDG
 
 ms.service: active-directory
@@ -27,13 +27,6 @@ On Xamarin iOS, there are several considerations that you must take into account
 - [Enable token cache sharing](#enable-token-cache-sharing-across-ios-applications)
 - [Enable Keychain access](#enable-keychain-access)
 
-## Known issues with iOS 12 and authentication
-Microsoft has released a [security advisory](https://github.com/aspnet/AspNetCore/issues/4647) to provide information about an incompatibility between iOS12 and some types of authentication. The incompatibility breaks social, WSFed, and OIDC logins. This advisory also provides guidance on what developers can do to remove current security restrictions added by ASP.NET to their applications to become compatible with iOS12.  
-
-When developing MSAL.NET applications on Xamarin iOS, you may see an infinite loop when trying to sign in to websites from iOS 12 (similar to this [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1329). 
-
-You might also see a break in ASP.NET Core OIDC authentication with iOS 12 Safari as described in this [WebKit issue](https://bugs.webkit.org/show_bug.cgi?id=188165).
-
 ## Implement OpenUrl
 
 First you need to override the `OpenUrl` method of the `FormsApplicationDelegate` derived class and call `AuthenticationContinuationHelper.SetAuthenticationContinuationEventArgs`.
@@ -53,40 +46,28 @@ You'll also need to define a URL scheme, require permissions for your app to cal
 To enable keychain access, your application must have a keychain access group.
 You can set your keychain access group by using the `WithIosKeychainSecurityGroup()` api when creating your application as shown below:
 
-To enable single sign-on, you need to set the `PublicClientApplication.iOSKeychainSecurityGroup` property to the same value in all of the applications.
+To benefit from the cache and single sign-on, you need to set the keychain access group to the same value in all of your applications.
 
-An example of this using MSAL v3.x would be:
+An example of this using MSAL v4.x would be:
 ```csharp
 var builder = PublicClientApplicationBuilder
      .Create(ClientId)
-     .WithIosKeychainSecurityGroup("com.microsoft.msalrocks")
+     .WithIosKeychainSecurityGroup("com.microsoft.adalcache")
      .Build();
 ```
 
-The entitlements.plist should be updated to look like the following XML fragment:
-
 This change is *in addition* to enabling keychain access in the `Entitlements.plist` file, using either the below access group or your own:
 
 ```xml
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
 <dict>
   <key>keychain-access-groups</key>
   <array>
-    <string>$(AppIdentifierPrefix)com.microsoft.msalrocks</string>
+    <string>$(AppIdentifierPrefix)com.microsoft.adalcache</string>
   </array>
 </dict>
-</plist>
 ```
 
-An example of this using MSAL v4.x would be:
-
-```csharp
-PublicClientApplication.iOSKeychainSecurityGroup = "com.microsoft.msalrocks";
-```
-
-When using the `WithIosKeychainSecurityGroup()` api, MSAL will automatically append your security group to the end of the application's "team ID" (AppIdentifierPrefix) because when you build your application using xcode, it will do the same. [See iOS entitlements documentation for more details](https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps). That's why you need to update the entitlements to include $(AppIdentifierPrefix) before the keychain access group in the entitlements.plist.
+When you use the `WithIosKeychainSecurityGroup()` api, MSAL automatically appends your security group to the end of the application's *team ID* (AppIdentifierPrefix) because when you build your application using xcode, it will do the same. For more information, see [iOS entitlements documentation](https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps). That's why the entitlements need to include `$(AppIdentifierPrefix)` before the keychain access group in the `Entitlements.plist`.
 
 ### Enable token cache sharing across iOS applications
 
@@ -125,3 +106,10 @@ Sample | Platform | Description
 [https://github.com/Azure-Samples/active-directory-xamarin-native-v2](https://github.com/azure-samples/active-directory-xamarin-native-v2) | Xamarin iOS, Android, UWP | A simple Xamarin Forms app showcasing how to use MSAL to authenticate MSA and Azure AD via the Azure AD V2.0 endpoint, and access the Microsoft Graph with the resulting token.
 
 <!--- https://github.com/Azure-Samples/active-directory-xamarin-native-v2/blob/master/ReadmeFiles/Topology.png -->
+
+## Known issues with iOS 12 and authentication
+Microsoft has released a [security advisory](https://github.com/aspnet/AspNetCore/issues/4647) to provide information about an incompatibility between iOS12 and some types of authentication. The incompatibility breaks social, WSFed, and OIDC logins. This advisory also provides guidance on what developers can do to remove current security restrictions added by ASP.NET to their applications to become compatible with iOS12.  
+
+When developing MSAL.NET applications on Xamarin iOS, you might see an infinite loop when trying to sign in to websites from iOS 12 (similar to this [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1329)). 
+
+You might also see a break in ASP.NET Core OIDC authentication with iOS 12 Safari as described in this [WebKit issue](https://bugs.webkit.org/show_bug.cgi?id=188165).

articles/asc-for-iot/how-to-deploy-linux-cs.md

@@ -48,7 +48,7 @@ To deploy the security agent, use the following steps:
 
 1. Add running permissions to the **InstallSecurityAgent script** by running `chmod +x InstallSecurityAgent.sh` 
 
-1. Next, run: 
+1. Next, run the following command with **root privileges**: 
 
    ```
    ./InstallSecurityAgent.sh -i -aui <authentication identity>  -aum <authentication method> -f <file path> -hn <host name>  -di <device id> -cl <certificate location kind>
@@ -122,4 +122,4 @@ To uninstall the agent, run the script with the –u parameter: `./InstallSecuri
 - Learn more about Azure Security Center for IoT [Architecture](architecture.md)
 - Enable the [service](quickstart-onboard-iot-hub.md)
 - Read the [FAQ](resources-frequently-asked-questions.md)
-- Understand [alerts](concept-security-alerts.md)
+- Understand [alerts](concept-security-alerts.md)

articles/automation/automation-tutorial-installed-software.md

@@ -3,14 +3,10 @@ title: Discover what software is installed on your machines with Azure Automatio
 description: Use Inventory to discover what software is installed on the machines across your environment.
 services: automation
 keywords: inventory, automation, change, tracking
-author: jennyhunter-msft
-ms.author: jehunte
 ms.date: 04/11/2018
 ms.topic: tutorial
-ms.service: automation
 ms.subservice: change-inventory-management
 ms.custom: mvc
-manager: carmonm
 ---
 # Discover what software is installed on your Azure and non-Azure machines
 

articles/automation/automation-tutorial-troubleshoot-changes.md

@@ -2,15 +2,11 @@
 title: Troubleshoot changes on an Azure virtual machine | Microsoft Docs
 description: Use Change Tracking to troubleshoot changes on an Azure virtual machine.
 services: automation
-ms.service: automation
 ms.subservice: change-inventory-management
 keywords: change, tracking, automation
-author: jennyhunter-msft
-ms.author: jehunte
 ms.date: 12/05/2018
 ms.topic: tutorial
 ms.custom: mvc
-manager: carmonm
 ---
 
 # Troubleshoot changes in your environment

articles/automation/automation-tutorial-update-management.md

@@ -2,12 +2,9 @@
 title: Manage updates and patches for your Azure VMs
 description: This article provides an overview of how to use Azure Automation Update Management to manage updates and patches for your Azure and non-Azure VMs.
 services: automation
-author: mgoedtel
-ms.service: automation
 ms.subservice: update-management
 ms.topic: tutorial
 ms.date: 12/03/2019
-ms.author: magoedte
 ms.custom: mvc
 ---
 # Manage updates and patches for your Azure VMs

articles/automation/automation-update-azure-modules.md

@@ -2,13 +2,9 @@
 title: Update Azure modules in Azure Automation
 description: This article describes how you can now update common Azure PowerShell modules provided by default in Azure Automation.
 services: automation
-ms.service: automation
 ms.subservice: process-automation
-author: mgoedtel
-ms.author: magoedte
 ms.date: 06/14/2019
 ms.topic: conceptual
-manager: carmonm
 ---
 
 # How to update Azure PowerShell modules in Azure Automation