MicrosoftDocs
diff --git a/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 10 additions & 0 deletions b/‎.openpublishing.redirection.azure-monitor.json
Lines changed: 10 additions & 0 deletions
diff --git a/‎articles/active-directory-b2c/custom-policies-series-call-rest-api.md
Lines changed: 9 additions & 3 deletions b/‎articles/active-directory-b2c/custom-policies-series-call-rest-api.md
Lines changed: 9 additions & 3 deletions
diff --git a/‎articles/active-directory-b2c/custom-policies-series-hello-world.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/custom-policies-series-hello-world.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/custom-policies-series-overview.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/custom-policies-series-overview.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory-b2c/data-residency.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/data-residency.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-domain-services/tutorial-configure-ldaps.md
Lines changed: 3 additions & 5 deletions b/‎articles/active-directory-domain-services/tutorial-configure-ldaps.md
Lines changed: 3 additions & 5 deletions
diff --git a/‎articles/active-directory/authentication/how-to-mfa-authenticator-lite.md
Lines changed: 36 additions & 19 deletions b/‎articles/active-directory/authentication/how-to-mfa-authenticator-lite.md
Lines changed: 36 additions & 19 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-mfasettings.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/authentication/howto-mfa-mfasettings.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/develop/custom-extension-get-started.md
Lines changed: 2 additions & 4 deletions b/‎articles/active-directory/develop/custom-extension-get-started.md
Lines changed: 2 additions & 4 deletions
@@ -35,6 +35,16 @@
             "redirect_url": "/azure/azure-monitor/change/change-analysis",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/source-map-support.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk-advanced",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/azure-monitor/app/release-notes.md",
             "redirect_url": "/azure/azure-monitor/app/app-insights-overview",
 
@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
 ms.custom: b2c-docs-improvements
-ms.date: 01/30/2023
+ms.date: 03/16/2023
 ms.author: kengaderdus
 ms.reviewer: yoelh
 ms.subservice: B2C
@@ -104,7 +104,7 @@ You need to deploy an app, which will serve as your external app. Your custom po
 
 1. To test the app works as expected, use the following steps:
     1. In your terminal, run the `node index.js` command to start your app server. 
-    1. To make a POST request similar to the one shown below, you can use an HTTP client such as [Microsoft PowerShell](https://learn.microsoft.com/powershell/scripting/overview) or [Postman](https://www.postman.com/):
+    1. To make a POST request similar to the one shown below, you can use an HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/):
 
     ```http
         POST http://localhost/validate-accesscode HTTP/1.1
@@ -150,7 +150,7 @@ Follow the steps in [Deploy your app to Azure](../app-service/quickstart-nodejs.
 
 - Service endpoint looks similar to `https://custompolicyapi.azurewebsites.net/validate-accesscode`.
 
-You can test the app you've deployed by using an HTTP client such as [Microsoft PowerShell](https://learn.microsoft.com/powershell/scripting/overview) or [Postman](https://www.postman.com/). This time, use `https://custompolicyapi.azurewebsites.net/validate-accesscode` URL as the endpoint. 
+You can test the app you've deployed by using an HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/). This time, use `https://custompolicyapi.azurewebsites.net/validate-accesscode` URL as the endpoint. 
 
 ## Step 2 - Call the REST API
 
@@ -302,6 +302,12 @@ Then, update the *Metadata*, *InputClaimsTransformations*, and *InputClaims* of
     </InputClaims>
 ```
 
+## Receive data from REST API
+
+If your REST API returns data, which you want to include as claims in your policy, you can receive it by specifying claims in the `OutputClaims` element of the RESTful technical profile. If the name of the claim defined in your policy is different from the name defined in the REST API, you need to map these names by using the `PartnerClaimType` attribute. 
+
+Use the steps in [Receiving data](api-connectors-overview.md?pivots=b2c-custom-policy#receiving-data) to learn how to format the data the custom policy expects, how to handle nulls values, and how to parse REST the API's nested JSON body.
+
 ## Next steps
 
 Next, learn:
 
@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
 ms.custom: b2c-docs-improvements
-ms.date: 01/30/2023
+ms.date: 03/16/2023
 ms.author: kengaderdus
 ms.reviewer: yoelh
 ms.subservice: B2C
@@ -280,7 +280,7 @@ After the policy finishes execution, you're redirected to `https://jwt.ms`, and
     }.[Signature]
 ``` 
 
-Notice the `message` and `sub` claims, which we set as output claims](relyingparty.md#outputclaims) in the `RelyingParty` section. 
+Notice the `message` and `sub` claims, which we set as [output claims](relyingparty.md#outputclaims) in the `RelyingParty` section. 
 
 ## Next steps
 
 
@@ -22,7 +22,7 @@ In Azure Active Directory B2C (Azure AD B2C), you can create user experiences by
 
 User flows are already customizable such as [changing UI](customize-ui.md), [customizing language](language-customization.md) and using [custom attributes](user-flow-custom-attributes.md). However, these customizations might not cover all your business specific needs, which is the reason why you need custom policies.   
 
-While you can use pre-made [custom policy starter pack](/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#custom-policy-starter-pack), it's important for you understand how custom policy is built from scratch. In this how-to guide series, you'll learn what you need to understand for you to customize the behavior of your user experience by using custom policies. At the end of this how-to guide series, you should be able to read and understand existing custom policies or write your own from scratch.
+While you can use pre-made [custom policy starter pack](./tutorial-create-user-flows.md?pivots=b2c-custom-policy#custom-policy-starter-pack), it's important for you understand how custom policy is built from scratch. In this how-to guide series, you'll learn what you need to understand for you to customize the behavior of your user experience by using custom policies. At the end of this how-to guide series, you should be able to read and understand existing custom policies or write your own from scratch.
 
 ## Prerequisites
 
@@ -48,4 +48,4 @@ This how-to guide series consists of multiple articles. We recommend that you st
 
 - Learn about [Azure AD B2C TrustFrameworkPolicy BuildingBlocks](buildingblocks.md)
 
-- [Write your first Azure Active Directory B2C custom policy - Hello World!](custom-policies-series-hello-world.md)
+- [Write your first Azure Active Directory B2C custom policy - Hello World!](custom-policies-series-hello-world.md)
@@ -59,7 +59,7 @@ The following locations are in the process of being added to the list. For now,
 ## EU Data Boundary
 
 > [!IMPORTANT]
-> For comprehensive details about Microsoft's EU Data Boundary commitment, see [Microsoft's EU Data Boundary documentation](https://learn.microsoft.com/privacy/eudb/eu-data-boundary-learn).
+> For comprehensive details about Microsoft's EU Data Boundary commitment, see [Microsoft's EU Data Boundary documentation](/privacy/eudb/eu-data-boundary-learn).
 
 ## Remote profile solution
 
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: domain-services
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/14/2023
+ms.date: 03/15/2023
 ms.author: justinha
 ms.reviewer: xyuan
 
@@ -237,13 +237,11 @@ Let's create a rule to allow inbound secure LDAP access over TCP port 636 from a
 
     | Setting                           | Value        |
     |-----------------------------------|--------------|
-    | Source                            | Service tag  |
-    | Source service tag                | AzureActiveDirectoryDomainServices  |
-    | Source IP addresses/CIDR ranges   | A valid IP address or range for your environment |
+    | Source                            | IP Addresses |
+    | Source IP addresses / CIDR ranges | A valid IP address or range for your environment |
     | Source port ranges                | *            |
     | Destination                       | Any          |
     | Destination port ranges           | 636          |
-    | Service                           | WinRM        |
     | Protocol                          | TCP          |
     | Action                            | Allow        |
     | Priority                          | 401          |
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/14/2023
+ms.date: 03/15/2023
 
 ms.author: justinha
 author: sabina-smith
@@ -23,6 +23,9 @@ Microsoft Authenticator Lite is another surface for Azure Active Directory (Azur
 
 Users receive a notification in Outlook mobile to approve or deny sign-in, or they can copy a TOTP to use during sign-in. 
 
+>[!NOTE]
+>This is an important security enhancement for users authenticating via telecom transports. The 'Microsoft managed' setting for this feature will be set to enabled on May 26th, 2023. This will enable the feature for all users in tenants where the feature is set to Microsoft managed. If you wish to change the state of this feature, please do so before May 26th, 2023.
+
 ## Prerequisites
 
 - Your organization needs to enable Microsoft Authenticator (second factor) push notifications for some users or groups by using the Authentication methods policy. You can edit the Authentication methods policy by using the Azure portal or Microsoft Graph API.
@@ -56,26 +59,40 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 ### Request
 
-```http
-PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy
-Content-Type: application/json
- 
+```JSON
+//Retrieve your existing policy via a GET. 
+//Leverage the Response body to create the Request body section. Then update the Request body similar to the Request body as shown below.
+//Change the Query to PATCH and Run query
+
 {
-    "CompanionAppAllowedState": {
-        "state": "enabled",
-        "excludeTargets": [
-            {
-                "id": "s4432809-3bql-5m2l-0p42-8rq4707rq36m",
-                "targetType": "group"
-            }
-        ],
-        "includeTargets": [
-            {
-                "id": "all_users",
-                "targetType": "group"
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",
+    "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration",
+    "id": "MicrosoftAuthenticator",
+    "state": "enabled",
+    "isSoftwareOathEnabled": false,
+    "excludeTargets": [],
+    "featureSettings": {
+        "companionAppAllowedState": {
+            "state": "enabled",
+            "includeTarget": {
+                "targetType": "group",
+                "id": "s4432809-3bql-5m2l-0p42-8rq4707rq36m"
+            },
+            "excludeTarget": {
+                "targetType": "group",
+                "id": "00000000-0000-0000-0000-000000000000"
             }
-        ]
-    }
+        }
+    },
+    "[email protected]": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets",
+    "includeTargets": [
+        {
+            "targetType": "group",
+            "id": "all_users",
+            "isRegistrationRequired": false,
+            "authenticationMode": "any"
+        }
+    ]
 }
 ```
 
 
@@ -78,9 +78,9 @@ To unblock a user, complete the following steps:
 
 ## Report suspicious activity
 
-A preview of **Report Suspicious Activity**, the updated MFA **Fraud Alert** feature, is now available. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using Microsoft Authenticator or through their phone. These alerts are integrated with [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) for more comprehensive coverage and capability. 
+A preview of **Report Suspicious Activity**, the updated MFA **Fraud Alert** feature, is now available. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using Microsoft Authenticator or through their phone. These alerts are integrated with [Identity Protection](../identity-protection/overview-identity-protection.md) for more comprehensive coverage and capability. 
 
-Users who report an MFA prompt as suspicious are set to **High User Risk**. Administrators can use risk-based policies to limit access for these users, or enable self-service password reset (SSPR) for users to remediate problems on their own. If you previously used the **Fraud Alert** automatic blocking feature and don't have an Azure AD P2 license for risk-based policies, you can use risk detection events to identify and disable impacted users and automatically prevent their sign-in. For more information about using risk-based policies, see [Risk-based access policies](/azure/active-directory/identity-protection/concept-identity-protection-policies).  
+Users who report an MFA prompt as suspicious are set to **High User Risk**. Administrators can use risk-based policies to limit access for these users, or enable self-service password reset (SSPR) for users to remediate problems on their own. If you previously used the **Fraud Alert** automatic blocking feature and don't have an Azure AD P2 license for risk-based policies, you can use risk detection events to identify and disable impacted users and automatically prevent their sign-in. For more information about using risk-based policies, see [Risk-based access policies](../identity-protection/concept-identity-protection-policies.md).  
 
 To enable **Report Suspicious Activity** from the Authentication Methods Settings:   
 
@@ -100,7 +100,7 @@ When a user reports a MFA prompt as suspicious, the event shows up in the Sign-i
 
 ### Manage suspicious activity events 
 
-Once a user has reported a prompt as suspicious, the risk should be investigated and remediated with [Identity Protection](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock). 
+Once a user has reported a prompt as suspicious, the risk should be investigated and remediated with [Identity Protection](../identity-protection/howto-identity-protection-remediate-unblock.md). 
 
 ### Report suspicious activity and fraud alert 
 
@@ -384,4 +384,4 @@ After you enable the **remember multi-factor authentication** feature, users can
 
 ## Next steps
 
-To learn more, see [What authentication and verification methods are available in Azure Active Directory?](concept-authentication-methods.md)
+To learn more, see [What authentication and verification methods are available in Azure Active Directory?](concept-authentication-methods.md)
@@ -58,7 +58,7 @@ Sign-in frequency previously applied to only to the first factor authentication
 
 ### User sign-in frequency and device identities
 
-On Azure AD joined and hybrid Azure AD joined devices, unlocking the device, or signing in interactively will only refresh the Primary Refresh Token (PRT) every 4 hours. The last refresh timestamp recorded for PRT compared with the current timestamp must be within the time allotted in SIF policy for PRT to satisfy SIF and grant access to a PRT that has an existing MFA claim. On [Azure AD registered devices](/azure/active-directory/devices/concept-azure-ad-register), unlock/sign-in would not satisfy the SIF policy because the user is not accessing an Azure AD registered device via an Azure AD account. However, the [Azure AD WAM](../develop/scenario-desktop-acquire-token-wam.md) plugin can refresh a PRT during native application authentication using WAM.
+On Azure AD joined and hybrid Azure AD joined devices, unlocking the device, or signing in interactively will only refresh the Primary Refresh Token (PRT) every 4 hours. The last refresh timestamp recorded for PRT compared with the current timestamp must be within the time allotted in SIF policy for PRT to satisfy SIF and grant access to a PRT that has an existing MFA claim. On [Azure AD registered devices](../devices/concept-azure-ad-register.md), unlock/sign-in would not satisfy the SIF policy because the user is not accessing an Azure AD registered device via an Azure AD account. However, the [Azure AD WAM](../develop/scenario-desktop-acquire-token-wam.md) plugin can refresh a PRT during native application authentication using WAM.
 
 Note: The timestamp captured from user log-in is not necessarily the same as the last recorded timestamp of PRT refresh because of the 4-hour refresh cycle. The case when it is the same is when a PRT has expired and a user log-in refreshes it for 4 hours. In the following examples, assume SIF policy is set to 1 hour and PRT is refreshed at 00:00.
 
@@ -196,4 +196,4 @@ We factor for five minutes of clock skew, so that we don’t prompt users more o
 
 ## Next steps
 
-* If you're ready to configure Conditional Access policies for your environment, see the article [Plan a Conditional Access deployment](plan-conditional-access.md).
+* If you're ready to configure Conditional Access policies for your environment, see the article [Plan a Conditional Access deployment](plan-conditional-access.md).
@@ -43,7 +43,7 @@ In this step, you create an HTTP trigger function API in the Azure portal. The f
     | Setting      | Suggested value  | Description |
     | ------------ | ---------------- | ----------- |
     | **Subscription** | Your subscription | The subscription under which the new function app will be created in. |
-    | **[Resource Group](/azure/azure-resource-manager/management/overview)** |  *myResourceGroup* | Select and existing resource group, or name for the new one in which you'll create your function app. |
+    | **[Resource Group](../../azure-resource-manager/management/overview.md)** |  *myResourceGroup* | Select and existing resource group, or name for the new one in which you'll create your function app. |
     | **Function App name** | Globally unique name | A name that identifies the new function app. Valid characters are `a-z` (case insensitive), `0-9`, and `-`.  |
     |**Publish**| Code | Option to publish code files or a Docker container. For this tutorial, select **Code**. |
     | **Runtime stack** | .NET | Your preferred programming language. For this tutorial, select **.NET**.  |
@@ -549,6 +549,4 @@ To test your custom claim provider, follow these steps:
 
 - Learn more about custom claims providers with the [custom claims provider reference](custom-claims-provider-reference.md) article.
 
-- Learn how to [troubleshoot your custom extensions API](custom-extension-troubleshoot.md).
-
-
+- Learn how to [troubleshoot your custom extensions API](custom-extension-troubleshoot.md).