Merge branch 'master' into fix-quickstart

Author: cebundy

.openpublishing.redirection.azure-productivity.json

@@ -4,6 +4,31 @@
             "source_path_from_root": "/articles/lab-services/classroom-labs-overview.md",
             "redirect_url": "/azure/lab-services/get-started-manage-labs",
             "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/devtest-labs/scripts/add-external-user-to-lab.md",
+          "redirect_url": "/azure/devtest-labs/samples-powershell",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/devtest-labs/scripts/add-marketplace-images-to-lab.md",
+          "redirect_url": "/azure/devtest-labs/samples-powershell",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/devtest-labs/scripts/create-custom-image-from-vhd.md",
+          "redirect_url": "/azure/devtest-labs/samples-powershell",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/devtest-labs/scripts/create-custom-role-in-lab.md",
+          "redirect_url": "/azure/devtest-labs/samples-powershell",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/devtest-labs/scripts/set-allowed-vm-sizes-in-lab.md",
+          "redirect_url": "/azure/devtest-labs/samples-powershell",
+          "redirect_document_id": false
         }
     ]
 }

articles/active-directory-b2c/whats-new-docs.md

@@ -15,6 +15,26 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md).
 
+## January 2022
+
+### Updated articles
+
+- [Tutorial: Secure Hybrid Access to applications with Azure AD B2C and F5 BIG-IP](partner-f5.md)
+- [Set up a force password reset flow in Azure Active Directory B2C](force-password-reset.md)
+- [Boolean claims transformations](boolean-transformations.md)
+- [Date claims transformations](date-transformations.md)
+- [General claims transformations](general-transformations.md)
+- [Integer claims transformations](integer-transformations.md)
+- [JSON claims transformations](json-transformations.md)
+- [Define phone number claims transformations in Azure AD B2C](phone-number-claims-transformations.md)
+- [Social accounts claims transformations](social-transformations.md)
+- [String claims transformations](string-transformations.md)
+- [StringCollection claims transformations](stringcollection-transformations.md)
+- [Billing model for Azure Active Directory B2C](billing.md)
+- [Configure SAML identity provider options with Azure Active Directory B2C](identity-provider-generic-saml-options.md)
+- [About claim resolvers in Azure Active Directory B2C custom policies](claim-resolver-overview.md)
+- [Add AD FS as a SAML identity provider using custom policies in Azure Active Directory B2C](identity-provider-adfs-saml.md)
+
 ## December 2021
 
 ### New articles

articles/active-directory/develop/v2-oauth2-client-creds-grant-flow.md

@@ -54,7 +54,7 @@ This type of authorization is common for daemons and service accounts that need
 
 In order to enable this ACL-based authorization pattern, Azure AD doesn't require that applications be authorized to get tokens for another application. Thus, app-only tokens can be issued without a `roles` claim. Applications that expose APIs must implement permission checks in order to accept tokens.
 
-If you'd like to prevent applications from getting role-less app-only access tokens for your application, [ensure that user assignment requirements are enabled for your app](../manage-apps/what-is-access-management.md#requiring-user-assignment-for-an-app). This will block users and applications without assigned roles from being able to get a token for this application. 
+If you'd like to prevent applications from getting role-less app-only access tokens for your application, [ensure that assignment requirements are enabled for your app](../manage-apps/what-is-access-management.md#requiring-user-assignment-for-an-app). This will block users and applications without assigned roles from being able to get a token for this application. 
 
 ### Application permissions
 
@@ -65,9 +65,9 @@ Instead of using ACLs, you can use APIs to expose a set of **application permiss
 * Send mail as any user
 * Read directory data
 
-To use application permissions with your own API (as opposed to Microsoft Graph), you must first [expose the API](howto-add-app-roles-in-azure-ad-apps.md) by defining scopes in the API's app registration in the Azure portal. Then, [configure access to the API](howto-add-app-roles-in-azure-ad-apps.md#assign-app-roles-to-applications) by selecting those permissions in your client application's app registration. If you haven't exposed any scopes in your API's app registration, you won't be able to specify application permissions to that API in your client application's app registration in the Azure portal.
+To use app roles (application permissions) with your own API (as opposed to Microsoft Graph), you must first [expose the app roles](howto-add-app-roles-in-azure-ad-apps.md) in the API's app registration in the Azure portal. Then, [configure the required app roles](howto-add-app-roles-in-azure-ad-apps.md#assign-app-roles-to-applications) by selecting those permissions in your client application's app registration. If you haven't exposed any app roles in your API's app registration, you won't be able to specify application permissions to that API in your client application's app registration in the Azure portal.
 
-When authenticating as an application (as opposed to with a user), you can't use *delegated permissions* - scopes that are granted by a user - because there is no user for your app to act on behalf of. You must use application permissions, also known as roles, that are granted by an admin for the application or via pre-authorization by the web API.
+When authenticating as an application (as opposed to with a user), you can't use *delegated permissions* because there is no user for your app to act on behalf of. You must use application permissions, also known as app roles, that are granted by an admin or by the API's owner.
 
 For more information about application permissions, see [Permissions and consent](v2-permissions-and-consent.md#permission-types).
 

articles/active-directory/develop/whats-new-docs.md

@@ -6,7 +6,7 @@ services: active-directory
 author: mmacy
 manager: CelesteDG
 
-ms.date: 01/03/2022
+ms.date: 02/01/2022
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -19,6 +19,37 @@ ms.custom: has-adal-ref
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new docs that have been added and those that have had significant updates in the last three months.
 
+## January 2022
+
+### New articles
+
+- [Access Azure AD protected resources from an app in Google Cloud (preview)](workload-identity-federation-create-trust-gcp.md)
+- [Quickstart: Acquire a token and call the Microsoft Graph API by using a console app's identity](console-app-quickstart.md)
+- [Quickstart: Acquire a token and call Microsoft Graph API from a desktop application](desktop-app-quickstart.md)
+- [Quickstart: Add sign-in with Microsoft to a web app](web-app-quickstart.md)
+- [Quickstart: Protect a web API with the Microsoft identity platform](web-api-quickstart.md)
+- [Quickstart: Sign in users and call the Microsoft Graph API from a mobile application](mobile-app-quickstart.md)
+
+### Updated articles
+
+- [Confidential client assertions](msal-net-client-assertions.md)
+- [Claims mapping policy type](reference-claims-mapping-policy-type.md)
+- [Configure an app to trust a GitHub repo (preview)](workload-identity-federation-create-trust-github.md)
+- [Configure an app to trust an external identity provider (preview)](workload-identity-federation-create-trust.md)
+- [Exchange a SAML token issued by AD FS for a Microsoft Graph access token](v2-saml-bearer-assertion.md)
+- [Logging in MSAL.js](msal-logging-js.md)
+- [Permissions and consent in the Microsoft identity platform](v2-permissions-and-consent.md)
+- [Quickstart: Acquire a token and call Microsoft Graph API from a Java console app using app's identity](quickstart-v2-java-daemon.md)
+- [Quickstart: Acquire a token and call Microsoft Graph API from a Python console app using app's identity](quickstart-v2-python-daemon.md)
+- [Quickstart: Add sign-in with Microsoft to a Java web app](quickstart-v2-java-webapp.md)
+- [Quickstart: Add sign-in with Microsoft to a Python web app](quickstart-v2-python-webapp.md)
+- [Quickstart: Add sign-in with Microsoft to an ASP.NET Core web app](quickstart-v2-aspnet-core-webapp.md)
+- [Quickstart: ASP.NET web app that signs in Azure AD users](quickstart-v2-aspnet-webapp.md)
+- [Quickstart: Get a token and call the Microsoft Graph API by using a console app's identity](quickstart-v2-netcore-daemon.md)
+- [Quickstart: Protect an ASP.NET Core web API with the Microsoft identity platform](quickstart-v2-aspnet-core-web-api.md)
+- [Quickstart: Sign in users and call the Microsoft Graph API from an Android app](quickstart-v2-android.md)
+- [Quickstart: Sign in users and call the Microsoft Graph API from an iOS or macOS app](quickstart-v2-ios.md)
+
 ## December 2021
 
 ### New articles
@@ -50,21 +81,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md)
 - [What's new for authentication?](reference-breaking-changes.md)
 
-## October 2021
-
-### New articles
-
-- [Configure an app to trust a GitHub repo (preview)](workload-identity-federation-create-trust-github.md)
-- [Configure an app to trust an external identity provider (preview)](workload-identity-federation-create-trust.md)
-- [Set up your application's Azure AD test environment](test-setup-environment.md)
-- [Throttling and service limits to consider for testing](test-throttle-service-limits.md)
-- [Workload identity federation (preview)](workload-identity-federation.md)
-
-### Updated articles
-
-- [Considerations for using Xamarin iOS with MSAL.NET](msal-net-xamarin-ios-considerations.md)
-- [Handle ITP in Safari and other browsers where third-party cookies are blocked](reference-third-party-cookies-spas.md)
-- [Initialize client applications using MSAL.js](msal-js-initializing-client-applications.md)
-- [Microsoft Graph API](microsoft-graph-intro.md)
-- [Microsoft identity platform and the OAuth 2.0 client credentials flow](v2-oauth2-client-creds-grant-flow.md)
-- [What's new for authentication?](reference-breaking-changes.md)

articles/active-directory/enterprise-users/groups-lifecycle.md

@@ -39,7 +39,7 @@ For information on how to download and install the Azure AD PowerShell cmdlets,
 
 ## Activity-based automatic renewal
 
-With Azure AD intelligence, groups are now automatically renewed based on whether they have been recently used. This feature eliminates the need for manual action by group owners, because it's based on user activity in groups across Microsoft 365 services like Outlook, SharePoint, or Teams. For example, if an owner or a group member does something like upload a document to SharePoint, visit a Teams channel, or send an email to the group in Outlook, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications. The "All Company" group converted in Yammer Native Mode to a Microsoft 365 Group doesn't currently support this type of automatic renewal, and Yammer activities for that group aren't counted as activities.
+With Azure AD intelligence, groups are now automatically renewed based on whether they have been recently used. This feature eliminates the need for manual action by group owners, because it's based on user activity in groups across Microsoft 365 services like Outlook, SharePoint, Teams, or Yammer. For example, if an owner or a group member does something like upload a document to SharePoint, visit a Teams channel, send an email to the group in Outlook, or view a post in Yammer, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications. 
 
 For example, consider an expiration policy that is set so that a group expires after 30 days of inactivity. However, to keep from sending an expiration email the day that group expiration is enabled (because there's no record activity yet), Azure AD first waits five days. If there is activity in those five days, the expiration policy works as expected. If there is no activity within five days, we send an expiration/renewal email. Of course, if the group was inactive for five days, an email was sent, and then the group was active, we will autorenew it and start the expiration period again.
 
@@ -50,6 +50,7 @@ The following user actions cause automatic group renewal:
 - SharePoint: View, edit, download, move, share, or upload files
 - Outlook: Join group, read/write group message from group space, Like a message (in Outlook Web Access)
 - Teams: Visit a Teams channel
+- Yammer: View a post within a Yammer community or an interactive email in Outlook 
 
 ### Auditing and reporting