Merge pull request #240182 from MicrosoftDocs/main

6/02 AM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -10285,6 +10285,21 @@
       "redirect_url": "/azure/active-directory/fundamentals/what-is-deprecated",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad.md",
+      "redirect_url": "/azure/active-directory/fundamentals/compare",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-ops-guide-auth.md",
+      "redirect_url": "/azure/active-directory/fundamentals/ops-guide-auth",
+      "redirect_document_id": true
+    },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/active-directory-ops-guide-govern.md",
+      "redirect_url": "/azure/active-directory/fundamentals/ops-guide-govern",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/saas-apps/clarizen-provisioning-tutorial.md",
       "redirect_url": "/azure/active-directory/saas-apps/tutorial-list",

README.md

@@ -1,6 +1,6 @@
 # Microsoft Azure Documentation
 
-Welcome to the open-source [documentation](/azure) of [Microsoft Azure](https://azure.microsoft.com). Please review this README file to understand how you can assist in contributing to the Microsoft Azure documentation. 
+Welcome to the open-source [documentation](https://learn.microsoft.com/azure/?product=popular) of [Microsoft Azure](https://azure.microsoft.com). Please review this README file to understand how you can assist in contributing to the Microsoft Azure documentation. 
 
 ## Getting Started
 

articles/active-directory/develop/whats-new-docs.md

@@ -5,7 +5,7 @@ services: active-directory
 author: henrymbuguakiarie
 manager: CelesteDG
 
-ms.date: 05/02/2023
+ms.date: 06/02/2023
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
@@ -18,6 +18,36 @@ ms.custom: has-adal-ref
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new docs that have been added and those that have had significant updates in the last three months.
 
+## May 2023
+
+### New articles
+
+- [Access token claims reference](access-token-claims-reference.md)
+- [Directory extension attributes in claims](schema-extensions.md)
+- [Provide optional claims to your app](optional-claims.md)
+
+### Updated articles
+
+- [Application and service principal objects in Azure Active Directory](app-objects-and-service-principals.md)
+- [What's new for authentication?](reference-breaking-changes.md)
+- [A web app that calls web APIs: Acquire a token for the app](scenario-web-app-call-api-acquire-token.md)
+- [A web app that calls web APIs: Code configuration](scenario-web-app-call-api-app-configuration.md)
+- [A web app that calls web APIs: Call a web API](scenario-web-app-call-api-call-api.md)
+- [A web API that calls web APIs: Acquire a token for the app](scenario-web-api-call-api-acquire-token.md)
+- [A web API that calls web APIs: Code configuration](scenario-web-api-call-api-app-configuration.md)
+- [A web API that calls web APIs: Call an API](scenario-web-api-call-api-call-api.md)
+- [Confidential client assertions](msal-net-client-assertions.md)
+- [Customize claims issued in the JSON web token (JWT) for enterprise applications (Preview)](jwt-claims-customization.md)
+- [Customize claims issued in the SAML token for enterprise applications](saml-claims-customization.md)
+- [Desktop app that calls web APIs: Acquire a token by using WAM](scenario-desktop-acquire-token-wam.md)
+- [Desktop app that calls web APIs: Acquire a token interactively](scenario-desktop-acquire-token-interactive.md)
+- [Handle errors and exceptions in MSAL for Python](msal-error-handling-python.md)
+- [Protected web API: Code configuration](scenario-protected-web-api-app-configuration.md)
+- [Shared device mode for iOS devices](msal-ios-shared-devices.md)
+- [Tutorial: Sign in users and call the Microsoft Graph API from an Android application](tutorial-v2-android.md)
+- [Tutorial: Sign in users and call the Microsoft Graph API from an Angular single-page application (SPA) using auth code flow](tutorial-v2-angular-auth-code.md)
+- [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md)
+
 ## April 2023
 
 ### New articles
@@ -66,17 +96,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Token cache serialization in MSAL.NET](msal-net-token-cache-serialization.md)
 - [Troubleshoot publisher verification](troubleshoot-publisher-verification.md)
 - [Tutorial: Call the Microsoft Graph API from a Universal Windows Platform (UWP) application](tutorial-v2-windows-uwp.md)
-
-## February 2023
-
-### New articles
-
-- [Frequently asked questions about workload identities license plans](workload-identities-faqs.md)
-
-### Updated articles
-
-- [Configure the role claim issued in the SAML token](active-directory-enterprise-app-role-management.md)
-- [Microsoft identity platform and the OAuth 2.0 client credentials flow](v2-oauth2-client-creds-grant-flow.md)
-- [Overview of shared device mode](msal-shared-devices.md)
-- [Run automated integration tests](test-automate-integration-testing.md)
-- [Tutorial: Sign in users and call Microsoft Graph in Windows Presentation Foundation (WPF) desktop app](tutorial-v2-windows-desktop.md)

articles/active-directory/external-identities/customers/concept-supported-features-customers.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: ciam
 ms.topic: conceptual
-ms.date: 05/17/2023
+ms.date: 05/31/2023
 ms.author: mimart
 ms.custom: it-pro
 
@@ -34,7 +34,7 @@ Although workforce tenants and customer tenants are built on the same underlying
 |Feature  |Workforce tenant  | Customer tenant |
 |---------|---------|---------|
 | **External Identities** | Invite partners and other external users to your workforce tenant for collaboration. External users become guests in your workforce directory. | Enable self-service sign-up for customers and authorize access to apps. Users are added to your directory as customer accounts.  |
-| **Available identity providers** | - Azure AD accounts </br>- Microsoft accounts </br>- Email one-time passcode </br>- Google </br>- Facebook </br>- SAML/WS-Fed federation | - Local accounts </br>- Azure AD accounts </br>- Microsoft accounts </br>- Email one-time passcode </br>- Google </br>- Facebook |
+| **Authentication methods and identity providers** | - Azure AD accounts </br>- Microsoft accounts </br>- Email one-time passcode </br>- Google federation</br>- Facebook federation</br>- SAML/WS-Fed federation | - Local account (Email and password)  </br>- Email one-time passcode </br>- Google federation</br>- Facebook federation|
 | **Groups** | [Groups](../../fundamentals/active-directory-groups-create-azure-portal.md) can be used to manage administrative and user accounts.| Groups can be used to manage administrative accounts. Support for Azure AD groups and [application roles](how-to-use-app-roles-customers.md) is being phased into customer tenants. For the latest updates, see [Groups and application roles support](reference-group-app-roles-support.md). |
 | **Roles and administrators**| [Roles and administrators](../../fundamentals/active-directory-users-assign-role-azure-portal.md) are fully supported for administrative and user accounts. | Roles aren't supported with customer accounts. Customer accounts don't have access to tenant resources.|
 | **Custom domain names** |  You can use [custom domains](../../fundamentals/add-custom-domain.md) for administrative accounts only. | Not currently supported. However, the URLs visible to customers in sign-up and sign-in pages are neutral, unbranded URLs. [Learn more](concept-branding-customers.md)|

articles/active-directory/fundamentals/active-directory-ops-guide-iam.md

@@ -89,7 +89,7 @@ Azure AD Connect plays a key role in the provisioning process. If the Sync Serve
 
 If your organization is lacking a disaster recovery and failover strategy for Sync, you shouldn't hesitate to deploy Azure AD Connect in Staging Mode. Likewise, if there is a mismatch between your production and staging configuration, you should re-baseline Azure AD Connect staging mode to match the production configuration, including software versions and configurations.
 
-![A screenshot of Azure AD Connect staging mode configuration](./media/active-directory-ops-guide/active-directory-ops-img1.png)
+![A screenshot of Azure AD Connect staging mode configuration](./media/ops-guide-auth/ops-img1.png)
 
 #### Stay current
 
@@ -153,7 +153,7 @@ Use the following guidelines to define service plans to users:
 > [!IMPORTANT]
 > Group-based licensing in Azure AD introduces the concept of users in a licensing error state. If you notice any licensing errors, then you should immediately [identify and resolve](../enterprise-users/licensing-groups-resolve-problems.md) any license assignment problems.
 
-![A screenshot of a computer screen Description automatically generated](./media/active-directory-ops-guide/active-directory-ops-img2.png)
+![A screenshot of a computer screen Description automatically generated](./media/ops-guide-auth/ops-img2.png)
 
 #### Lifecycle management
 
@@ -172,7 +172,7 @@ Resource owners may believe that the **All users** group contains only **Enterpr
 
 If you are currently provisioning apps in an ad-hoc manner or using things like CSV files, JIT, or an on-premises solution that does not address lifecycle management, we recommend you [implement application provisioning](../app-provisioning/user-provisioning.md#how-do-i-set-up-automatic-provisioning-to-an-application) with Azure AD for supported applications and define a consistent pattern for applications that aren't yet supported by Azure AD.
 
-![Azure AD provisioning service](./media/active-directory-ops-guide/active-directory-ops-img3.png)
+![Azure AD provisioning service](./media/ops-guide-auth/ops-img3.png)
 
 ### Azure AD Connect delta sync cycle baseline
 
@@ -197,4 +197,4 @@ There are five aspects to a secure Identity infrastructure. This list will help
 
 ## Next steps
 
-Get started with the [Authentication management checks and actions](active-directory-ops-guide-auth.md).
+Get started with the [Authentication management checks and actions](ops-guide-auth.md).

articles/active-directory/fundamentals/active-directory-ops-guide-intro.md

@@ -18,8 +18,8 @@ ms.author: martinco
 This operations reference guide describes the checks and actions you should take to secure and maintain the following areas:
 
 - **[Identity and access management](active-directory-ops-guide-iam.md)** - ability to manage the lifecycle of identities and their entitlements.
-- **[Authentication management](active-directory-ops-guide-auth.md)** - ability to manage credentials, define authentication experience, delegate assignment, measure usage, and define access policies based on enterprise security posture.
-- **[Governance](active-directory-ops-guide-govern.md)** - ability to assess and attest the access granted non-privileged and privileged identities, audit, and control changes to the environment.
+- **[Authentication management](ops-guide-auth.md)** - ability to manage credentials, define authentication experience, delegate assignment, measure usage, and define access policies based on enterprise security posture.
+- **[Governance](ops-guide-govern.md)** - ability to assess and attest the access granted non-privileged and privileged identities, audit, and control changes to the environment.
 - **[Operations](active-directory-ops-guide-ops.md)** - optimize the operations Azure Active Directory (Azure AD).
 
 Some recommendations here might not be applicable to all customers’ environment, for example, AD FS best practices might not apply if your organization uses password hash sync.

articles/active-directory/fundamentals/active-directory-ops-guide-ops.md

@@ -70,7 +70,7 @@ Unless one has been established, you should define a process to upgrade these co
 
 Organizations should deploy [Azure AD Connect Health](../hybrid/whatis-azure-ad-connect.md#what-is-azure-ad-connect-health) for monitoring and reporting of Azure AD Connect and AD FS. Azure AD Connect and AD FS are critical components that can break lifecycle management and authentication and therefore lead to outages. Azure AD Connect Health helps monitor and gain insights into your on-premises identity infrastructure thus ensuring the reliability of your environment.
 
-![Azure AD Connect Heath architecture](./media/active-directory-ops-guide/active-directory-ops-img16.png)
+![Azure AD Connect Heath architecture](./media/ops-guide-auth/ops-img16.png)
 
 As you monitor the health of your environment, you must immediately address any high severity alerts, followed by lower severity alerts.
 
@@ -113,7 +113,7 @@ The [identity secure score](./identity-secure-score.md) provides a quantifiable
 - Plan identity security improvements
 - Review the success of your improvements
 
-![Secure score](./media/active-directory-ops-guide/active-directory-ops-img17.png)
+![Secure score](./media/ops-guide-auth/ops-img17.png)
 
 If your organization currently has no program in place to monitor changes in Identity Secure Score, it is recommended you implement a plan and assign owners to monitor and drive improvement actions. Organizations should remediate improvement actions with a score impact higher than 30 as soon as possible.
 
@@ -156,7 +156,9 @@ If AD FS is only used for Azure AD federation, there are some endpoints that can
 
 Organizations should lock down access to the machines with on-premises hybrid components in the same way as your on-premises domain. For example, a backup operator or Hyper-V administrator should not be able to log in to the Azure AD Connect Server to change rules.
 
-The Active Directory administrative tier model was designed to protect identity systems using a set of buffer zones between full control of the Environment (Tier 0) and the high-risk workstation assets that attackers frequently compromise. ![Diagram showing the three layers of the Tier model](./media/active-directory-ops-guide/active-directory-ops-img18.png)
+The Active Directory administrative tier model was designed to protect identity systems using a set of buffer zones between full control of the Environment (Tier 0) and the high-risk workstation assets that attackers frequently compromise.
+
+![Diagram showing the three layers of the Tier model](./media/ops-guide-auth/ops-img18.png)
 
 The [tier model](/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material) is composed of three levels and only includes administrative accounts, not standard user accounts.
 

articles/active-directory/fundamentals/active-directory-whatis.md

@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 
 Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD enables your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization. To learn how to create a tenant, see [Quickstart: Create a new tenant in Azure Active Directory](active-directory-access-create-new-tenant.md).
 
-To learn the differences between Active Directory and Azure Active Directory, see [Compare Active Directory to Azure Active Directory](active-directory-compare-azure-ad-to-ad.md). You can also refer [Microsoft Cloud for Enterprise Architects Series](/microsoft-365/solutions/cloud-architecture-models) posters to better understand the core identity services in Azure like Azure AD and Microsoft-365.
+To learn the differences between Active Directory and Azure Active Directory, see [Compare Active Directory to Azure Active Directory](compare.md). You can also refer [Microsoft Cloud for Enterprise Architects Series](/microsoft-365/solutions/cloud-architecture-models) posters to better understand the core identity services in Azure like Azure AD and Microsoft-365.
 
 ## Who uses Azure AD?