Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into WI265756-DEASM

Author: ElazarK

.openpublishing.redirection.json

@@ -274,6 +274,12 @@ sections:
 
           * API connectors
           * Conditional Access
+
+      - question: |
+          I am using rolling refresh tokens for my application and I am getting an invalid_grant error on redeeming newly acquired refresh tokens well within their set validity period. Why does this happen? 
+        answer: |
+          While determining validity for rolling refresh tokens, B2C will consider the initial login time of the user in the application also to calculate the token validity skew. If the user haven't logged out of the application for a very long time, this skew value will exceed the validity period of the token and hence for security reasons the tokens will be considered as invalid. Hence the error. Inform the user to perform a proper logout and login back into the application and this should reset the skew. This scenario is not applicable if refresh token rolling is set as infinite rolling.
+             
           
       - question: |
           I've revoked the refresh token using Microsoft Graph invalidateAllRefreshTokens, or Microsoft Graph PowerShell,  Revoke-MgUserSignInSession. Why is Azure AD B2C still accepting the old refresh token?
@@ -286,6 +292,9 @@ sections:
           1. Wait for 10 minutes.
           
           1. Retrieve the `RefreshToken` again.
+
+          > [!TIP]
+          > With Azure AD B2C [custom policy](custom-policy-overview.md), you can reduce the above mentioned skew time of 5 minutes (300000 milliseconds)  by adjusting the value for InputParameter "TreatAsEqualIfWithinMillseconds" under claim transformation Id "AssertRefreshTokenIssuedLaterThanValidFromDate". This claim transformation can be found in the TrustFrameworkBase.xml file under latest custom policy [stater-pack](https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#get-the-starter-pack). 
           
       - question: |
          I use multiple tabs in a web browser to sign in to multiple applications that I registered in the same Azure AD B2C tenant. When I try to perform a single sign-out, not all of the applications are signed out. Why does this happen? 

articles/active-directory-b2c/faq.yml

@@ -23,7 +23,7 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag.
+With Azure Active Directory B2C (Azure AD B2C) [HTML templates](customize-ui-with-html.md), you can craft your users' identity experiences. Your HTML templates can contain only certain HTML tags and attributes. Basic HTML tags, such as &lt;b&gt;, &lt;i&gt;, &lt;u&gt;, &lt;h1&gt;, and &lt;hr&gt; are allowed. More advanced tags such as &lt;script&gt;, and &lt;iframe&gt; are removed for security reasons but the `<script>` tag should be added in the `<head>` tag. From selfasserted page layout version 2.1.21 / unifiedssp version 2.1.10 / multifactor version 1.2.10 onwards B2C doesn't support adding scripts in `<body>` tag (as this can pose a risk for cross site scripting attack). Migrating existing scripts from `<body>` to `<head>` may at-times require rewriting existing scripts with mutation observers for proper working.
 
 The `<script>` tag should be added in the `<head>` tag in two ways:  
 

articles/active-directory-b2c/javascript-and-page-layout.md

@@ -220,6 +220,7 @@ You can also call a REST API technical profile with your business logic, overwri
 | IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
 |setting.forgotPasswordLinkOverride <sup>4</sup>| No | A password reset claims exchange to be executed. For more information, see [Self-service password reset](add-password-reset-policy.md). |
 | setting.enableCaptchaChallenge | No | Specifies whether CAPTCHA challenge code should be displayed. Possible values: `true` , or `false` (default). For this setting to work, the [CAPTCHA display control]() must be referenced in the [display claims](#display-claims) of the self-asserted technical profile. CAPTCHA feature is in **public preview**.|
+| setting.showHeading | No | Specifies whether **User Details** heading element should be visible. Possible values: `true` (default), or `false`.|
 
 Notes:
 

articles/active-directory-b2c/self-asserted-technical-profile.md

@@ -12,15 +12,16 @@ ms.date: 11/06/2023
 
 # Tutorial: Detect liveness in faces
 
-Face Liveness detection can be used to determine if a face in an input video stream is real (live) or fake (spoof). It is a crucial building block in a biometric authentication system to prevent spoofing attacks from imposters trying to gain access to the system using a photograph, video, mask, or other means to impersonate another person.
+Face Liveness detection can be used to determine if a face in an input video stream is real (live) or fake (spoofed). It's an important building block in a biometric authentication system to prevent imposters from gaining access to the system using a photograph, video, mask, or other means to impersonate another person.
 
-The goal of liveness detection is to ensure that the system is interacting with a physically present live person at the time of authentication. Such systems have become increasingly important with the rise of digital finance, remote access control, and online identity verification processes.
+The goal of liveness detection is to ensure that the system is interacting with a physically present live person at the time of authentication. Such systems are increasingly important with the rise of digital finance, remote access control, and online identity verification processes.
 
-The liveness detection solution successfully defends against various spoof types ranging from paper printouts, 2d/3d masks, and spoof presentations on phones and laptops. Liveness detection is an active area of research, with continuous improvements being made to counteract increasingly sophisticated spoofing attacks over time. Continuous improvements will be rolled out to the client and the service components over time as the overall solution gets more robust to new types of attacks.
+The Azure AI Face liveness detection solution successfully defends against various spoof types ranging from paper printouts, 2d/3d masks, and spoof presentations on phones and laptops. Liveness detection is an active area of research, with continuous improvements being made to counteract increasingly sophisticated spoofing attacks over time. Continuous improvements will be rolled out to the client and the service components over time as the overall solution gets more robust to new types of attacks.
 
 [!INCLUDE [liveness-sdk-gate](../includes/liveness-sdk-gate.md)]
 
 
+
 ## Introduction
 
 The liveness solution integration involves two distinct components: a frontend mobile/web application and an app server/orchestrator.
@@ -33,16 +34,14 @@ The liveness solution integration involves two distinct components: a frontend m
 Additionally, we combine face verification with liveness detection to verify whether the person is the specific person you designated. The following table help describe details of the liveness detection features:
 
 | Feature | Description |
-| -- | -- |
+| -- |--|
 | Liveness detection | Determine an input is real or fake, and only the app server has the authority to start the liveness check and query the result. |
 | Liveness detection with face verification | Determine an input is real or fake and verify the identity of the person based on a reference image you provided. Either the app server or the frontend application can provide a reference image. Only the app server has the authority to initial the liveness check and query the result. |
 
-
-## Get started
-
 This tutorial demonstrates how to operate a frontend application and an app server to perform [liveness detection](#perform-liveness-detection) and [liveness detection with face verification](#perform-liveness-detection-with-face-verification) across various language SDKs.
 
-### Prerequisites
+
+## Prerequisites
 
 - Azure subscription - [Create one for free](https://azure.microsoft.com/free/cognitive-services/)
 - Your Azure account must have a **Cognitive Services Contributor** role assigned in order for you to agree to the responsible AI terms and create a resource. To get this role assigned to your account, follow the steps in the [Assign roles](/azure/role-based-access-control/role-assignments-steps) documentation, or contact your administrator. 
@@ -51,32 +50,32 @@ This tutorial demonstrates how to operate a frontend application and an app serv
     - You can use the free pricing tier (`F0`) to try the service, and upgrade later to a paid tier for production.
 - Access to the Azure AI Vision Face Client SDK for mobile (IOS and Android) and web. To get started, you need to apply for the [Face Recognition Limited Access features](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xUQjA5SkYzNDM4TkcwQzNEOE1NVEdKUUlRRCQlQCN0PWcu) to get access to the SDK. For more information, see the [Face Limited Access](/legal/cognitive-services/computer-vision/limited-access-identity?context=%2Fazure%2Fcognitive-services%2Fcomputer-vision%2Fcontext%2Fcontext) page.
 
-### Setup frontend applications and app servers to perform liveness detection
+## Set up frontend applications and app servers to perform liveness detection
 
-We provide SDKs in different languages for frontend applications and app servers. See the following instructions to setup your frontend applications and app servers.
+We provide SDKs in different languages for frontend applications and app servers. See the following instructions to set up your frontend applications and app servers.
 
-#### Integrate liveness into frontend application
+### Download SDK for frontend application
 
-Once you have access to the SDK, follow instruction in the [azure-ai-vision-sdk](https://github.com/Azure-Samples/azure-ai-vision-sdk) GitHub repository to integrate the UI and the code into your native mobile application. The liveness SDK supports Java/Kotlin for Android mobile applications, Swift for iOS mobile applications and JavaScript for web applications:
+Once you have access to the SDK, follow instructions in the [azure-ai-vision-sdk](https://github.com/Azure-Samples/azure-ai-vision-sdk) GitHub repository to integrate the UI and the code into your native mobile application. The liveness SDK supports Java/Kotlin for Android mobile applications, Swift for iOS mobile applications and JavaScript for web applications:
 - For Swift iOS, follow the instructions in the [iOS sample](https://aka.ms/azure-ai-vision-face-liveness-client-sdk-ios-readme) 
 - For Kotlin/Java Android, follow the instructions in the [Android sample](https://aka.ms/liveness-sample-java) 
 - For JavaScript Web, follow the instructions in the [Web sample](https://aka.ms/liveness-sample-web) 
 
-Once you've added the code into your application, the SDK handles starting the camera, guiding the end-user to adjust their position, composing the liveness payload, and calling the Azure AI Face cloud service to process the liveness payload.
+Once you've added the code into your application, the SDK handles starting the camera, guiding the end-user in adjusting their position, composing the liveness payload, and calling the Azure AI Face cloud service to process the liveness payload.
 
-#### Download Azure AI Face client library for an app server
+### Download Azure AI Face client library for app server
 
 The app server/orchestrator is responsible for controlling the lifecycle of a liveness session. The app server has to create a session before performing liveness detection, and then it can query the result and delete the session when the liveness check is finished. We offer a library in various languages for easily implementing your app server. Follow these steps to install the package you want:
 - For C#, follow the instructions in the [dotnet readme](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/face/Azure.AI.Vision.Face/README.md)
 - For Java, follow the instructions in the [Java readme](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/face/azure-ai-vision-face/README.md)
 - For Python, follow the instructions in the [Python readme](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/face/azure-ai-vision-face/README.md)
 - For JavaScript, follow the instructions in the [JavaScript readme](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/face/ai-vision-face-rest/README.md)
 
-##### Create environment variables
+#### Create environment variables
 
 [!INCLUDE [create environment variables](../includes/face-environment-variables.md)]
 
-### Perform liveness detection
+## Perform liveness detection
 
 The high-level steps involved in liveness orchestration are illustrated below:  
 
@@ -229,7 +228,7 @@ The high-level steps involved in liveness orchestration are illustrated below:
 
     ---
 
-1. The SDK then starts the camera, guides the user to position correctly and then prepares the payload to call the liveness detection service endpoint. 
+1. The SDK then starts the camera, guides the user to position correctly, and then prepares the payload to call the liveness detection service endpoint. 
 
 1. The SDK calls the Azure AI Vision Face service to perform the liveness detection. Once the service responds, the SDK notifies the frontend application that the liveness check has been completed.
 
@@ -407,7 +406,7 @@ The high-level steps involved in liveness orchestration are illustrated below:
 
     ---
 
-### Perform liveness detection with face verification
+## Perform liveness detection with face verification
 
 Combining face verification with liveness detection enables biometric verification of a particular person of interest with an added guarantee that the person is physically present in the system. 
 There are two parts to integrating liveness with verification:
@@ -416,15 +415,15 @@ There are two parts to integrating liveness with verification:
 
 :::image type="content" source="../media/liveness/liveness-verify-diagram.jpg" alt-text="Diagram of the liveness-with-face-verification workflow of Azure AI Face." lightbox="../media/liveness/liveness-verify-diagram.jpg":::
 
-#### Select a good reference image
+### Select a good reference image
 
 Use the following tips to ensure that your input images give the most accurate recognition results.
 
-##### Technical requirements:
+#### Technical requirements
 [!INCLUDE [identity-input-technical](../includes/identity-input-technical.md)]
 * You can utilize the `qualityForRecognition` attribute in the [face detection](../how-to/identity-detect-faces.md) operation when using applicable detection models as a general guideline of whether the image is likely of sufficient quality to attempt face recognition on. Only `"high"` quality images are recommended for person enrollment and quality at or above `"medium"` is recommended for identification scenarios.
 
-##### Composition requirements:
+#### Composition requirements
 - Photo is clear and sharp, not blurry, pixelated, distorted, or damaged.
 - Photo is not altered to remove face blemishes or face appearance.
 - Photo must be in an RGB color supported format (JPEG, PNG, WEBP, BMP). Recommended Face size is 200 pixels x 200 pixels. Face sizes larger than 200 pixels x 200 pixels will not result in better AI quality, and no larger than 6 MB in size.
@@ -436,7 +435,7 @@ Use the following tips to ensure that your input images give the most accurate r
 - Background should be uniform and plain, free of any shadows.
 - Face should be centered within the image and fill at least 50% of the image.
 
-#### Set up the orchestration of liveness with verification.
+### Set up the orchestration of liveness with verification.
 
 The high-level steps involved in liveness with verification orchestration are illustrated below:
 1. Providing the verification reference image by either of the following two methods:
@@ -801,7 +800,7 @@ The high-level steps involved in liveness with verification orchestration are il
 
     ---
 
-### Clean up resources
+## Clean up resources
 
 If you want to clean up and remove an Azure AI services subscription, you can delete the resource or resource group. Deleting the resource group also deletes any other resources associated with it.
 

articles/ai-services/computer-vision/Tutorials/liveness.md

@@ -247,8 +247,6 @@ Begin by going to [Vision Studio](https://portal.vision.cognitive.azure.com/) an
 
 Then, sign in with your Azure account and select your Vision resource. If you don't have one, you can create one from this screen.
 
-> [!IMPORTANT]
-> To train a custom model in Vision Studio, your Azure subscription needs to be approved for access. Please request access using [this form](https://aka.ms/visionaipublicpreview).
 
 :::image type="content" source="../media/customization/select-resource.png" alt-text="Screenshot of the select resource screen.":::
 

articles/ai-services/computer-vision/how-to/model-customization.md

@@ -38,7 +38,7 @@ This documentation contains the following types of articles:
 * The [quickstarts](./quickstarts-sdk/identity-client-library.md) are step-by-step instructions that let you make calls to the service and get results in a short period of time. 
 * The [how-to guides](./how-to/identity-detect-faces.md) contain instructions for using the service in more specific or customized ways.
 * The [conceptual articles](./concept-face-detection.md) provide in-depth explanations of the service's functionality and features.
-* The [tutorials](./enrollment-overview.md) are longer guides that show you how to use this service as a component in broader business solutions.
+* The [tutorials](./Tutorials/liveness.md) are longer guides that show you how to use this service as a component in broader business solutions.
 
 For a more structured approach, follow a Training module for Face.
 * [Detect and analyze faces with the Face service](/training/modules/detect-analyze-faces/)

articles/ai-services/computer-vision/media/liveness/liveness-diagram.jpg

@@ -332,7 +332,7 @@ items:
         href: identity-encrypt-data-at-rest.md
   - name: Tutorials
     items:
-    - name: Detect liveness in face
+    - name: Detect liveness in faces
       href: Tutorials/liveness.md
     - name: Add users to a Face identification app
       href: Tutorials/build-enrollment-app.md