Merge pull request #213604 from kengaderdus/default-tenat-size

[Azure AD B2C] Directory size for B2C Tenants

Author: prmerger-automator[bot]

articles/active-directory-b2c/best-practices.md

@@ -39,6 +39,8 @@ Define your application and service architecture, inventory current systems, and
 | Usability vs. security | Your solution must strike the right balance between application usability and your organization's acceptable level of risk. |
 | Move on-premises dependencies to the cloud | To help ensure a resilient solution, consider moving existing application dependencies to the cloud. |
 | Migrate existing apps to b2clogin.com | The deprecation of login.microsoftonline.com will go into effect for all Azure AD B2C tenants on 04 December 2020. [Learn more](b2clogin.md). |
+| Use Identity Protection and Conditional Access | Use these capabilities for significantly greater control over risky authentications and access policies. Azure AD B2C Premium P2 is required. [Learn more](conditional-access-identity-protection-overview.md). |
+|Tenant size | You need to plan with Azure AD B2C tenant size in mind. By default, Azure AD B2C tenant can accommodate 1.25 million objects (user accounts and applications). You can increase this limit to 5.25 million objects by adding a custom domain to your tenant, and verifying it. If you need a bigger tenant size, you need to contact [Support](find-help-open-support-ticket.md).|
 | Use Identity Protection and Conditional Access | Use these capabilities for greater control over risky authentications and access policies. Azure AD B2C Premium P2 is required. [Learn more](conditional-access-identity-protection-overview.md). |
 
 ## Implementation
@@ -86,5 +88,6 @@ Stay up to date with the state of the service and find support options.
 | Best practice | Description |
 |--|--|
 | [Service updates](https://azure.microsoft.com/updates/?product=active-directory-b2c) |  Stay up to date with Azure AD B2C product updates and announcements. |
-| [Microsoft Support](support-options.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
+| [Microsoft Support](find-help-open-support-ticket.md) | File a support request for Azure AD B2C technical issues. Billing and subscription management support is provided at no cost. |
 | [Azure status](https://azure.status.microsoft/status) | View the current health status of all Azure services. |
+

articles/active-directory-b2c/custom-domain.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 07/26/2022
+ms.date: 11/3/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -20,7 +20,11 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). Using a custom domain with your application provides a more seamless user experience. From the user's perspective, they remain in your domain during the sign in process rather than redirecting to the Azure AD B2C default domain *<tenant-name>.b2clogin.com*.
+This article describes how to enable custom domains in your redirect URLs for Azure Active Directory B2C (Azure AD B2C). By using a verified custom domain, you've benefits such as: 
+
+- It provides a more seamless user experience. From the user's perspective, they remain in your domain during the sign in process rather than redirecting to the Azure AD B2C default domain *<tenant-name>.b2clogin.com*.
+
+- You increase the number of objects (user accounts and applications) you can create in your Azure AD B2C tenant from the default 1.25 million to 5.25 million. 
 
 ![Screenshot demonstrates an Azure AD B2C custom domain user experience.](./media/custom-domain/custom-domain-user-experience.png)
 

articles/active-directory-b2c/faq.yml

@@ -43,7 +43,10 @@ sections:
           In an Azure AD B2C tenant, most apps want the user to sign-in with any arbitrary email address (for example, [email protected], [email protected], [email protected], or [email protected]). This type of account is a local account. We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types when configuring identity providers for Azure AD B2C in the Azure portal. In your Azure AD B2C tenant, select **Identity providers**, select **Local account**, and then select **Username**.
           
           User accounts for applications can be created through a sign-up user flow, sign-up or sign-in user flow, the Microsoft Graph API, or in the Azure portal.
-          
+      - question: |
+          How many users can an Azure AD B2C tenant accommodate?
+        answer: |
+          - By default, each tenant can accommodate a total of **1.25 million** objects (user accounts and applications), but you can increase this limit to **5.25 million** objects when you [add and verify a custom domain](custom-domain.md). If you want to increase this limit, please contact [Microsoft Support](find-help-open-support-ticket.md). However, if you created your tenant before **September 2022**, this limit doesn't affect you, and your tenant will retain the size allocated to it at creation, that's, **50 million** objects. 
       - question: |
           Which social identity providers do you support now? Which ones do you plan to support in the future?
         answer: |

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 03/03/2022
+ms.date: 11/3/2022
 ms.custom: "project-no-code, ignite-fall-2021, b2c-support"
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -26,7 +26,7 @@ Watch this video to learn about Azure AD B2C user migration using Microsoft Grap
 
 ## Prerequisites
 
-To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Manage Azure AD B2C with Microsoft Graph](microsoft-graph-get-started.md) article to create an application registration that your management application can use. 
+- To use MS Graph API, and interact with resources in your Azure AD B2C tenant, you need an application registration that grants the permissions to do so. Follow the steps in the [Register a Microsoft Graph application](microsoft-graph-get-started.md) article to create an application registration that your management application can use. 
 
 ## User management
 > [!NOTE]
@@ -162,6 +162,25 @@ For user flows, these extension properties are [managed by using the Azure porta
 > [!NOTE]
 > In Azure AD, directory extensions are managed through the [extensionProperty resource type](/graph/api/resources/extensionproperty) and its associated methods. However, because they are used in B2C through the `b2c-extensions-app` app which should not be updated, they are managed in Azure AD B2C using the [identityUserFlowAttribute resource type](/graph/api/resources/identityuserflowattribute) and its associated methods.
 
+## Tenant usage 
+
+Use the [Get organization details](/graph/api/organization-get) API to get your directory size quota. You need to add the `$select` query parameter as shown in the following HTTP request:
+
+```http
+    GET https://graph.microsoft.com/v1.0/organization/organization-id?$select=directorySizeQuota
+``` 
+Replace `organization-id` with your organization or tenant ID. 
+
+The response to the above request looks similar to the following JSON snippet:
+
+```json
+{
+    "directorySizeQuota": {
+        "used": 156,
+        "total": 1250000
+    }
+}
+``` 
 ## Audit logs
 
 - [List audit logs](/graph/api/directoryaudit-list)

articles/active-directory-b2c/service-limits.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/01/2022
+ms.date: 12/29/2022
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 ---
@@ -164,6 +164,8 @@ The following table lists the administrative configuration limits in the Azure A
 |Number of sign-out URLs per application        |1          |
 |String Limit per Attribute      |250 Chars          |
 |Number of B2C tenants per subscription      |20         |
+|Total number of objects (user accounts and applications) per tenant (default limit)|1.25 million |
+|Total number of objects (user accounts and applications) per tenant (using a verified custom domain)|5.25 million |
 |Levels of [inheritance](custom-policy-overview.md#inheritance-model) in custom policies     |10         |
 |Number of policies per Azure AD B2C tenant (user flows + custom policies)     |200          |
 |Maximum policy file size      |1024 KB          |

articles/active-directory-b2c/tenant-management.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/24/2022
+ms.date: 12/29/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -238,7 +238,11 @@ To get your Azure AD B2C tenant ID, follow these steps:
 1. In the Azure portal, search for and select **Azure Active Directory**.
 1. In the **Overview**, copy the **Tenant ID**.
 
-![Screenshot demonstrates how to get the Azure AD B2C tenant ID.](./media/tenant-management/get-azure-ad-b2c-tenant-id.png)  
+![Screenshot demonstrates how to get the Azure AD B2C tenant ID.](./media/tenant-management/get-azure-ad-b2c-tenant-id.png) 
+
+## Get your tenant usage
+
+You can read your Azure AD B2C's total directory size, and how much of it is in use. To do so, follow the steps in [Get tenant usage by using Microsoft Graph API](microsoft-graph-operations.md#tenant-usage).
 
 ## Next steps
 

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 07/12/2022
+ms.date: 11/3/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -18,11 +18,6 @@ ms.custom: "b2c-support"
 
 Before your applications can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. 
 
-> [!NOTE]
-> You can create up to 20 tenants per subscription. This limit helps protect against threats to your resources, such as denial-of-service attacks, and is enforced in both the Azure portal and the underlying tenant creation API. If you need to create more than 20 tenants, please contact [Microsoft Support](support-options.md).
-> 
-> If you want to reuse a tenant name that you previously tried to delete, but you see the error "Already in use by another directory" when you enter the domain name, you'll need to [follow these steps to fully delete the tenant first](./faq.yml?tabs=app-reg-ga#how-do-i-delete-my-azure-ad-b2c-tenant-). A role of at least Subscription Administrator is required. After deleting the tenant, you might also need to sign out and sign back in before you can reuse the domain name.
-
 In this article, you learn how to:
 
 > [!div class="checklist"]
@@ -31,7 +26,13 @@ In this article, you learn how to:
 > * Switch to the directory containing your Azure AD B2C tenant
 > * Add the Azure AD B2C resource as a **Favorite** in the Azure portal
 
-You learn how to register an application in the next tutorial.
+Before you create you Azure AD B2C, you need to take the following considerations into account: 
+
+- You can create up to **20** tenants per subscription. This limit help protect against threats to your resources, such as denial-of-service attacks, and is enforced in both the Azure portal and the underlying tenant creation API. If you want to increase this limit, please contact [Microsoft Support](find-help-open-support-ticket.md). 
+
+- By default, each tenant can accommodate a total of **1.25 million** objects (user accounts and applications), but you can increase this limit to **5.25 million** objects when you add and verify a custom domain. If you want to increase this limit, please contact [Microsoft Support](find-help-open-support-ticket.md). However, if you created your tenant before **September 2022**, this limit doesn't affect you, and your tenant will retain the size allocated to it at creation, that's, **50 million** objects. 
+
+- If you want to reuse a tenant name that you previously tried to delete, but you see the error "Already in use by another directory" when you enter the domain name, you'll need to [follow these steps to fully delete the tenant first](./faq.yml?tabs=app-reg-ga#how-do-i-delete-my-azure-ad-b2c-tenant-). A role of at least *Subscription Administrator* is required. After deleting the tenant, you might also need to sign out and sign back in before you can reuse the domain name.
 
 ## Prerequisites
 
@@ -66,7 +67,8 @@ You learn how to register an application in the next tutorial.
    ![Select the Create a resource button](media/tutorial-create-tenant/create-a-resource.png)
 
 1. Search for **Azure Active Directory B2C**, and then select **Create**.
-2. Select **Create a new Azure AD B2C Tenant**.
+
+1. Select **Create a new Azure AD B2C Tenant**.
 
     ![Create a new Azure AD B2C tenant selected in Azure portal](media/tutorial-create-tenant/portal-02-create-tenant.png)
 

articles/active-directory-b2c/user-migration.md

@@ -3,14 +3,13 @@ title: User migration approaches
 titleSuffix: Azure AD B2C
 description: Migrate user accounts from another identity provider to Azure AD B2C by using the pre migration or seamless migration methods.
 services: active-directory-b2c
-author: garrodonnell
+author: kengaderdus
 manager: CelesteDG
-
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/24/2022
-ms.author: godonnell
+ms.date: 12/29/2022
+ms.author: kengaderdus
 ms.custom: engagement-fy23
 ms.subservice: B2C
 ---
@@ -22,6 +21,10 @@ Watch this video to learn about Azure AD B2C user migration strategies and steps
 
 >[!Video https://www.youtube.com/embed/lCWR6PGUgz0]
 
+
+> [!NOTE]
+> Before you start the migration, make sure your Azure AD B2C tenant's unused quota can accommodate all the users you expect to migrate. Learn how to [Get your tenant usage](microsoft-graph-operations.md#tenant-usage). If you need to increase your tenant's quota limit, contact [Microsoft Support](find-help-open-support-ticket.md).
+
 ## Pre migration
 
 In the pre migration flow, your migration application performs these steps for each user account: