Merge remote-tracking branch 'refs/remotes/MicrosoftDocs/master'

Author: anzaman

articles/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory.md

@@ -8,16 +8,13 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/08/2019
+ms.date: 08/06/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
 
 # Set up sign-in for a specific Azure Active Directory organization in Azure Active Directory B2C
 
->[!NOTE]
-> This feature is in public preview. Do not use the feature in production environments.
-
 To use an Azure Active Directory (Azure AD) as an [identity provider](active-directory-b2c-reference-oauth-code.md) in Azure AD B2C, you need to create an application that represents it. This article shows you how to enable sign-in for users from a specific Azure AD organization using a user flow in Azure AD B2C.
 
 ## Create an Azure AD app
@@ -50,7 +47,7 @@ To enable sign-in for users from a specific Azure AD organization, you need to r
 2. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 3. Select **Identity providers**, and then select **Add**.
 4. Enter a **Name**. For example, enter `Contoso Azure AD`.
-5. Select **Identity provider type**, select **OpenID Connect (Preview)**, and then click **OK**.
+5. Select **Identity provider type**, select **OpenID Connect**, and then click **OK**.
 6. Select **Set up this identity provider**
 7. For **Metadata url**, enter the following URL replacing `your-AD-tenant-domain` with the domain name of your Azure AD tenant. For example `https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-configuration`:
 

articles/active-directory-b2c/active-directory-b2c-setup-oidc-idp.md

@@ -1,5 +1,5 @@
 ---
-title: Set up sign-up and sign-in with OpenID Connect - Azure Active Directory B2C | Microsoft Docs
+title: Set up sign-up and sign-in with OpenID Connect - Azure Active Directory B2C
 description: Set up sign-up and sign-in with OpenID Connect using Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,26 +8,22 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 11/30/2018
+ms.date: 08/06/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
 
 # Set up sign-up and sign-in with OpenID Connect using Azure Active Directory B2C
 
->[!NOTE]
-> This feature is in public preview. Do not use the feature in production environments.
-
-
-[OpenID Connect](active-directory-b2c-reference-oidc.md) is an authentication protocol, built on top of OAuth 2.0, that can be used to securely sign users in. Most identity providers that use this protocol, are supported in Azure AD B2C. This article explains how you can add custom OpenID Connect identity providers into your user flows.
+[OpenID Connect](active-directory-b2c-reference-oidc.md) is an authentication protocol built on top of OAuth 2.0 that can be used for secure user sign-in. Most identity providers that use this protocol are supported in Azure AD B2C. This article explains how you can add custom OpenID Connect identity providers into your user flows.
 
 ## Add the identity provider
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
 2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
 3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 4. Select **Identity Providers**, and then click **Add**.
-5. For the **Identity provider type**, select **OpenID Connect (Preview)**.
+5. For the **Identity provider type**, select **OpenID Connect**.
 
 ## Configure the identity provider
 

articles/active-directory-b2c/active-directory-b2c-tutorials-spa.md

@@ -45,8 +45,8 @@ Additionally, you need the following in your local development environment:
 In the second tutorial that you completed as part of the prerequisites, you registered a web application in Azure AD B2C. To enable communication with the sample in the tutorial, you need to add a redirect URI to the application in Azure AD B2C.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
+1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directory and subscription** filter in the top menu and choosing the directory that contains your tenant.
+1. Select **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 1. Select **Applications**, and then select the *webapp1* application.
 1. Under **Reply URL**, add `http://localhost:6420`.
 1. Select **Save**.
@@ -105,23 +105,23 @@ Now that you've obtained the sample, update the code with your Azure AD B2C tena
     Listening on port 6420...
     ```
 
-1. Navigate to `http://localhost:6420` in your browser to view the application.
+1. Go to `http://localhost:6420` in your browser to view the application.
 
 The sample supports sign-up, sign-in, profile editing, and password reset. This tutorial highlights how a user signs up using an email address.
 
 ### Sign up using an email address
 
-1. Click **Login** to initiate the *B2C_1_signupsignin1* user flow you specified in an earlier step.
-1. Azure AD B2C presents a sign-in page with a sign-up link. Since you don't yet have an account, click the **Sign up now** link.
+1. Select **Login** to initiate the *B2C_1_signupsignin1* user flow you specified in an earlier step.
+1. Azure AD B2C presents a sign-in page with a sign-up link. Since you don't yet have an account, select the **Sign up now** link.
 1. The sign-up workflow presents a page to collect and verify the user's identity using an email address. The sign-up workflow also collects the user's password and the requested attributes defined in the user flow.
 
     Use a valid email address and validate using the verification code. Set a password. Enter values for the requested attributes.
 
     ![Sign-up page presented by the sign-in/sign-up user flow](./media/active-directory-b2c-tutorials-desktop-app/sign-up-workflow.PNG)
 
-1. Click **Create** to create a local account in the Azure AD B2C directory.
+1. Select **Create** to create a local account in the Azure AD B2C directory.
 
-When you click **Create**, the sign up page closes and the sign in page reappears.
+When you select **Create**, the sign up page closes and the sign in page reappears.
 
 You can now use your email address and password to sign in to the application.
 

articles/active-directory-b2c/idp-pass-through-custom.md

@@ -1,5 +1,5 @@
 ---
-title: Pass an access token through a custom policy to your application in Azure Active Directory B2C | Microsoft Docs
+title: Pass an access token through a custom policy to your application in Azure Active Directory B2C
 description: Learn how you can pass an access token for OAuth2.0 identity providers as a claim through a custom policy to your application in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
@@ -8,22 +8,20 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 02/19/2019
+ms.date: 08/17/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
 
 # Pass an access token through a custom policy to your application in Azure Active Directory B2C
 
-[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
-
-A [custom policy](active-directory-b2c-get-started-custom.md) in Azure Active Directory (Azure AD) B2C provides users of your application an opportunity to sign up or sign in with an identity provider. When this happens, Azure AD B2C receives an [access token](active-directory-b2c-reference-tokens.md) from the identity provider. Azure AD B2C uses that token to retrieve information about the user. You add a claim type and output claim to your custom policy to pass the token through to the applications that you register in Azure AD B2C.
+A [custom policy](active-directory-b2c-get-started-custom.md) in Azure Active Directory B2C (Azure AD B2C) provides users of your application an opportunity to sign up or sign in with an identity provider. When this happens, Azure AD B2C receives an [access token](active-directory-b2c-reference-tokens.md) from the identity provider. Azure AD B2C uses that token to retrieve information about the user. You add a claim type and output claim to your custom policy to pass the token through to the applications that you register in Azure AD B2C.
 
 Azure AD B2C supports passing the access token of [OAuth 2.0](active-directory-b2c-reference-oauth-code.md) and [OpenID Connect](active-directory-b2c-reference-oidc.md) identity providers. For all other identity providers, the claim is returned blank.
 
 ## Prerequisites
 
-- Your custom policy is configured with an OAuth 2.0 or OpenID Connect identity provider.
+* Your custom policy is configured with an OAuth 2.0 or OpenID Connect identity provider.
 
 ## Add the claim elements
 
@@ -82,24 +80,24 @@ When testing your applications in Azure AD B2C, it can be useful to have the Azu
 ### Upload the files
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
+2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory + subscription** filter in the top menu and choosing the directory that contains your tenant.
 3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 4. Select **Identity Experience Framework**.
 5. On the Custom Policies page, click **Upload Policy**.
 6. Select **Overwrite the policy if it exists**, and then search for and select the *TrustframeworkExtensions.xml* file.
-7. Click **Upload**.
+7. Select **Upload**.
 8. Repeat steps 5 through 7 for the relying party file, such as *SignUpOrSignIn.xml*.
 
 ### Run the policy
 
 1. Open the policy that you changed. For example, *B2C_1A_signup_signin*.
 2. For **Application**, select your application that you previously registered. To see the token in the example below, the **Reply URL** should show `https://jwt.ms`.
-3. Click **Run now**.
+3. Select **Run now**.
 
     You should see something similar to the following example:
 
     ![Decoded token in jwt.ms with idp_access_token block highlighted](./media/idp-pass-through-custom/idp-pass-through-custom-token.PNG)
 
 ## Next steps
 
-Learn more about tokens in the [Azure Active Directory token reference](active-directory-b2c-reference-tokens.md).
+Learn more about tokens in the [Azure Active Directory B2C token reference](active-directory-b2c-reference-tokens.md).

articles/active-directory-b2c/idp-pass-through-user-flow.md

@@ -1,31 +1,28 @@
 ---
-title: Pass an access token through a user flow to your application - Azure Active Directory B2C | Microsoft Docs
-description: Learn how you can pass through an access token for OAuth2.0 identity providers as a claim in a user flow in Azure Active Directory B2C.
+title: Pass an access token through a user flow to your application - Azure Active Directory B2C
+description: Learn how to pass an access token for OAuth 2.0 identity providers as a claim in a user flow in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/16/2019
+ms.date: 08/17/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
 
 # Pass an access token through a user flow to your application in Azure Active Directory B2C
 
-> [!NOTE]
-> This feature is currently in public preview.
-
-A [user flow](active-directory-b2c-reference-policies.md) in Azure Active Directory (Azure AD) B2C provides users of your application an opportunity to sign up or sign in with an identity provider. When the journey starts, Azure AD B2C receives an [access token](active-directory-b2c-reference-tokens.md) from the identity provider. Azure AD B2C uses that token to retrieve information about the user. You enable a claim in your user flow to pass the token through to the applications that you register in Azure AD B2C.
+A [user flow](active-directory-b2c-reference-policies.md) in Azure Active Directory B2C (Azure AD B2C) provides users of your application an opportunity to sign up or sign in with an identity provider. When the journey starts, Azure AD B2C receives an [access token](active-directory-b2c-reference-tokens.md) from the identity provider. Azure AD B2C uses that token to retrieve information about the user. You enable a claim in your user flow to pass the token through to the applications that you register in Azure AD B2C.
 
 Azure AD B2C currently only supports passing the access token of [OAuth 2.0](active-directory-b2c-reference-oauth-code.md) identity providers, which include [Facebook](active-directory-b2c-setup-fb-app.md) and [Google](active-directory-b2c-setup-goog-app.md). For all other identity providers, the claim is returned blank.
 
 ## Prerequisites
 
-- Your application must be using a [v2 user flow](user-flow-versions.md).
-- Your user flow is configured with an OAuth 2.0 identity provider.
+* Your application must be using a [v2 user flow](user-flow-versions.md).
+* Your user flow is configured with an OAuth 2.0 identity provider.
 
 ## Enable the claim
 

articles/active-directory-b2c/tutorial-add-identity-providers.md

@@ -94,7 +94,7 @@ After you create the application for the identity provider that you want to add,
 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 1. Select **Identity providers**, and then select **Add**.
 1. Enter a **Name**. For example, enter *Contoso Azure AD*.
-1. Select **Identity provider type**, select **OpenID Connect (Preview)**, and then click **OK**.
+1. Select **Identity provider type**, select **OpenID Connect**, and then click **OK**.
 1. Click **Set up this identity provider**
 1. For **Metadata url**, enter the following URL, replacing `your-AD-tenant-domain` with the domain name of your Azure AD tenant.
 

articles/active-directory/b2b/licensing-guidance.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 10/04/2018
+ms.date: 08/15/2019
 
 ms.author: mimart
 author: msmimart
@@ -18,7 +18,10 @@ ms.collection: M365-identity-device-management
 
 # Azure Active Directory B2B collaboration licensing guidance
 
-With Azure Active Directory (Azure AD) business-to-business (B2B) collaboration, you can invite External Users (or "guest users") to use your paid Azure AD services. For each paid Azure AD license that you assign to a user, you can invite up to five guest users under the External User Allowance.
+With Azure Active Directory (Azure AD) business-to-business (B2B) collaboration, you can invite External Users (or "guest users") to use your paid Azure AD services. Some features are free, but for any paid Azure AD features, you can invite up to five guest users for each Azure AD edition license that you own for an employee or a non-guest user in your tenant.
+
+> [!NOTE]
+> Refer to [Azure Active Directory pricing](https://azure.microsoft.com/pricing/details/active-directory/) for details about Azure AD pricing and B2B collaboration features.
 
 B2B guest user licensing is automatically calculated and reported based on the 1:5 ratio. Currently, it’s not possible to assign B2B guest user licenses directly to guest users.