Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into heidist-support-case-art

Author: HeidiSteen

articles/active-directory-b2c/string-transformations.md

@@ -171,7 +171,7 @@ Determines whether one string claim is equal to another. The result is a new boo
 | InputClaim | inputClaim1 | string | First claim type, which is to be compared. |
 | InputClaim | inputClaim2 | string | Second claim type, which is to be compared. |
 | InputParameter | operator | string | Possible values: `EQUAL` or `NOT EQUAL`. |
-| InputParameter | ignoreCase | boolean | Specifies whether this comparison should ignore the case of the strings being compared. |
+| InputParameter | ignoreCase | string | Specifies whether this comparison should ignore the case of the strings being compared. |
 | OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked. |
 
 ### Example of CompareClaims
@@ -186,7 +186,7 @@ Use this claims transformation to check if a claim is equal to another claim.  T
   </InputClaims>
   <InputParameters>
     <InputParameter Id="operator" DataType="string" Value="NOT EQUAL" />
-    <InputParameter Id="ignoreCase" DataType="boolean" Value="true" />
+    <InputParameter Id="ignoreCase" DataType="string" Value="true" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="SameEmailAddress" TransformationClaimType="outputClaim" />

articles/active-directory/cloud-infrastructure-entitlement-management/usage-analytics-users.md

@@ -108,7 +108,7 @@ Filters can be applied in one, two, or all three categories depending on the typ
 
 1. From the **Authorization System Type** dropdown, select the authorization system you want to use: **AWS**, **Azure**, or **GCP**.
 1. From the **Authorization System** dropdown, select from a **List** of accounts and **Folders**.
-1. From the **Identity Subtype**, select the type of user: **All**, **ED**, **Local**, or **Cross Account**.
+1. From the **Identity Subtype**, select the type of user: **All**, **ED** (Enterprise Directory), **Local**, or **Cross Account**.
 1. Select **Apply** to run your query and display the information you selected.
 
     Select **Reset filter** to discard your changes.
@@ -158,4 +158,4 @@ You can filter user details by type of user, user role, app, or service used, or
 - To view assigned permissions and usage of the group and the group members, see [View analytic information about groups](usage-analytics-groups.md).
 - To view active resources, see [View analytic information about active resources](usage-analytics-active-resources.md).
 - To view the permission usage of access keys for a given user, see [View analytic information about access keys](usage-analytics-access-keys.md).
-- To view assigned permissions and usage of the serverless functions, see [View analytic information about serverless functions](usage-analytics-serverless-functions.md).
+- To view assigned permissions and usage of the serverless functions, see [View analytic information about serverless functions](usage-analytics-serverless-functions.md).

articles/active-directory/develop/msal-client-application-configuration.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 11/20/2020
+ms.date: 07/15/2022
 ms.author: marsma
 ms.reviewer: saeeda
 ms.custom: aaddev, has-adal-ref
@@ -33,12 +33,12 @@ The authority is a URL that indicates a directory that MSAL can request tokens f
 
 Common authorities are:
 
-| Common authority URLs | When to use |
-|--|--|
-| `https://login.microsoftonline.com/<tenant>/` | Sign in users of a specific organization only. The `<tenant>` in the URL is the tenant ID of the Azure Active Directory (Azure AD) tenant (a GUID), or its tenant domain. |
-| `https://login.microsoftonline.com/common/` | Sign in users with work and school accounts or personal Microsoft accounts. |
-| `https://login.microsoftonline.com/organizations/` | Sign in users with work and school accounts. |
-| `https://login.microsoftonline.com/consumers/` | Sign in users with personal Microsoft accounts (MSA) only. |
+| Common authority URLs                              | When to use                                                                                                                                                               |
+| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `https://login.microsoftonline.com/<tenant>/`      | Sign in users of a specific organization only. The `<tenant>` in the URL is the tenant ID of the Azure Active Directory (Azure AD) tenant (a GUID), or its tenant domain. |
+| `https://login.microsoftonline.com/common/`        | Sign in users with work and school accounts or personal Microsoft accounts.                                                                                               |
+| `https://login.microsoftonline.com/organizations/` | Sign in users with work and school accounts.                                                                                                                              |
+| `https://login.microsoftonline.com/consumers/`     | Sign in users with personal Microsoft accounts (MSA) only.                                                                                                                |
 
 The authority you specify in your code needs to be consistent with the **Supported account types** you specified for the app in **App registrations** in the Azure portal.
 
@@ -50,16 +50,16 @@ The authority can be:
 
 Azure AD cloud authorities have two parts:
 
-- The identity provider *instance*
-- The sign-in *audience* for the app
+- The identity provider _instance_
+- The sign-in _audience_ for the app
 
 The instance and audience can be concatenated and provided as the authority URL. This diagram shows how the authority URL is composed:
 
 ![How the authority URL is composed](media/msal-client-application-configuration/authority.png)
 
 ## Cloud instance
 
-The *instance* is used to specify if your app is signing users from the Azure public cloud or from national clouds. Using MSAL in your code, you can set the Azure cloud instance by using an enumeration or by passing the URL to the [national cloud instance](authentication-national-cloud.md#azure-ad-authentication-endpoints) as the `Instance` member (if you know it).
+The _instance_ is used to specify if your app is signing users from the Azure public cloud or from national clouds. Using MSAL in your code, you can set the Azure cloud instance by using an enumeration or by passing the URL to the [national cloud instance](authentication-national-cloud.md#azure-ad-authentication-endpoints) as the `Instance` member.
 
 MSAL.NET will throw an explicit exception if both `Instance` and `AzureCloudInstance` are specified.
 
@@ -100,7 +100,7 @@ Currently, the only way to get an app to sign in users with only personal Micros
 
 ## Client ID
 
-The client ID is the unique application (client) ID assigned to your app by Azure AD when the app was registered.
+The client ID is the unique **Application (client) ID** assigned to your app by Azure AD when the app was registered.
 
 ## Redirect URI
 
@@ -110,40 +110,41 @@ The redirect URI is the URI the identity provider will send the security tokens
 
 If you're a public client app developer who's using MSAL:
 
-- You'd want to use `.WithDefaultRedirectUri()` in desktop or UWP applications (MSAL.NET 4.1+). This method will set the public client application's redirect URI property to the default recommended redirect URI for public client applications.
+- You'd want to use `.WithDefaultRedirectUri()` in desktop or Universal Windows Platform (UWP) applications (MSAL.NET 4.1+). The `.WithDefaultRedirectUri()` method will set the public client application's redirect URI property to the default recommended redirect URI for public client applications.
 
-  | Platform | Redirect URI |
-  |--|--|
-  | Desktop app (.NET FW) | `https://login.microsoftonline.com/common/oauth2/nativeclient` |
-  | UWP | value of `WebAuthenticationBroker.GetCurrentApplicationCallbackUri()`. This enables SSO with the browser by setting the value to the result of WebAuthenticationBroker.GetCurrentApplicationCallbackUri() which you need to register |
-  | .NET Core | `https://localhost`. This enables the user to use the system browser for interactive authentication since .NET Core doesn't have a UI for the embedded web view at the moment. |
+  | Platform              | Redirect URI                                                                                                                                                                                                                                           |
+  | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+  | Desktop app (.NET FW) | `https://login.microsoftonline.com/common/oauth2/nativeclient`                                                                                                                                                                                         |
+  | UWP                   | value of `WebAuthenticationBroker.GetCurrentApplicationCallbackUri()`. This enables single sign-on (SSO) with the browser by setting the value to the result of WebAuthenticationBroker.GetCurrentApplicationCallbackUri(), which you need to register |
+  | .NET Core             | `https://localhost` enables the user to use the system browser for interactive authentication since .NET Core doesn't have a UI for the embedded web view at the moment.                                                                               |
 
-- You don't need to add a redirect URI if you're building a Xamarin Android and iOS application that doesn't support the broker redirect URI. It is automatically set to `msal{ClientId}://auth` for Xamarin Android and iOS.
+- You don't need to add a redirect URI if you're building a Xamarin Android and iOS application that doesn't support the broker redirect URI. It's automatically set to `msal{ClientId}://auth` for Xamarin Android and iOS.
 
 - Configure the redirect URI in [App registrations](https://aka.ms/appregistrations):
 
-   ![Redirect URI in App registrations](media/msal-client-application-configuration/redirect-uri.png)
+  ![Redirect URI in App registrations](media/msal-client-application-configuration/redirect-uri.png)
 
 You can override the redirect URI by using the `RedirectUri` property (for example, if you use brokers). Here are some examples of redirect URIs for that scenario:
 
 - `RedirectUriOnAndroid` = "msauth-5a434691-ccb2-4fd1-b97b-b64bcfbc03fc://com.microsoft.identity.client.sample";
 - `RedirectUriOnIos` = $"msauth.{Bundle.ID}://auth";
 
-For additional iOS details, see [Migrate iOS applications that use Microsoft Authenticator from ADAL.NET to MSAL.NET](msal-net-migration-ios-broker.md) and [Leveraging the broker on iOS](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Leveraging-the-broker-on-iOS).
-For additional Android details, see [Brokered auth in Android](msal-android-single-sign-on.md).
+For more iOS details, see [Migrate iOS applications that use Microsoft Authenticator from ADAL.NET to MSAL.NET](msal-net-migration-ios-broker.md) and [Leveraging the broker on iOS](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Leveraging-the-broker-on-iOS).
+For more Android details, see [Brokered auth in Android](msal-android-single-sign-on.md).
 
 ### Redirect URI for confidential client apps
 
-For web apps, the redirect URI (or reply URL) is the URI that Azure AD will use to send the token back to the application. This URI can be the URL of the web app/web API if the confidential app is one of these. The redirect URI needs to be registered in app registration. This registration is especially important when you deploy an app that you've initially tested locally. You then need to add the reply URL of the deployed app in the application registration portal.
+For web apps, the redirect URI (or reply URL) is the URI that Azure AD will use to send the token back to the application. The URI can be the URL of the web app/web API if the confidential app is one of them. The redirect URI needs to be registered in app registration. The registration is especially important when you deploy an app that you've initially tested locally. You then need to add the reply URL of the deployed app in the application registration portal.
 
 For daemon apps, you don't need to specify a redirect URI.
 
 ## Client secret
 
-This option specifies the client secret for the confidential client app. This secret (app password) is provided by the application registration portal or provided to Azure AD during app registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.
+This option specifies the client secret for the confidential client app. The client secret (app password) is provided by the application registration portal or provided to Azure AD during app registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.
 
 ## Logging
-To help in debugging and authentication failure troubleshooting scenarios, the Microsoft Authentication Library provides built-in logging support. Logging is each library is covered in the following articles:
+
+To help in debugging and authentication failure troubleshooting scenarios, the MSAL provides built-in logging support. Logging in each library is covered in the following articles:
 
 :::row:::
     :::column:::

articles/active-directory/develop/msal-node-migration.md

@@ -21,7 +21,7 @@ ms.custom: has-adal-ref
 
 ## Prerequisites
 
-- Node version 10, 12 or 14. See the [note on version support](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node#node-version-support)
+- Node version 10, 12, 14, 16 or 18. See the [note on version support](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node#node-version-support)
 
 ## Update app registration settings
 
@@ -373,16 +373,19 @@ const cca = new msal.ConfidentialClientApplication(config);
 
 const refreshTokenRequest = {
     refreshToken: "", // your previous refresh token here
-    scopes: ["user.read"],
+    scopes: ["https://graph.microsoft.com/.default"],
+    forceCache: true,
 };
 
 cca.acquireTokenByRefreshToken(refreshTokenRequest).then((response) => {
-    console.log(JSON.stringify(response));
+    console.log(response);
 }).catch((error) => {
-    console.log(JSON.stringify(error));
+    console.log(error);
 });
 ```
 
+For more information, please refer to the [ADAL Node to MSAL Node migration sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/refresh-token).
+
 > [!NOTE]
 > We recommend you to destroy the older ADAL Node token cache once you utilize the still valid refresh tokens to get a new set of tokens using the MSAL Node's `acquireTokenByRefreshToken` method as shown above.
 
@@ -419,7 +422,7 @@ var adal = require('adal-node');
 // Authentication parameters
 var clientId = 'Enter_the_Application_Id_Here';
 var clientSecret = 'Enter_the_Client_Secret_Here';
-var tenant = 'common';
+var tenant = 'Enter_the_Tenant_Info_Here';
 var authorityUrl = 'https://login.microsoftonline.com/' + tenant;
 var redirectUri = 'http://localhost:3000/redirect';
 var resource = 'https://graph.microsoft.com';
@@ -501,7 +504,7 @@ const msal = require('@azure/msal-node');
 const config = {
     auth: {
         clientId: "Enter_the_Application_Id_Here",
-        authority: "https://login.microsoftonline.com/common",
+        authority: "https://login.microsoftonline.com/Enter_the_Tenant_Info_Here",
         clientSecret: "Enter_the_Client_Secret_Here"
     },
     system: {

articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md

@@ -2,14 +2,14 @@
 title: Quickstart - Access & create new tenant - Azure AD
 description: Instructions about how to find Azure Active Directory and how to create a new tenant for your organization.
 services: active-directory
-author: ajburnle
-manager: karenhoran
+author: barclayn
+manager: rkarlin
 ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: quickstart
 ms.date: 12/22/2021
-ms.author: ajburnle
+ms.author: barclayn
 ms.custom: it-pro, seodec18, fasttrack-edit, mode-other
 ms.collection: M365-identity-device-management
 ---

articles/active-directory/fundamentals/active-directory-accessmanagement-managing-group-owners.md

@@ -2,15 +2,15 @@
 title: Add or remove group owners - Azure Active Directory | Microsoft Docs
 description: Instructions about how to add or remove group owners using Azure Active Directory. 
 services: active-directory
-author: ajburnle
-manager: karenhoran
+author: barclayn
+manager: rkarlin
 
 ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: how-to
 ms.date: 09/11/2018
-ms.author: ajburnle
+ms.author: barclayn
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management
 ---

articles/active-directory/fundamentals/active-directory-architecture.md

@@ -2,15 +2,15 @@
 title: Architecture overview - Azure Active Directory | Microsoft Docs
 description: Learn what an Azure Active Directory tenant is and how to manage Azure using Azure Active Directory.
 services: active-directory
-author: ajburnle
-manager: karenhoran
+author: barclayn
+manager: rkarlin
 
 ms.service: active-directory
 ms.subservice: fundamentals
 ms.workload: identity
 ms.topic: conceptual
 ms.date: 07/08/2022
-ms.author: ajburnle
+ms.author: barclayn
 ms.reviewer: jeffsta
 ms.custom: "it-pro, seodec18"
 ms.collection: M365-identity-device-management

articles/active-directory/fundamentals/active-directory-compare-azure-ad-to-ad.md

@@ -3,7 +3,7 @@ title: Compare Active Directory to Azure Active Directory
 description: This document compares Active Directory Domain Services (ADDS) to Azure Active Directory (AD). It outlines key concepts in both identity solutions and explains how it's different or similar.
 services: active-directory
 author: martincoetzer
-manager: karenhoran
+manager: rkarlin
 tags: azuread
 ms.service: active-directory
 ms.topic: conceptual

articles/active-directory/fundamentals/active-directory-data-storage-australia-newzealand.md

@@ -2,9 +2,9 @@
 title: Customer data storage for Australian and New Zealand customers - Azure AD
 description: Learn about where Azure Active Directory stores customer-related data for its Australian and New Zealand customers.
 services: active-directory
-author: ajburnle
-manager: karenhoran
-ms.author: ajburnle
+author: barclayn
+manager: rkarlin
+ms.author: barclayn
 
 ms.service: active-directory
 ms.subservice: fundamentals

articles/active-directory/fundamentals/active-directory-data-storage-australia.md

@@ -2,9 +2,9 @@
 title: Identity data storage for Australian and New Zealand customers - Azure AD
 description: Learn about where Azure Active Directory stores identity-related data for its Australian and New Zealand customers.
 services: active-directory
-author: ajburnle
-manager: karenhoran
-ms.author: ajburnle
+author: barclayn
+manager: rkarlin
+ms.author: barclayn
 
 ms.service: active-directory
 ms.subservice: fundamentals