Merge branch 'main' into eur/caption-quickstart

Author: eric-urban

.openpublishing.redirection.active-directory.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path_from_root": "/articles/active-directory/manage-apps/my-apps-deployment-plan.md",
+      "redirect_url": "/azure/active-directory/manage-apps/myapps-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/authentication/cloud-native-certificate-based-authentication-faq.yml",
       "redirect_url": "/azure/active-directory/authentication/certificate-based-authentication-faq",

articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md

@@ -145,7 +145,7 @@ export const b2cPolicies = {
 export const msalConfig: Configuration = {
      auth: {
          clientId: '<your-MyApp-application-ID>',
-         authority: b2cPolicies.authorities.signUpSignIn,
+         authority: b2cPolicies.authorities.signUpSignIn.authority,
          knownAuthorities: [b2cPolicies.authorityDomain],
          redirectUri: '/', 
      },

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/22/2022
+ms.date: 05/05/2022
 
 ms.author: justinha
 author: mjsantani
@@ -63,7 +63,7 @@ In addition to choosing who can be nudged, you can define how many days a user c
 
       ![Installation complete](./media/how-to-nudge-authenticator-app/finish.png)
 
-1. If a user wishes to not install the Authenticator app, they can tap **Not now** to snooze the prompt for a number of days, which can be defined by an admin. 
+1. If a user wishes to not install Microsoft Authenticator, they can tap **Not now** to snooze the prompt for up to 14 days, which can be set by an admin. 
 
    ![Snooze installation](./media/how-to-nudge-authenticator-app/snooze.png)
 

articles/active-directory/authentication/howto-authentication-use-email-signin.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/02/2022
+ms.date: 05/05/2022
 
 ms.author: justinha
 author: gargi-sinha
@@ -257,7 +257,7 @@ To enable your support team's success, you can create a FAQ based on questions y
 | User isn't receiving a text or call on their office or cell phone| A user is trying to verify their identity via text or call but isn't receiving a text/call. |
 | User can't access the password reset portal| A user wants to reset their password but isn't enabled for password reset and can't access the page to update passwords. |
 | User can't set a new password| A user completes verification during the password reset flow but can't set a new password. |
-| User doesn't see a Reset Password link on a Windows 10 device| A user is trying to reset password from the Windows 10 lock screen, but the device is either not joined to Azure AD, or the Intune device policy isn't enabled |
+| User doesn't see a Reset Password link on a Windows 10 device| A user is trying to reset password from the Windows 10 lock screen, but the device is either not joined to Azure AD, or the Microsoft Endpoint Manager device policy isn't enabled |
 
 ### Plan rollback
 

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -71,13 +71,13 @@ To configure a Windows 10 device for SSPR at the sign-in screen, review the foll
     - Azure AD joined
     - Hybrid Azure AD joined
 
-### Enable for Windows 10 using Intune
+### Enable for Windows 10 using Microsoft Endpoint Manager
 
-Deploying the configuration change to enable SSPR from the login screen using Intune is the most flexible method. Intune allows you to deploy the configuration change to a specific group of machines you define. This method requires Intune enrollment of the device.
+Deploying the configuration change to enable SSPR from the login screen using Microsoft Endpoint Manager is the most flexible method. Microsoft Endpoint Manager allows you to deploy the configuration change to a specific group of machines you define. This method requires Microsoft Endpoint Manager enrollment of the device.
 
-#### Create a device configuration policy in Intune
+#### Create a device configuration policy in Microsoft Endpoint Manager
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and select **Intune**.
+1. Sign in to the [Azure portal](https://portal.azure.com) and select **Endpoint Manager**.
 1. Create a new device configuration profile by going to **Device configuration** > **Profiles**, then select **+ Create Profile**
    - For **Platform** choose *Windows 10 and later*
    - For **Profile type**, choose *Custom*
@@ -94,7 +94,7 @@ Deploying the configuration change to enable SSPR from the login screen using In
     Select **Add**, then **Next**.
 1. The policy can be assigned to specific users, devices, or groups. Assign the profile as desired for your environment, ideally to a test group of devices first, then select **Next**.
 
-    For more information, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
+    For more information, see [Assign user and device profiles in Microsoft Microsoft Endpoint Manager](/mem/intune/configuration/device-profile-assign).
 
 1. Configure applicability rules as desired for your environment, such as to *Assign profile if OS edition is Windows 10 Enterprise*, then select **Next**.
 1. Review your profile, then select **Create**.

articles/active-directory/authentication/howto-sspr-windows.md

@@ -6,12 +6,11 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 04/26/2022
+ms.date: 05/05/2022
 
 ms.author: mimart
 author: msmimart
 manager: celestedg
-ms.reviewer: mal
 
 ms.collection: M365-identity-device-management
 ---
@@ -32,7 +31,7 @@ For B2B collaboration with other Azure AD organizations, you should also review
 
 ## Configure settings in the portal
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator or Security administrator account and open the **Azure Active Directory** service.
+1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator account and open the **Azure Active Directory** service.
 1. Select **External Identities** > **External collaboration settings**.
 
 1. Under **Guest user access**, choose the level of access you want guest users to have:
@@ -41,7 +40,7 @@ For B2B collaboration with other Azure AD organizations, you should also review
 
    - **Guest users have the same access as members (most inclusive)**: This option gives guests the same access to Azure AD resources and directory data as member users.
 
-   - **Guest users have limited access to properties and memberships of directory objects**: (Default) This setting blocks guests from certain directory tasks, like enumerating users, groups, or other directory resources. Guests can see membership of all non-hidden groups.
+   - **Guest users have limited access to properties and memberships of directory objects**: (Default) This setting blocks guests from certain directory tasks, like enumerating users, groups, or other directory resources. Guests can see membership of all non-hidden groups. [Learn more about default guest permissions](../fundamentals/users-default-permissions.md#member-and-guest-users).
 
    - **Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)**: With this setting, guests can access only their own profiles. Guests are not allowed to see other users' profiles, groups, or group memberships.