Merge pull request #221448 from MicrosoftDocs/main

Publish to Live, Wednesday 4AM PST, 12/14

Author: PMEds28

articles/active-directory-b2c/data-residency.md

@@ -9,55 +9,67 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/16/2021
+ms.date: 12/12/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: references_regions
 ---
 
 # Azure Active Directory B2C: Region availability & data residency
 
-Azure AD B2C identity data is stored in a geographical location based on the country/region provided when you create the tenant.
+Azure Active Directory B2C (Azure AD B2C) stores customer data in a geographic location based on how a tenant was created and provisioned. For the Azure portal or Azure AD API, the location is defined when a customer selects a location from the pre-defined list.
 
 Region availability and data residency are two different concepts that apply to Azure AD B2C. This article explains the differences between these two concepts, and compares how they apply to Azure versus Azure AD B2C.
 
 Azure AD B2C is **generally available worldwide** with the option for **data residency** in the **United States, Europe, Asia Pacific, or Australia**.
 
-[Region availability](#region-availability) refers to where a service is available for use.
-
-[Data residency](#data-residency) refers to where user data is stored.
+[Region availability](#region-availability) refers to where a service is available for use. [Data residency](#data-residency) refers to where customer data is stored. For customers in the EU and EFTA, see [EU Data Boundary](#eu-data-boundary).
 
 ## Region availability
 
 Azure AD B2C is available worldwide via the Azure public cloud. You can see availability of this service in both Azure's [Products Available By Region](https://azure.microsoft.com/regions/services/) page and the [Active Directory B2C pricing calculator](https://azure.microsoft.com/pricing/details/active-directory-b2c/). Also, Azure AD B2C service is highly available. Learn more about [Service Level Agreement (SLA) for Azure Active Directory B2C](https://azure.microsoft.com/support/legal/sla/active-directory-b2c/v1_1).
 ## Data residency
 
-Azure AD B2C stores user data in the United States, Europe, the Asia Pacific region, or Australia.
+Azure AD B2C stores customer data in the United States, Europe, the Asia Pacific region, or Australia.
 
 Data residency is determined by the country/region you select when you [create an Azure AD B2C tenant](tutorial-create-tenant.md):
 
 ![Screenshot of a Create Tenant form, choosing country or region.](./media/data-residency/data-residency-b2c-tenant.png)
 
-Data resides in the **United States** for the following countries/regions:
+Data resides in the **United States** for the following locations:
 
 > United States (US), Canada (CA), Costa Rica (CR), Dominican Republic (DO), El Salvador (SV), Guatemala (GT), Mexico (MX), Panama (PA), Puerto Rico (PR) and Trinidad & Tobago (TT)
 
-Data resides in **Europe** for the following countries/regions:
+Data resides in **Europe** for the following locations:
 
 > Algeria (DZ), Austria (AT), Azerbaijan (AZ), Bahrain (BH), Belarus (BY), Belgium (BE), Bulgaria (BG), Croatia (HR), Cyprus (CY), Czech Republic (CZ), Denmark (DK), Egypt (EG), Estonia (EE), Finland (FT), France (FR), Germany (DE), Greece (GR), Hungary (HU), Iceland (IS), Ireland (IE), Israel (IL), Italy (IT), Jordan (JO), Kazakhstan (KZ), Kenya (KE), Kuwait (KW), Latvia (LV), Lebanon (LB), Liechtenstein (LI), Lithuania (LT), Luxembourg (LU), North Macedonia (ML), Malta (MT), Montenegro (ME), Morocco (MA), Netherlands (NL), Nigeria (NG), Norway (NO), Oman (OM), Pakistan (PK), Poland (PL), Portugal (PT), Qatar (QA), Romania (RO), Russia (RU), Saudi Arabia (SA), Serbia (RS), Slovakia (SK), Slovenia (ST), South Africa (ZA), Spain (ES), Sweden (SE), Switzerland (CH), Tunisia (TN), Turkey (TR), Ukraine (UA), United Arab Emirates (AE) and United Kingdom (GB)
 
-Data resides in **Asia Pacific** for the following countries/regions:
+Data resides in **Asia Pacific** for the following locations:
 
 > Afghanistan (AF), Hong Kong SAR (HK), India (IN), Indonesia (ID), Japan (JP), Korea (KR), Malaysia (MY), Philippines (PH), Singapore (SG), Sri Lanka (LK), Taiwan (TW), and Thailand (TH)
 
-Data resides in **Australia** for the following countries/regions:
+Data resides in **Australia** for the following locations:
 
 > Australia (AU) and New Zealand (NZ)
 
-The following countries/regions are in the process of being added to the list. For now, you can still use Azure AD B2C by picking any of the countries/regions above.
+The following locations are in the process of being added to the list. For now, you can still use Azure AD B2C by picking any of the locations previously listed.
 
 > Argentina, Brazil, Chile, Colombia, Ecuador, Iraq, Paraguay, Peru, Uruguay, and Venezuela
 
+## EU Data Boundary
+
+The EU Data Boundary is Microsoft's commitment for our public sector and commercial customers in the EU and EFTA to process and store their customer data in the EU.  
+
+### Services temporarily excluded from the EU Data Boundary
+
+Some services have work in progress to be EU Data Boundary compliant, but this work is delayed beyond January 1, 2023. The services listed will become compliant over the coming months. The following details explain the customer data that these features currently transfer out of the EU Data Boundary as part of their service operations:
+
+* **Reason for customer data egress** - These features haven't completed changes to fully process admin actions and user sign-in actions within the EU Data Boundary.
+* **Types of customer data being egressed** - User account and usage data, and service configuration such as policy.
+* **Customer data location at rest** - In the EU Data Boundary.
+* **Customer data processing** - Some processing may occur globally.
+* **Services** - Administrator actions in the Azure portal or APIs, and User Sign-In Service
+
 ## Remote profile solution
 
 With Azure AD B2C [custom policies](custom-policy-overview.md), you can integrate with [RESTful API services](api-connectors-overview.md), which allow you to store and read user profiles from a remote database (such as a marketing database, CRM system, or any line-of-business application).  

articles/active-directory-b2c/index.yml

@@ -16,7 +16,7 @@ metadata:
   ms.collection: collection
   author: kengaderdus
   ms.author: kengaderdus
-  ms.date: 08/31/2022
+  ms.date: 12/14/2022
 
 ## FRONT MATTER END
 
@@ -125,15 +125,11 @@ conceptualContent:
           - text: Protocols
             url: ../active-directory/develop/v2-app-types.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
             itemType: concept
-          # - text: Authentication library
-            # url: ../active-directory/develop/msal-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
-            # itemType: concept
-          # - text: Identity providers
-            # url: add-identity-provider.md
-            # itemType: concept
-          - text: Authenticate users in a Node.js web app(Quick course)
-            url: /learn/modules/authenticate-users-node-web-app-use-azure-active-directory-b2c/
-            itemType: learn
+          - text: Authentication library
+            url: ../active-directory/develop/msal-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
+            itemType: concept
+       
+
     ## CARD 3 ######################
     - title: 'Authenticate: Sign in users'
       links:
@@ -155,6 +151,10 @@ conceptualContent:
           - text: Enable single sign-on (SSO)
             url: session-behavior.md
             itemType: how-to-guide
+
+          - text: Authenticate users in a Node.js web app(Quick course)
+            url: /learn/modules/authenticate-users-node-web-app-use-azure-active-directory-b2c/
+            itemType: learn
           # - text: 'Quickstart: Single-page app'
             # url: configure-authentication-sample-spa-app.md
             # itemType: quickstart

articles/active-directory/develop/workload-identity-federation-create-trust.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 10/31/2022
+ms.date: 12/13/2022
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: shkhalid, udayh, vakarand
@@ -27,6 +27,8 @@ In this article, you learn how to create, list, and delete federated identity cr
 
 ## Important considerations and restrictions
 
+To create, update, or delete a federated identity credential, the account performing the action must have the [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator), [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer), [Cloud Application Administrator](/azure/active-directory/roles/permissions-reference#cloud-application-administrator), or Application Owner role.  The [microsoft.directory/applications/credentials/update permission](/azure/active-directory/roles/custom-available-permissions#microsoftdirectoryapplicationscredentialsupdate) is required to update a federated identity credential.
+
 [!INCLUDE [federated credential configuration](./includes/federated-credential-configuration-considerations.md)]
 
 To learn more about supported regions, time to propagate federated credential updates, supported issuers and more, read [Important considerations and restrictions for federated identity credentials](workload-identity-federation-considerations.md).

articles/active-directory/fundamentals/active-directory-access-create-new-tenant.md

@@ -26,7 +26,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 After you sign in to the Azure portal, you can create a new tenant for your organization. Your new tenant represents your organization and helps you to manage a specific instance of Microsoft cloud services for your internal and external users.
 
 >[!Note]
->If you're unable to create Azure AD B2C tenant, review your user settings page to ensure that tenant creation isn't switched off. If tenant creation is switched off, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
+>If you're unable to create Azure AD or Azure AD B2C tenant, review your user settings page to ensure that tenant creation isn't switched off. If tenant creation is switched off, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
 
 ### To create a new tenant