Merge branch 'release-cogsvcs-custom-health' of https://github.com/MicrosoftDocs/azure-docs-pr into ta4h-article-fixes-2

Author: aahill

articles/active-directory-b2c/quickstart-web-app-dotnet.md

@@ -39,7 +39,7 @@ In this quickstart, you use an ASP.NET application to sign in using a social ide
 ## Run the application in Visual Studio
 
 1. In the sample application project folder, open the **B2C-WebAPI-DotNet.sln** solution in Visual Studio.
-1. For this quickstart, you run both the **TaskWebApp** and **TaskService** projects at the same time. Right-click the **B2C-WebAPI-DotNet** solution in Solution Explorer, and then select **Set StartUp Projects**.
+1. For this quickstart, you run both the **TaskWebApp** and **TaskService** projects at the same time. Right-click the **B2C-WebAPI-DotNet** solution in Solution Explorer, and then select **Configure StartUp Projects...**.
 1. Select **Multiple startup projects** and change the **Action** for both projects to **Start**.
 1. Select **OK**.
 1. Press **F5** to debug both applications. Each application opens in its own browser tab:

articles/active-directory/app-provisioning/plan-auto-user-provisioning.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/14/2023
+ms.date: 04/17/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---

articles/active-directory/develop/authorization-basics.md

@@ -58,7 +58,7 @@ One method for achieving ABAC with Azure Active Directory is using [dynamic grou
 
 Authorization logic is often implemented within the applications or solutions where access control is required. In many cases, application development platforms offer middleware or other API solutions that simplify the implementation of authorization. Examples include use of the [AuthorizeAttribute](/aspnet/core/security/authorization/simple?view=aspnetcore-5.0&preserve-view=true) in ASP.NET or [Route Guards](./scenario-spa-sign-in.md?tabs=angular2#sign-in-with-a-pop-up-window) in Angular.
 
-For authorization approaches that rely on information about the authenticated entity, an application evaluates information exchanged during authentication. For example, by using the information that was provided within a [security token](./security-tokens.md)). For information not contained in a security token, an application might make extra calls to external resources.
+For authorization approaches that rely on information about the authenticated entity, an application evaluates information exchanged during authentication. For example, by using the information that was provided within a [security token](./security-tokens.md). For information not contained in a security token, an application might make extra calls to external resources.
 
 It's not strictly necessary for developers to embed authorization logic entirely within their applications. Instead, dedicated authorization services can be used to centralize authorization implementation and management.
 
@@ -67,4 +67,4 @@ It's not strictly necessary for developers to embed authorization logic entirely
 
 - To learn about custom role-based access control implementation in applications, see [Role-based access control for application developers](./custom-rbac-for-developers.md).
 - To learn about the process of registering your application so it can integrate with the Microsoft identity platform, see [Application model](./application-model.md).
-- For an example of configuring simple authentication-based authorization, see [Configure your App Service or Azure Functions app to use Azure AD login](../../app-service/configure-authentication-provider-aad.md).
+- For an example of configuring simple authentication-based authorization, see [Configure your App Service or Azure Functions app to use Azure AD login](../../app-service/configure-authentication-provider-aad.md).

articles/active-directory/develop/developer-glossary.md

@@ -238,7 +238,7 @@ An identity used by a software workload like an application, service, script, or
 
 ## Workload identity federation
 
-Allows you to securely access Azure AD protected resources from external apps and services without needing to manage secrets (for supported scenarios).  For more information, see [workload identity federation](workload-identity-federation.md).)
+Allows you to securely access Azure AD protected resources from external apps and services without needing to manage secrets (for supported scenarios).  For more information, see [workload identity federation](workload-identity-federation.md).
 
 ## Next steps
 

articles/active-directory/develop/howto-build-services-resilient-to-metadata-refresh.md

@@ -35,7 +35,7 @@ services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationSche
     // shouldn’t be necessary as it’s true by default
     options.RefreshOnIssuerKeyNotFound = true;
     …
-};
+});
 ```
 
 ## ASP.NET/ OWIN

articles/active-directory/develop/includes/mobile-app/quickstart-ios.md

@@ -218,7 +218,7 @@ self.applicationContext!.acquireToken(with: parameters) { (result, error) in /*
 
 > |Where:| Description |
 > |---------|---------|
-> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs  (`api://<Application ID>/access_as_user`) |
+> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs  (`api://<Application ID>/access_as_user`)) |
 
 #### acquireTokenSilent: Get an access token silently
 
@@ -238,7 +238,7 @@ self.applicationContext!.getCurrentAccount(with: nil) { (currentAccount, previou
 
 > |Where: | Description |
 > |---------|---------|
-> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`) |
+> | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`)) |
 > | `account` | The account a token is being requested for. This quickstart is about a single account application. If you want to build a multi-account app you'll need to define logic to identify which account to use for token requests using `accountsFromDeviceForParameters:completionBlock:` and passing correct `accountIdentifier` |
 
 [!INCLUDE [Help and support](../../../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/develop/includes/web-api/quickstart-aspnet-core.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: include
 ms.workload: identity
-ms.date: 12/09/2022
+ms.date: 04/16/2023
 ms.author: cwerner
 ms.reviewer: jmprieur
 ms.custom: devx-track-csharp, "scenarios:getting-started", "languages:aspnet-core", mode-api, engagement-fy23
@@ -48,10 +48,6 @@ First, register the web API in your Azure AD tenant and add a scope by following
 
 [Download the ASP.NET Core solution](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/archive/aspnetcore3-1.zip) from GitHub.
 
-> [!Note]
-> The code sample currently targets ASP.NET Core 3.1. The sample can be updated to use .NET Core 6.0 and is covered in the following steps: [Update the sample code to ASP.NET Core 6.0](#step-4-update-the-sample-code-to-aspnet-core-60)
-This quickstart will be deprecated in the near future and will be updated to use .NET 6.0.
-
 ## Step 3: Configure the ASP.NET Core project
 
 In this step, the sample code will be configured to work with the app registration that was created earlier.
@@ -74,26 +70,7 @@ In this step, the sample code will be configured to work with the app registrati
 
 For this quickstart, don't change any other values in the *appsettings.json* file.
 
-### Step 4: Update the sample code to ASP.NET Core 6.0
-
-To update this code sample to target ASP.NET Core 6.0, follow these steps:
-
-1. Open webapi.csproj
-1. Remove the following line:
-
-    ```xml
-   <TargetFramework>netcoreapp3.1</TargetFramework>
-   ```
-
-1. Add the following line in its place:
-
-   ```xml
-   <TargetFramework>netcoreapp6.0</TargetFramework>
-   ```
-
-This step will ensure that the sample is targeting the .NET Core 6.0 framework.
-
-### Step 5: Run the sample
+### Step 4: Run the sample
 
 1. Open a terminal and change directory to the project folder.
 
@@ -167,31 +144,28 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
 namespace webapi.Controllers
 {
     [Authorize]
+    [RequiredScope("access_as_user")]
     [ApiController]
     [Route("[controller]")]
     public class WeatherForecastController : ControllerBase
 ```
 
 ### Validation of scope in the controller
 
-The code in the API verifies that the required scopes are in the token by using `HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);`:
+The code in the API verifies that the required scopes are in the token by using `[RequiredScope("access_as_user")]` attribute:
 
 ```csharp
 namespace webapi.Controllers
 {
     [Authorize]
+    [RequiredScope("access_as_user")]
     [ApiController]
     [Route("[controller]")]
     public class WeatherForecastController : ControllerBase
     {
-        // The web API will only accept tokens 1) for users, and 2) having the "access_as_user" scope for this API
-        static readonly string[] scopeRequiredByApi = new string[] { "access_as_user" };
-
         [HttpGet]
         public IEnumerable<WeatherForecast> Get()
         {
-            HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
-
             // some code here
         }
     }

articles/active-directory/develop/includes/web-app/quickstart-aspnet-core.md

@@ -10,7 +10,7 @@ ms.subservice: develop
 ms.topic: quickstart
 ms.workload: identity
 
-ms.date: 12/19/2022
+ms.date: 04/16/2023
 ms.author: cwerner
 
 ms.reviewer: jmprieur
@@ -50,10 +50,6 @@ See [How the sample works](#how-the-sample-works) for an illustration.
 
 [Download the ASP.NET Core solution](https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore3-1-callsgraph.zip)
 
-> [!Note]
-> The code sample currently targets ASP.NET Core 3.1. The sample can be updated to use .NET Core 6.0 and is covered in the following steps: [Update the sample code to ASP.NET Core 6.0](#step-4-update-the-sample-code-to-aspnet-core-60)
-This quickstart will be deprecated in the near future and will be updated to use .NET 6.0.
-
 ### Step 3: Configure your ASP.NET Core project
 
 1. Extract the *.zip* file to a local folder that's close to the root of the disk to avoid errors caused by path length limitations on Windows. For example, extract to *C:\Azure-Samples*.
@@ -74,27 +70,8 @@ This quickstart will be deprecated in the near future and will be updated to use
     - Replace `Enter_the_Client_Secret_Here` with the **Client secret** that was created and recorded in an earlier step.
 
 For this quickstart, don't change any other values in the *appsettings.json* file.
-
-### Step 4: Update the sample code to ASP.NET Core 6.0
-
-To update this code sample to target ASP.NET Core 6.0, follow these steps:
-
-1. Open WebApp-OpenIDConnect-DotNet.csproj
-1. Remove the following line:
-
-    ```xml
-   <TargetFramework>netcoreapp3.1</TargetFramework>
-   ```
-
-1. Add the following line in its place:
-
-   ```xml
-   <TargetFramework>netcoreapp6.0</TargetFramework>
-   ```
-
-This step will ensure that the sample is targeting the .NET Core 6.0 framework.
 
-### Step 5: Build and run the application
+### Step 4: Build and run the application
 
 Build and run the app in Visual Studio by selecting the **Debug** menu > **Start Debugging**, or by pressing the F5 key. 
 

articles/active-directory/develop/mobile-app-quickstart-portal-ios.md

@@ -209,7 +209,7 @@ ms.custom: aaddev, identityplatformtop40, "scenarios:getting-started", "language
 > 
 > > |Where:| Description |
 > > |---------|---------|
-> > | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs  (`api://<Application ID>/access_as_user`) |
+> > | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs  (`api://<Application ID>/access_as_user`)) |
 > 
 > #### acquireTokenSilent: Get an access token silently
 > 
@@ -229,7 +229,7 @@ ms.custom: aaddev, identityplatformtop40, "scenarios:getting-started", "language
 > 
 > > |Where: | Description |
 > > |---------|---------|
-> > | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`) |
+> > | `scopes` | Contains the scopes being requested (that is, `[ "user.read" ]` for Microsoft Graph or `[ "<Application ID URL>/scope" ]` for custom web APIs (`api://<Application ID>/access_as_user`)) |
 > > | `account` | The account a token is being requested for. This quickstart is about a single account application. If you want to build a multi-account app you'll need to define logic to identify which account to use for token requests using `accountsFromDeviceForParameters:completionBlock:` and passing correct `accountIdentifier` |
 > 
 > [!INCLUDE [Help and support](../../../includes/active-directory-develop-help-support-include.md)]

articles/active-directory/develop/msal-authentication-flows.md

@@ -241,7 +241,7 @@ To satisfy either requirement, one of these operations must have been completed:
 - You as the application developer have selected **Grant** in the Azure portal for yourself.
 - A tenant admin has selected **Grant/revoke admin consent for {tenant domain}** in the **API permissions** tab of the app registration in the Azure portal; see [Add permissions to access your web API](quickstart-configure-app-access-web-apis.md#add-permissions-to-access-your-web-api).
 - You've provided a way for users to consent to the application; see [User consent](../manage-apps/user-admin-consent-overview.md#user-consent).
-- You've provided a way for the tenant admin to consent for the application; see [Administrator consent]../manage-apps/user-admin-consent-overview.md#administrator-consent).
+- You've provided a way for the tenant admin to consent for the application; see [Administrator consent](../manage-apps/user-admin-consent-overview.md#admin-consent).
 
 For more information on consent, see [Permissions and consent](v2-permissions-and-consent.md#consent).