Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr

Author: LauraBrenner

.openpublishing.redirection.json

@@ -5872,8 +5872,13 @@
     },
     {
       "source_path": "articles/active-directory-b2c/active-directory-b2c-social-migration.md",
-      "redirect_url": "/azure/active-directory-b2c/migrate-social-identities",
-      "redirect_document_id": true
+      "redirect_url": "/azure/active-directory-b2c/user-migration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/active-directory-b2c/migrate-social-identities.md",
+      "redirect_url": "/azure/active-directory-b2c/user-migration",
+      "redirect_document_id": false
     },
     {
       "source_path": "articles/active-directory-b2c/active-directory-b2c-custom-setup-goog-idp.md",
@@ -36480,6 +36485,11 @@
       "redirect_url": "/azure/active-directory/app-provisioning/application-provisioning-config-problem",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/manage-apps/application-provisioning-config-problem-scim-compatibility.md",
+      "redirect_url": "/azure/active-directory/app-provisioning/application-provisioning-config-problem-scim-compatibility",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory/manage-apps/application-provisioning-configure-api.md",
       "redirect_url": "/azure/active-directory/app-provisioning/application-provisioning-configure-api",

articles/active-directory-b2c/TOC.yml

@@ -81,6 +81,9 @@
     - name: Register a SAML service provider
       href: connect-with-saml-service-providers.md
       displayName: SP, RP, service provider, connect
+    - name: Register a Graph application
+      href: microsoft-graph-get-started.md
+      displayName: migrate, migration, microsoft graph
     - name: Add a web API application
       href: add-web-application.md
     - name: Add a native client application
@@ -377,8 +380,6 @@
     items:
     - name: Migrate users
       href: user-migration.md
-    - name: Migrate users with external identities
-      href: migrate-social-identities.md
 - name: Reference
   items:
   - name: Identity Experience Framework release notes
@@ -392,9 +393,11 @@
     displayName: cookies, SameSite
   - name: Error codes
     href: error-codes.md
+  - name: Microsoft Graph API operations
+    href: microsoft-graph-operations.md
   - name: Region availability & data residency
     href: data-residency.md
-  - name: Enable billing
+  - name: Billing model
     href: billing.md
   - name: Threat management
     href: threat-management.md

articles/active-directory-b2c/application-types.md

@@ -121,7 +121,7 @@ To set up client credential flow, see [Azure Active Directory v2.0 and the OAuth
 
 #### Web API chains (on-behalf-of flow)
 
-Many architectures include a web API that needs to call another downstream web API, where both are secured by Azure AD B2C. This scenario is common in native clients that have a Web API back-end and calls a Microsoft online service such as the Microsoft Graph API or Azure AD Graph API.
+Many architectures include a web API that needs to call another downstream web API, where both are secured by Azure AD B2C. This scenario is common in native clients that have a Web API back-end and calls a Microsoft online service such as the Microsoft Graph API.
 
 This chained web API scenario can be supported by using the OAuth 2.0 JWT bearer credential grant, also known as the on-behalf-of flow.  However, the on-behalf-of flow is not currently implemented in the Azure AD B2C.
 

articles/active-directory-b2c/custom-policy-custom-attributes.md

@@ -29,7 +29,7 @@ Your Azure AD B2C directory comes with a built-in set of attributes. Examples ar
 * An identity provider has a unique user identifier like **uniqueUserGUID** that must be saved.
 * A custom user journey needs to persist for a state of a user like **migrationStatus**.
 
-Azure AD B2C extends the set of attributes stored on each user account. You can also read and write these attributes by using the [Azure AD Graph API](manage-user-accounts-graph-api.md).
+Azure AD B2C extends the set of attributes stored on each user account. You can also read and write these attributes by using the [Microsoft Graph API](manage-user-accounts-graph-api.md).
 
 Extension properties extend the schema of the user objects in the directory. The terms *extension property*, *custom attribute*, and *custom claim* refer to the same thing in the context of this article. The name varies depending on the context, such as application, object, or policy.
 
@@ -292,7 +292,7 @@ The ID token sent back to your application includes the new extension property a
 
 ## Reference
 
-For more information on extension properties, see the article [Directory schema extensions | Graph API concepts](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).
+For more information on extension properties, see the article [Add custom data to resources using extensions](https://docs.microsoft.com/graph/extensibility-overview).
 
 > [!NOTE]
 > * A **TechnicalProfile** is an element type, or function, that defines an endpoint’s name, metadata, and protocol. The **TechnicalProfile** details the exchange of claims that the Identity Experience Framework performs. When this function is called in an orchestration step or from another **TechnicalProfile**, the **InputClaims** and **OutputClaims** are provided as parameters by the caller.

articles/active-directory-b2c/faq.md

@@ -82,15 +82,17 @@ Currently there is no way to change the "From:" field on the email.
 
 ### How can I migrate my existing user names, passwords, and profiles from my database to Azure AD B2C?
 
-You can use the Azure AD Graph API to write your migration tool. See the [User migration guide](user-migration.md) for details.
+You can use the Microsoft Graph API to write your migration tool. See the [User migration guide](user-migration.md) for details.
 
 ### What password user flow is used for local accounts in Azure AD B2C?
 
-The Azure AD B2C password user flow for local accounts is based on the policy for Azure AD. Azure AD B2C's sign-up, sign-up or sign-in and password reset user flows use the "strong" password strength and don't expire any passwords. Read the [Azure AD password policy](/previous-versions/azure/jj943764(v=azure.100)) for more details. For information about account lockouts and passwords, see [Manages threats to resources and data in Azure Active Directory B2C](threat-management.md).
+The Azure AD B2C password user flow for local accounts is based on the policy for Azure AD. Azure AD B2C's sign-up, sign-up or sign-in and password reset user flows use the "strong" password strength and don't expire any passwords. For more details, see [Password policies and restrictions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/authentication/concept-sspr-policy).
+
+For information about account lockouts and passwords, see [Manages threats to resources and data in Azure Active Directory B2C](threat-management.md).
 
 ### Can I use Azure AD Connect to migrate consumer identities that are stored on my on-premises Active Directory to Azure AD B2C?
 
-No, Azure AD Connect is not designed to work with Azure AD B2C. Consider using the [Azure AD Graph API](manage-user-accounts-graph-api.md) for user migration. See the [User migration guide](user-migration.md) for details.
+No, Azure AD Connect is not designed to work with Azure AD B2C. Consider using the [Microsoft Graph API](manage-user-accounts-graph-api.md) for user migration. See the [User migration guide](user-migration.md) for details.
 
 ### Can my app open up Azure AD B2C pages within an iFrame?
 

articles/active-directory-b2c/manage-user-access.md

@@ -42,17 +42,17 @@ Depending on application regulation, parental consent might need to be granted b
 
 The following is an example of a user flow for gathering parental consent:
 
-1. An [Azure Active Directory Graph API](/previous-versions/azure/ad/graph/api/api-catalog) operation identifies the user as a minor and returns the user data to the application in the form of an unsigned JSON token.
+1. A [Microsoft Graph API](https://docs.microsoft.com/graph/use-the-api) operation identifies the user as a minor and returns the user data to the application in the form of an unsigned JSON token.
 
 2. The application processes the JSON token and shows a screen to the minor, notifying them that parental consent is required and requesting the consent of a parent online.
 
 3. Azure AD B2C shows a sign-in journey that the user can sign in to normally and issues a token to the application that is set to include **legalAgeGroupClassification = “minorWithParentalConsent”**. The application collects the email address of the parent and verifies that the parent is an adult. To do so, it uses a trusted source, such as a national ID office, license verification, or credit card proof. If verification is successful, the application prompts the minor to sign in by using the Azure AD B2C user flow. If consent is denied (for example, if **legalAgeGroupClassification = “minorWithoutParentalConsent”**), Azure AD B2C returns a JSON token (not a login) to the application to restart the consent process. It is optionally possible to customize the user flow so that a minor or an adult can regain access to a minor’s account by sending a registration code to the minor’s email address or the adult’s email address on record.
 
 4. The application offers an option to the minor to revoke consent.
 
-5. When either the minor or the adult revokes consent, the Azure AD Graph API can be used to change **consentProvidedForMinor** to **denied**. Alternatively, the application may choose to delete a minor whose consent has been revoked. It is optionally possible to customize the user flow so that the authenticated minor (or parent that is using the minor’s account) can revoke consent. Azure AD B2C records **consentProvidedForMinor** as **denied**.
+5. When either the minor or the adult revokes consent, the Microsoft Graph API can be used to change **consentProvidedForMinor** to **denied**. Alternatively, the application may choose to delete a minor whose consent has been revoked. It is optionally possible to customize the user flow so that the authenticated minor (or parent that is using the minor’s account) can revoke consent. Azure AD B2C records **consentProvidedForMinor** as **denied**.
 
-For more information about **legalAgeGroupClassification**, **consentProvidedForMinor**, and **ageGroup**, see [User resource type](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/user). For more information about custom attributes, see [Use custom attributes to collect information about your consumers](user-flow-custom-attributes.md). When you address extended attributes by using the Azure AD Graph API, you must use the long version of the attribute, such as *extension_18b70cf9bb834edd8f38521c2583cd86_dateOfBirth*: *2011-01-01T00:00:00Z*.
+For more information about **legalAgeGroupClassification**, **consentProvidedForMinor**, and **ageGroup**, see [User resource type](https://developer.microsoft.com/graph/docs/api-reference/beta/resources/user). For more information about custom attributes, see [Use custom attributes to collect information about your consumers](user-flow-custom-attributes.md). When you address extended attributes by using the Microsoft Graph API, you must use the long version of the attribute, such as *extension_18b70cf9bb834edd8f38521c2583cd86_dateOfBirth*: *2011-01-01T00:00:00Z*.
 
 ## Gather date of birth and country/region data