Merge pull request #104356 from davidmu1/manageapps1

Manageapps1

Author: PRMerger17

articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-ping-access.md

@@ -157,21 +157,7 @@ To collect this information:
 1. Select **Add**. The PingAccess key appears in the table of client secrets, with a random string that autofills in the **VALUE** field.
 1. Next to the PingAccess key's **VALUE** field, select the **Copy to clipboard** icon, then copy and save it. You specify this value later as PingAccess's client secret.
 
-### Update GraphAPI to send custom fields (optional)
-
-If you need a custom claim that sends other tokens within the access_token consumed by PingAccess, set the `acceptMappedClaims` application field to `True`. You can use Graph Explorer or the Azure AD portal's application manifest to make this change.
-
-**This example uses Graph Explorer:**
-
-```
-PATCH https://graph.windows.net/myorganization/applications/<object_id_GUID_of_your_application>
-
-{
-  "acceptMappedClaims":true
-}
-```
-
-**This example uses the [Azure Active Directory portal](https://aad.portal.azure.com/) to update the `acceptMappedClaims` field:**
+**Update the `acceptMappedClaims` field:**
 
 1. Sign in to the [Azure Active Directory portal](https://aad.portal.azure.com/) as an application administrator.
 1. Select **Azure Active Directory** > **App registrations**. A list of applications appears.
@@ -210,7 +196,7 @@ To make your application use a custom claim and include additional fields, be su
 > [!NOTE]
 > To use a custom claim, you must also have a custom policy defined and assigned to the application. This policy should include all required custom attributes.
 >
-> You can do policy definition and assignment through PowerShell, Azure AD Graph Explorer, or Microsoft Graph. If you're doing them in PowerShell, you may need to first use `New-AzureADPolicy` and then assign it to the application with `Add-AzureADServicePrincipalPolicy`. For more information, see [Claims mapping policy assignment](../develop/active-directory-claims-mapping.md#claims-mapping-policy-assignment).
+> You can do policy definition and assignment through PowerShell or Microsoft Graph. If you're doing them in PowerShell, you may need to first use `New-AzureADPolicy` and then assign it to the application with `Add-AzureADServicePrincipalPolicy`. For more information, see [Claims mapping policy assignment](../develop/active-directory-claims-mapping.md#claims-mapping-policy-assignment).
 
 Example:
 ```powershell

articles/active-directory/manage-apps/application-sign-in-problem-federated-sso-gallery.md

@@ -159,7 +159,7 @@ The application vendor should validate that they support the Azure AD SAML imple
 
 ## Misconfigured application
 
-*Error AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your admin to fix the configuration or consent on behalf of the tenant.*.
+*Error AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions in the requested permissions in the client's application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your admin to fix the configuration or consent on behalf of the tenant.*.
 
 **Possible cause**
 

articles/active-directory/manage-apps/application-sign-in-problem-federated-sso-non-gallery.md

@@ -162,7 +162,7 @@ The application vendor should validate that they support the Azure AD SAML imple
 
 ## Misconfigured application
 
-*Error AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your admin to fix the configuration or consent on behalf of the tenant.*.
+*Error AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions in the requested permissions in the client's application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your admin to fix the configuration or consent on behalf of the tenant.*.
 
 **Possible cause**
 

articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md

@@ -95,9 +95,7 @@ Policies only take effect for a specific application when they are attached to a
 
 Only one HRD policy can be active on a service principal at any one time.  
 
-You can use either the Microsoft Azure Active Directory Graph API directly, or the Azure Active Directory PowerShell cmdlets to create and manage HRD policy.
-
-The Graph API that manipulates policy is described in the [Operations on policy](https://msdn.microsoft.com/library/azure/ad/graph/api/policy-operations) article on MSDN.
+You can use the Azure Active Directory PowerShell cmdlets to create and manage HRD policy.
 
 Following is an example HRD policy definition:
 
@@ -204,7 +202,7 @@ To apply the HRD policy after you have created it, you can assign it to multiple
 #### Step 2: Locate the service principal to which to assign the policy  
 You need the **ObjectID** of the service principals to which you want to assign the policy. There are several ways to find the **ObjectID** of service principals.    
 
-You can use the portal, or you can query [Microsoft Graph](https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#serviceprincipal-entity). You can also go to the [Graph Explorer Tool](https://developer.microsoft.com/graph/graph-explorer) and sign in to your Azure AD account to see all your organization's service principals. 
+You can use the portal, or you can query [Microsoft Graph](https://docs.microsoft.com/graph/api/resources/serviceprincipal?view=graph-rest-beta). You can also go to the [Graph Explorer Tool](https://developer.microsoft.com/graph/graph-explorer) and sign in to your Azure AD account to see all your organization's service principals. 
 
 Because you are using PowerShell, you can use the following cmdlet to list the service principals and their IDs.
 

articles/active-directory/manage-apps/manage-consent-requests.md

@@ -96,7 +96,7 @@ See [Grant tenant-wide admin consent to an application](grant-admin-consent.md)
 
 ### Granting consent on behalf of a specific user
 
-Instead of granting consent for the entire organization, an administrator can also use the [Azure AD Graph API](https://docs.microsoft.com/azure/active-directory/develop/active-directory-graph-api) to grant consent to delegated permissions on behalf of a single user. To do this, send a `POST` request to create an [OAuth2PermissionGrant](https://docs.microsoft.com/previous-versions/azure/ad/graph/api/entity-and-complex-type-reference#oauth2permissiongrant-entity) entity where `consentType` is set to "Principal", and `principalId` is set to the object ID for the user on behalf of whom consent is being granted.
+Instead of granting consent for the entire organization, an administrator can also use the [Microsft Graph API](https://docs.microsoft.com/graph/use-the-api) to grant consent to delegated permissions on behalf of a single user. For more information, see [Get access on behalf of a user](https://docs.microsoft.com/graph/auth-v2-user).
 
 ## Limiting user access to applications