MicrosoftDocs
diff --git a/‎articles/active-directory/develop/custom-rbac-for-developers.md
Lines changed: 6 additions & 4 deletions b/‎articles/active-directory/develop/custom-rbac-for-developers.md
Lines changed: 6 additions & 4 deletions
diff --git a/‎articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/fundamentals/1-secure-access-posture.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/fundamentals/1-secure-access-posture.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/fundamentals/4-secure-access-groups.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/4-secure-access-groups.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/6-secure-access-entitlement-managment.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/6-secure-access-entitlement-managment.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/8-secure-access-sensitivity-labels.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/8-secure-access-sensitivity-labels.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/9-secure-access-teams-sharepoint.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/fundamentals/9-secure-access-teams-sharepoint.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/fundamentals/monitor-sign-in-health-for-resilience.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/monitor-sign-in-health-for-resilience.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/resilience-b2b-authentication.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/resilience-b2b-authentication.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/resilience-in-credentials.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/fundamentals/resilience-in-credentials.md
Lines changed: 2 additions & 2 deletions
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity 
-ms.date: 06/16/2022
+ms.date: 08/19/2022
 ms.custom: template-concept
 ms.author: davidmu
 ms.reviewer: john.garland, maggie.marxen, ian.bennett, marsma
@@ -43,7 +43,9 @@ Developers have the flexibility to provide their own implementation for how role
 
 ### App roles
 
-Azure AD supports declaring app roles for an application. When a user signs into an application, Azure AD includes a [roles claim](./access-tokens.md#payload-claims) for each role that the user has been granted for that application. Applications receive the tokens that contain the role claims and then can use the information for permission assignments. The roles assigned to the user determine the level of access to resources and functionality.
+Azure AD allows you to [define app roles](./howto-add-app-roles-in-azure-ad-apps.md) for your application and assign those roles to users and other applications. The roles you assign to a user or application define their level of access to the resources and operations in your application.
+
+When Azure AD issues an access token for an authenticated user or application, it includes the names of the roles you've assigned the entity (the user or application) in the access token's [`roles`](./access-tokens.md#payload-claims) claim. An application like a web API that receives that access token in a request can then make authorization decisions based on the values in the `roles` claim.
 
 ### Groups
 
@@ -79,5 +81,5 @@ Although either app roles or groups can be used for authorization, key differenc
 
 ## Next steps
 
-- [How to add app roles to your application and receive them in the token](./howto-add-app-roles-in-azure-ad-apps.md).
-- [Azure Identity Management and access control security best practices](../../security/fundamentals/identity-management-best-practices.md).
+- [How to add app roles to your application and receive them in the token](./howto-add-app-roles-in-azure-ad-apps.md)
+- [Azure Identity Management and access control security best practices](../../security/fundamentals/identity-management-best-practices.md)
@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: app-service-web
 ms.topic: tutorial
 ms.workload: identity
-ms.date: 04/25/2022
+ms.date: 08/19/2022
 ms.author: ryanwi
 ms.reviewer: stsoneff
 ms.devlang: csharp, javascript
@@ -90,7 +90,7 @@ webAppName="SecureWebApp-20201106120003"
 
 spId=$(az resource list -n $webAppName --query [*].identity.principalId --out tsv)
 
-graphResourceId=$(az ad sp list --display-name "Microsoft Graph" --query [0].objectId --out tsv)
+graphResourceId=$(az ad sp list --display-name "Microsoft Graph" --query [0].id --out tsv)
 
 appRoleId=$(az ad sp list --display-name "Microsoft Graph" --query "[0].appRoles[?value=='User.Read.All' && contains(allowedMemberTypes, 'Application')].id" --output tsv)
 
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 08/19/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
@@ -91,4 +91,4 @@ See the following articles on securing external access to resources. We recommen
 9. [Secure access to Microsoft Teams, OneDrive, and SharePoint](9-secure-access-teams-sharepoint.md)
 
 
-
+
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 08/20/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 08/20/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 08/19/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 08/20/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
@@ -190,4 +190,4 @@ See the following articles on securing external access to resources. We recommen
 
 8. [Secure access with Sensitivity labels](8-secure-access-sensitivity-labels.md)
 
-9. [Secure access to Microsoft Teams, OneDrive, and SharePoint](9-secure-access-teams-sharepoint.md) (You are here.)
+9. [Secure access to Microsoft Teams, OneDrive, and SharePoint](9-secure-access-teams-sharepoint.md) (You are here.)
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 03/17/2021
+ms.date: 08/20/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 11/30/2020
+ms.date: 08/19/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
 
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 11/30/2020
+ms.date: 08/19/2022
 ms.author: jricketts
 ms.reviewer: ajburnle
 ms.custom: "it-pro, seodec18"
@@ -78,4 +78,4 @@ Resilience resources for developers
 
 * [Build IAM resilience in your applications](resilience-app-development-overview.md)
 
-* [Build resilience in your CIAM systems](resilience-b2c.md)
+* [Build resilience in your CIAM systems](resilience-b2c.md)