MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-reference-audit-logs.md
Lines changed: 2 additions & 255 deletions b/‎articles/active-directory-b2c/active-directory-b2c-reference-audit-logs.md
Lines changed: 2 additions & 255 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md
Lines changed: 2 additions & 54 deletions b/‎articles/active-directory-b2c/active-directory-b2c-reference-custom-attr.md
Lines changed: 2 additions & 54 deletions
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-reference-disable-ev.md
Lines changed: 2 additions & 35 deletions b/‎articles/active-directory-b2c/active-directory-b2c-reference-disable-ev.md
Lines changed: 2 additions & 35 deletions
@@ -1,257 +1,4 @@
 ---
-title: Access and review audit logs
-titleSuffix: Azure AD B2C
-description: How to access Azure AD B2C audit logs programmatically and in the Azure portal.
-services: active-directory-b2c
-author: mmacy
-manager: celestedg
-
-ms.service: active-directory
-ms.topic: conceptual
-ms.workload: identity
-ms.date: 10/16/2019
-ms.author: marsma
-ms.subservice: B2C
-ms.custom: fasttrack-edit
+redirect_url: /azure/active-directory-b2c/view-audit-logs
+redirect_document_id: true
 ---
-
-# Accessing Azure AD B2C audit logs
-
-Azure Active Directory B2C (Azure AD B2C) emits audit logs containing activity information about B2C resources, tokens issued, and administrator access. This article provides a brief overview of the information available in audit logs and instructions on how to access this data for your Azure AD B2C tenant.
-
-Audit log events are only retained for **seven days**. Plan to download and store your logs using one of the methods shown below if you require a longer retention period.
-
-> [!NOTE]
-> You can't see user sign-ins for individual Azure AD B2C applications under the **Users** section of the **Azure Active Directory** or **Azure AD B2C** pages in the Azure portal. The sign-in events there show user activity, but can't be correlated back to the B2C application that the user signed in to. You must use the audit logs for that, as explained further in this article.
-
-## Overview of activities available in the B2C category of audit logs
-
-The **B2C** category in audit logs contains the following types of activities:
-
-|Activity type |Description  |
-|---------|---------|
-|Authorization |Activities concerning the authorization of a user to access B2C resources (for example, an administrator accessing a list of B2C policies).         |
-|Directory |Activities related to directory attributes retrieved when an administrator signs in using the Azure portal. |
-|Application | Create, read, update, and delete (CRUD) operations on B2C applications. |
-|Key |CRUD operations on keys stored in a B2C key container. |
-|Resource |CRUD operations on B2C resources. For example, policies and identity providers.
-|Authentication |Validation of user credentials and token issuance.|
-
-For user object CRUD activities, refer to the **Core Directory** category.
-
-## Example activity
-
-This example image from the Azure portal shows the data captured when a user signs in with an external identity provider, in this case, Facebook:
-
-![Example of Audit Log Activity Details page in Azure portal](./media/active-directory-b2c-reference-audit-logs/audit-logs-example.png)
-
-The activity details panel contains the following relevant information:
-
-|Section|Field|Description|
-|-------|-----|-----------|
-| Activity | Name | Which activity took place. For example, *Issue an id_token to the application*, which concludes the actual user sign-in. |
-| Initiated By (Actor) | ObjectId | The **Object ID** of the B2C application that the user is signing in to. This identifier is not visible in the Azure portal, but is accessible via the Microsoft Graph API. |
-| Initiated By (Actor) | Spn | The **Application ID** of the B2C application that the user is signing in to. |
-| Target(s) | ObjectId | The **Object ID** of the user that is signing in. |
-| Additional Details | TenantId | The **Tenant ID** of the Azure AD B2C tenant. |
-| Additional Details | PolicyId | The **Policy ID** of the user flow (policy) being used to sign the user in. |
-| Additional Details | ApplicationId | The **Application ID** of the B2C application that the user is signing in to. |
-
-## View audit logs in the Azure portal
-
-The Azure portal provides access to the audit log events in your Azure AD B2C tenant.
-
-1. Sign in to the [Azure portal](https://portal.azure.com)
-1. Switch to the directory that contains your Azure AD B2C tenant, and then browse to **Azure AD B2C**.
-1. Under **Activities** in the left menu, select **Audit logs**.
-
-A list of activity events logged over the last seven days is displayed.
-
-![Example filter with two activity events in Azure portal](media/active-directory-b2c-reference-audit-logs/audit-logs-example-filter.png)
-
-Several filtering options are available, including:
-
-* **Activity Resource Type** - Filter by the activity types shown in the table in the [Overview of activities available](#overview-of-activities-available-in-the-b2c-category-of-audit-logs) section.
-* **Date** - Filter the date range of the activities shown.
-
-If you select a row in the list, the activity details for the event are displayed.
-
-To download the list of activity events in a comma-separated values (CSV) file, select **Download**.
-
-## Get audit logs with the Azure AD reporting API
-
-Audit logs are published to the same pipeline as other activities for Azure Active Directory, so they can be accessed through the [Azure Active Directory reporting API](https://docs.microsoft.com/graph/api/directoryaudit-list). For more information, see [Get started with the Azure Active Directory reporting API](../active-directory/reports-monitoring/concept-reporting-api.md).
-
-### Enable reporting API access
-
-To allow script- or application-based access to the Azure AD reporting API, you need an Azure Active Directory application registered in your Azure AD B2C tenant with the following API permissions:
-
-* Microsoft Graph > Application permissions > AuditLog.Read.All
-
-You can enable these permissions on an existing Azure Active Directory application registration within your B2C tenant, or create a new one specifically for use with audit log automation.
-
-Follow these steps register an application, grant it the required Microsoft Graph API permissions, and then create a client secret.
-
-### Register application in Azure Active Directory
-
-[!INCLUDE [active-directory-b2c-appreg-mgmt](../../includes/active-directory-b2c-appreg-mgmt.md)]
-
-### Assign API access permissions
-
-#### [Applications](#tab/applications/)
-
-1. On the **Registered app** overview page, select **Settings**.
-1. Under **API ACCESS**, select **Required permissions**.
-1. Select **Add**, and then **Select an API**.
-1. Select **Microsoft Graph**, and then **Select**.
-1. Under **APPLICATION PERMISSIONS**, select **Read all audit log data**.
-1. Select the **Select** button, and then select **Done**.
-1. Select **Grant permissions**, and then select **Yes**.
-
-#### [App registrations (Preview)](#tab/app-reg-preview/)
-
-1. Under **Manage**, select **API permissions**.
-1. Under **Configured permissions**, select **Add a permission**.
-1. Select the **Microsoft APIs** tab.
-1. Select **Microsoft Graph**.
-1. Select **Application permissions**.
-1. Expand **AuditLog** and then select the **AuditLog.Read.All** check box.
-1. Select **Add permissions**. As directed, wait a few minutes before proceeding to the next step.
-1. Select **Grant admin consent for (your tenant name)**.
-1. Select your currently signed-in account if it's been assigned the *Global Administrator* role, or sign in with an account in your Azure AD B2C tenant that's been assigned the *Global Administrator* role.
-1. Select **Accept**.
-1. Select **Refresh**, and then verify that "Granted for ..." appears under **Status** for the *AuditLog.Read.All* permission. It might take a few minutes for the permissions to propagate.
-
-* * *
-
-### Create client secret
-
-[!INCLUDE [active-directory-b2c-client-secret](../../includes/active-directory-b2c-client-secret.md)]
-
-You now have an application with the required API access, an application ID, and a key that you can use in your automation scripts. See the PowerShell script section later in this article for an example of how you can get activity events with a script.
-
-### Access the API
-
-To download Azure AD B2C audit log events via the API, filter the logs on the `B2C` category. To filter by category, use the `filter` query string parameter when you call the Azure AD reporting API endpoint.
-
-```HTTP
-https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=loggedByService eq 'B2C' and activityDateTime gt 2019-09-10T02:28:17Z
-```
-
-### PowerShell script
-
-The following PowerShell script shows an example of how to query the Azure AD reporting API. After querying the API, it prints the logged events to standard output, then writes the JSON output to a file.
-
-You can try this script in the [Azure Cloud Shell](../cloud-shell/overview.md). Be sure to update it with your application ID, client secret, and the name of your Azure AD B2C tenant.
-
-```powershell
-# This script requires the registration of a Web Application in Azure Active Directory:
-# https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-reporting-api
-
-# Constants
-$ClientID       = "your-client-application-id-here"       # Insert your application's client ID, a GUID (registered by Global Admin)
-$ClientSecret   = "your-client-application-secret-here"   # Insert your application's client secret
-$tenantdomain   = "your-b2c-tenant.onmicrosoft.com"       # Insert your Azure AD B2C tenant; for example, contoso.onmicrosoft.com
-$loginURL       = "https://login.microsoftonline.com"
-$resource       = "https://graph.microsoft.com"           # Microsoft Graph API resource URI
-$7daysago       = "{0:s}" -f (get-date).AddDays(-7) + "Z" # Use 'AddMinutes(-5)' to decrement minutes, for example
-Write-Output "Searching for events starting $7daysago"
-
-# Create HTTP header, get an OAuth2 access token based on client id, secret and tenant domain
-$body       = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
-$oauth      = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
-
-# Parse audit report items, save output to file(s): auditX.json, where X = 0 through n for number of nextLink pages
-if ($oauth.access_token -ne $null) {
-    $i=0
-    $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
-    $url = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=loggedByService eq 'B2C' and activityDateTime gt  " + $7daysago
-
-    # loop through each query page (1 through n)
-    Do {
-        # display each event on the console window
-        Write-Output "Fetching data using Uri: $url"
-        $myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url)
-        foreach ($event in ($myReport.Content | ConvertFrom-Json).value) {
-            Write-Output ($event | ConvertTo-Json)
-        }
-
-        # save the query page to an output file
-        Write-Output "Save the output to a file audit$i.json"
-        $myReport.Content | Out-File -FilePath audit$i.json -Force
-        $url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
-        $i = $i+1
-    } while($url -ne $null)
-} else {
-    Write-Host "ERROR: No Access Token"
-}
-```
-
-Here's the JSON representation of the example activity event shown earlier in the article:
-
-```JSON
-{
-    "id": "B2C_DQO3J_4984536",
-    "category": "Authentication",
-    "correlationId": "00000000-0000-0000-0000-000000000000",
-    "result": "success",
-    "resultReason": "N/A",
-    "activityDisplayName": "Issue an id_token to the application",
-    "activityDateTime": "2019-09-14T18:13:17.0618117Z",
-    "loggedByService": "B2C",
-    "operationType": "",
-    "initiatedBy": {
-        "user": null,
-        "app": {
-            "appId": "00000000-0000-0000-0000-000000000000",
-            "displayName": null,
-            "servicePrincipalId": null,
-            "servicePrincipalName": "00000000-0000-0000-0000-000000000000"
-        }
-    },
-    "targetResources": [
-        {
-            "id": "00000000-0000-0000-0000-000000000000",
-            "displayName": null,
-            "type": "User",
-            "userPrincipalName": null,
-            "groupType": null,
-            "modifiedProperties": []
-        }
-    ],
-    "additionalDetails": [
-        {
-            "key": "TenantId",
-            "value": "test.onmicrosoft.com"
-        },
-        {
-            "key": "PolicyId",
-            "value": "B2C_1A_signup_signin"
-        },
-        {
-            "key": "ApplicationId",
-            "value": "00000000-0000-0000-0000-000000000000"
-        },
-        {
-            "key": "Client",
-            "value": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
-        },
-        {
-            "key": "IdentityProviderName",
-            "value": "facebook"
-        },
-        {
-            "key": "IdentityProviderApplicationId",
-            "value": "0000000000000000"
-        },
-        {
-            "key": "ClientIpAddress",
-            "value": "127.0.0.1"
-        }
-    ]
-}
-```
-
-## Next steps
-
-You can automate other administration tasks, for example, [manage users with .NET](manage-user-accounts-graph-api.md).
@@ -1,56 +1,4 @@
 ---
-title: Define custom attributes in Azure Active Directory B2C | Microsoft Docs
-description: Define custom attributes for your application in Azure Active Directory B2C to collect information about your customers.
-services: active-directory-b2c
-author: mmacy
-manager: celestedg
-
-ms.service: active-directory
-ms.workload: identity
-ms.topic: conceptual
-ms.date: 11/30/2018
-ms.author: marsma
-ms.subservice: B2C
+redirect_url: /azure/active-directory-b2c/user-flow-custom-attributes
+redirect_document_id: true
 ---
-
-# Define custom attributes in Azure Active Directory B2C
-
- Every customer-facing application has unique requirements for the information that needs to be collected. Your Azure Active Directory B2C (Azure AD B2C) tenant comes with a built-in set of information stored in attributes, such as Given Name, Surname, City, and Postal Code. With Azure AD B2C, you can extend the set of attributes stored on each customer account.
-
- You can create custom attributes in the [Azure portal](https://portal.azure.com/) and use them in your sign-up user flows, sign-up or sign-in user flows, or profile editing user flows. You can also read and write these attributes by using the [Azure AD Graph API](manage-user-accounts-graph-api.md). Custom attributes in Azure AD B2C use [Azure AD Graph API Directory Schema Extensions](/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions).
-
-> [!NOTE]
-> Support for newer [Microsoft Graph API](https://docs.microsoft.com/graph/overview?view=graph-rest-1.0) for querying Azure AD B2C tenant is still under development.
->
-
-## Create a custom attribute
-
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by switching to it in the top-right corner of the Azure portal. Select your subscription information, and then select **Switch Directory**.
-
-    ![Switch to your Azure AD B2C tenant](./media/active-directory-b2c-reference-custom-attr/switch-directories.png)
-
-    Choose the directory that contains your tenant.
-
-    ![B2C tenant highlighted in Directory and Subscription filter](./media/active-directory-b2c-reference-custom-attr/select-directory.PNG)
-
-3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-4. Select **User attributes**, and then select **Add**.
-5. Provide a **Name** for the custom attribute (for example, "ShoeSize")
-6. Choose a **Data Type**. Only **String**, **Boolean**, and **Int** are available.
-7. Optionally, enter a **Description** for informational purposes.
-8. Click **Create**.
-
-The custom attribute is now available in the list of **User attributes** and for use in your user flows. A custom attribute is only created the first time it is used in any user flow, and not when you add it to the list of **User attributes**.
-
-
-## Use a custom attribute in your user flow
-
-1. In your Azure AD B2C tenant, select **User flows**.
-2. Select your policy (for example, "B2C_1_SignupSignin") to open it.
-4. Select **User attributes** and then select the custom attribute (for example, "ShoeSize"). Click **Save**.
-5. Select **Application claims** and then select the custom attribute.
-6. Click **Save**.
-
-Once you have created a new user using a user flow which uses the newly created custom attribute, the object can be queried in [Azure AD Graph Explorer](https://docs.microsoft.com/azure/active-directory/develop/active-directory-graph-api-quickstart). Alternatively you can use the [**Run user flow**](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-create-user-flows) feature on the user flow to verify the customer experience. You should now see **ShoeSize** in the list of attributes collected during the sign-up journey, and see it in the token sent back to your application.
-
@@ -1,37 +1,4 @@
 ---
-title: Disable email verification during customer sign-up
-titleSuffix: Azure AD B2C
-description: Learn how to disable email verification during customer sign-up in Azure Active Directory B2C.
-services: active-directory-b2c
-author: mmacy
-manager: celestedg
-
-ms.service: active-directory
-ms.workload: identity
-ms.topic: conceptual
-ms.date: 09/25/2018
-ms.author: marsma
-ms.subservice: B2C
+redirect_url: /azure/active-directory-b2c/user-flow-disable-email-verification
+redirect_document_id: true
 ---
-
-# Disable email verification during customer sign-up in Azure Active Directory B2C
-
-By default, Azure Active Directory B2C (Azure AD B2C) verifies your customer's email address for local accounts (accounts for users who sign up with email address or username). Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up process. It also prevents a malicious actors from using automated processes to generate fraudulent accounts in your applications.
-
-Some application developers prefer to skip email verification during the sign-up process and instead have customers verify their email address later. To support this, Azure AD B2C can be configured to disable email verification. Doing so creates a smoother sign-up process and gives developers the flexibility to differentiate customers that have verified their email address from customers that have not.
-
-Follow these steps to disable email verification:
-
-1. Sign in to the [Azure portal](https://portal.azure.com)
-1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
-1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
-1. Select **User flows**.
-1. Select the user flow for which you want to disable email verification. For example, *B2C_1_signinsignup*.
-1. Select **Page layouts**.
-1. Select **Local account sign-up page**.
-1. Under **User attributes**, select **Email Address**.
-1. In the **REQUIRES VERIFICATION** drop down, select **No**.
-1. Select **Save**. Email verification is now disabled for this user flow.
-
-> [!WARNING]
-> Disabling email verification in the sign-up process may lead to spam. If you disable the default Azure AD B2C-provided email verification, we recommend that you implement a replacement verification system.