Merge pull request #238 from MicrosoftDocs/master

rmerge

Author: MatchaMatch

CODEOWNERS

@@ -42,6 +42,9 @@ articles/security/benchmarks/ @msmbaldwin @mgblythe
 
 articles/ddos-protection @aletheatoh @anupamvi
 
+# Lighthouse
+articles/lighthouse/ @JnHs
+
 # Configuration
 *.json @SyntaxC4 @snoviking @martinekuan
 .acrolinx-config.edn @MonicaRush @martinekuan

articles/active-directory-b2c/service-limits.md

@@ -35,7 +35,6 @@ The following table lists the administrative configuration limits in the Azure A
 
 |Category  |Limit  |
 |---------|---------|
-|Number of applications per Azure AD B2C tenant   |250           |
 |Number of scopes per application        |1000          |
 |Number of [custom attributes](user-profile-attributes.md#extension-attributes) per user <sup>1</sup>       |100         |
 |Number of redirect URLs per application       |100         |

articles/active-directory/app-provisioning/how-provisioning-works.md

@@ -38,7 +38,7 @@ To request an automatic Azure AD provisioning connector for an app that doesn't
 
 ## Authorization
 
-Credentials are required for Azure AD to connect to the application's user management API. While you're configuring automatic user provisioning for an application, you'll need to enter valid credentials. For gallery applications, you can find credential types and requirements for the application by referring to the app tutorial. For non-gallery applications, you can refer to the [SCIM](./use-scim-to-provision-users-and-groups.md#authorization-for-provisioning-connectors-in-the-application-gallery) documentation to understand the credential types and requirements. In the Azure portal, you'll be able to test the credentials by having Azure AD attempt to connect to the app's provisioning app using the supplied credentials.
+Credentials are required for Azure AD to connect to the application's user management API. While you're configuring automatic user provisioning for an application, you'll need to enter valid credentials. For gallery applications, you can find credential types and requirements for the application by referring to the app tutorial. For non-gallery applications, you can refer to the [SCIM](./use-scim-to-provision-users-and-groups.md#authorization-to-provisioning-connectors-in-the-application-gallery) documentation to understand the credential types and requirements. In the Azure portal, you'll be able to test the credentials by having Azure AD attempt to connect to the app's provisioning app using the supplied credentials.
 
 ## Mapping attributes
 
@@ -213,4 +213,4 @@ When developing an application, always support both soft deletes and hard delete
 
 [Build a SCIM endpoint and configure provisioning when creating your own app](../app-provisioning/use-scim-to-provision-users-and-groups.md)
 
-[Troubleshoot problems with configuring and provisioning users to an application](./application-provisioning-config-problem.md).
+[Troubleshoot problems with configuring and provisioning users to an application](./application-provisioning-config-problem.md).

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -99,7 +99,7 @@ Next, add the following to your project's *.csproj* file in the netstandard2.1 *
 
 Then modify the code as specified in the next few steps. These changes will add [access tokens](access-tokens.md) to the outgoing requests sent to the Microsoft Graph API. This pattern is discussed in more detail in [ASP.NET Core Blazor WebAssembly additional security scenarios](/aspnet/core/blazor/security/webassembly/additional-scenarios).
 
-First, create a new file named *GraphAuthorizationMessageHandler.cs* with the following code. This handler will be user to add an access token for the `User.Read` and `Mail.Read` scopes to outgoing requests to the Microsoft Graph API.
+First, create a new file named *GraphAPIAuthorizationMessageHandler.cs* with the following code. This handler will be user to add an access token for the `User.Read` and `Mail.Read` scopes to outgoing requests to the Microsoft Graph API.
 
 ```csharp
 using Microsoft.AspNetCore.Components;
@@ -243,4 +243,4 @@ After granting consent, navigate to the "Fetch data" page to read some email.
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Microsoft identity platform best practices and recommendations](./identity-platform-integration-checklist.md)
+> [Microsoft identity platform best practices and recommendations](./identity-platform-integration-checklist.md)

articles/active-directory/develop/tutorial-blazor-webassembly.md

@@ -181,7 +181,7 @@ You will need an Azure AD tenant in order to test your app. To set up your devel
 
 Alternatively, an Azure AD tenant comes with every Microsoft 365 subscription. To set up a free Microsoft 365 development environment, see [Join the Microsoft 365 Developer Program](/office/developer-program/microsoft-365-developer-program).
 
-Once you have a tenant, test single-sign on and [provisioning](../app-provisioning/use-scim-to-provision-users-and-groups.md#step-4-integrate-your-scim-endpoint-with-the-azure-ad-scim-client). 
+Once you have a tenant, test single-sign on and [provisioning](../app-provisioning/use-scim-to-provision-users-and-groups.md#integrate-your-scim-endpoint-with-the-aad-scim-client). 
 
 **For OIDC or Oath applications**, [Register your application](quickstart-register-app.md) as a multi-tenant application. ‎Select the Accounts in any organizational directory and personal Microsoft accounts option in Supported Account types.
 
@@ -314,4 +314,4 @@ The Microsoft Partner Network provides instant access to exclusive resources, pr
 
 ## Next steps
 * [Build a SCIM endpoint and configure user provisioning](../app-provisioning/use-scim-to-provision-users-and-groups.md)
-* [Authentication scenarios for Azure AD](authentication-flows-app-scenarios.md)
+* [Authentication scenarios for Azure AD](authentication-flows-app-scenarios.md)

articles/active-directory/develop/v2-howto-app-gallery-listing.md

@@ -44,7 +44,7 @@ This page is updated monthly, so revisit it regularly. If you're looking for ite
 
 In the past, the secret token field could be kept empty when setting up provisioning on the custom / BYOA application. This function was intended to solely be used for testing. We'll update the UI to make the field required. 
 
-Customers can work around this requirement for testing purposes by using a feature flag in the browser URL. [Learn more](../app-provisioning/use-scim-to-provision-users-and-groups.md#authorization-for-provisioning-connectors-in-the-application-gallery).
+Customers can work around this requirement for testing purposes by using a feature flag in the browser URL. [Learn more](../app-provisioning/use-scim-to-provision-users-and-groups.md#authorization-to-provisioning-connectors-in-the-application-gallery).
 
 ---
 

articles/active-directory/fundamentals/whats-new.md

@@ -12,7 +12,7 @@ ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: how-to
 ms.subservice: compliance
-ms.date: 12/07/2020
+ms.date: 02/08/2021
 ms.author: ajburnle
 ms.reviewer: mwahl
 ms.collection: M365-identity-device-management
@@ -43,35 +43,47 @@ You can track the progress as the reviewers complete their reviews.
 
     To view future instances of an access reviews, navigate to the access review, and select Scheduled reviews.
 
-    On the **Overview** page, you can see the progress. No access rights are changed in the directory until the review is completed.
+    On the **Overview** page, you can see the progress of the current instance. No access rights are changed in the directory until the review is completed.
 
-    ![Access reviews progress](./media/complete-access-review/overview-progress.png)
-    
-    If you are viewing an access review that reviews guest access across Microsoft 365 groups (Preview), the Overview blade lists each group in the review.  
+     ![Review of All company group](./media/complete-access-review/all-company-group.png)
 
-   ![review guest access across Microsoft 365 groups](./media/complete-access-review/review-guest-access-across-365-groups.png)
+    All blades under Current are only viewable during the duration of each review instance. 
 
-    Click on a group to see the progress of the review on that group.
+    The Results page provides more information on each user under review in the instance, including the ability to Stop, Reset and Download results.
+
+    ![Review guest access across Microsoft 365 groups](./media/complete-access-review/all-company-group-results.png)
+
+
+    If you are viewing an access review that reviews guest access across Microsoft 365 groups (Preview), the Overview blade lists each group in the review. 
+   
+    ![review guest access across Microsoft 365 groups](./media/complete-access-review/review-guest-access-across-365-groups.png)
+
+    Click on a group to see the progress of the review on that group, as well as to Stop, Reset, Apply and Delete.
 
    ![review guest access across Microsoft 365 groups in detail](./media/complete-access-review/progress-group-review.png)
 
 1. If you want to stop an access review before it has reached the scheduled end date, click the **Stop** button.
 
-    When stop a review, reviewers will no longer be able to give responses. You can't restart a review after it's stopped.
+    When you stop a review, reviewers will no longer be able to give responses. You can't restart a review after it's stopped.
 
 1. If you're no longer interested in the access review, you can delete it by clicking the **Delete** button.
 
 ## Apply the changes
 
-If **Auto apply results to resource** was enabled and based on your selections in **Upon completion settings**, auto-apply will be executed after the review's end date or when you manually stop the review.
+If **Auto apply results to resource** was enabled based on your selections in **Upon completion settings**, auto-apply will be executed after the review's end date or when you manually stop the review.
 
-If **Auto apply results to resource** wasn't enabled for the review, click **Apply** to manually apply the changes. If a user's access was denied in the review, when you click **Apply**, Azure AD removes their membership or application assignment.
+If **Auto apply results to resource** wasn't enabled for the review, navigate to **Review History** under **Series** after the review duration ends or the review was stopped early, and click on the instance of the review you’d like to Apply.
 
 ![Apply access review changes](./media/complete-access-review/apply-changes.png)
 
+Click **Apply** to manually apply the changes. If a user's access was denied in the review, when you click **Apply**, Azure AD removes their membership or application assignment.
+
+![Apply access review changes button](./media/complete-access-review/apply-changes-button.png)
+
+
 The status of the review will change from **Completed** through intermediate states such as **Applying** and finally to state **Result applied**. You should expect to see denied users, if any, being removed from the group membership or application assignment in a few minutes.
 
-A configured auto applying review, or selecting **Apply** doesn't have an effect on a group that originates in an on-premises directory or a dynamic group. If you want to change a group that originates on-premises, download the results and apply those changes to the representation of the group in that directory.
+Manually or automatically applying results doesn't have an effect on a group that originates in an on-premises directory or a dynamic group. If you want to change a group that originates on-premises, download the results and apply those changes to the representation of the group in that directory.
 
 ## Retrieve the results