Merge branch 'master' of https://github.com/mayurigupta13/azure-docs-pr

Author: mayurigupta13

.openpublishing.redirection.json

@@ -320,6 +320,9 @@
       href: active-directory-b2c-devquickstarts-graph-dotnet.md
   - name: Audit logs
     href: active-directory-b2c-reference-audit-logs.md
+  - name: Manage users - Azure portal
+    href: manage-users-portal.md
+    displayName: create users, add users, delete users
   - name: Secure API Management API
     href: secure-api-management.md
     displayName: apim, api management, migrate, b2clogin.com

articles/active-directory-b2c/TOC.yml

@@ -273,10 +273,11 @@ Inspect the `B2CGraphClient.SendGraphPatchRequest()` method for details on how t
 
 ### Search users
 
-You can search for users in your B2C tenant in two ways:
+You can search for users in your B2C tenant in the following ways:
 
 * Reference the user's **object ID**.
 * Reference their sign-in identifer, the `signInNames` property.
+* Reference any of the valid OData parameters. For example, 'givenName', 'surname', 'displayName' etc.
 
 Run one of the following commands to search for a user:
 
@@ -290,6 +291,9 @@ For example:
 ```cmd
 B2C Get-User 2bcf1067-90b6-4253-9991-7f16449c2d91
 B2C Get-User $filter=signInNames/any(x:x/value%20eq%20%27consumer@fabrikam.com%27)
+B2C get-user $filter=givenName%20eq%20%27John%27
+B2C get-user $filter=surname%20eq%20%27Doe%27
+B2C get-user $filter=displayName%20eq%20%27John%20Doe%27
 ```
 
 ### Delete users

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -0,0 +1,60 @@
+---
+title: Create & delete Azure AD B2C consumer user accounts in the Azure portal
+description: Learn how to use the Azure portal to create and delete consumer users in your Azure AD B2C directory.
+services: active-directory-b2c
+author: mmacy
+manager: celestedg
+
+ms.service: active-directory
+ms.workload: identity
+ms.topic: conceptual
+ms.date: 11/09/2019
+ms.author: marsma
+ms.subservice: B2C
+---
+
+# Use the Azure portal to create and delete consumer users in Azure AD B2C
+
+There might be scenarios in which you want to manually create consumer accounts in your Azure Active Directory B2C (Azure AD B2C) directory. Although consumer accounts in an Azure AD B2C directory are most commonly created when users sign up to use one of your applications, you can create them programmatically and by using the Azure portal. This article focuses on the Azure portal method of user creation and deletion.
+
+To add or delete users, your account must be assigned the *User administrator* or *Global administrator* role.
+
+[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
+
+## Types of user accounts
+
+As described in [Overview of user accounts in Azure AD B2C](user-overview.md), there are three types of user accounts that can be created in an Azure AD B2C directory:
+
+* Work
+* Guest
+* Consumer
+
+This article focuses on working with **consumer accounts** in the Azure portal. For information about creating and deleting Work and Guest accounts, see [Add or delete users using Azure Active Directory](../active-directory/fundamentals/add-users-azure-active-directory.md).
+
+## Create a consumer user
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + subscription** filter in the top menu, and then select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. Under **Manage**, select **Users**.
+1. Select **New user**.
+1. Select **Create Azure AD B2C user**.
+1. Choose a **Sign in method** and enter either an **Email** address or a **Username** for the new user. The sign in method you select here must match the setting you've specified for your Azure AD B2C tenant's *Local account* identity provider (see **Manage** > **Identity providers** in your Azure AD B2C tenant).
+1. Enter a **Name** for the user. This is typically the full name (given and surname) of the user.
+1. (Optional) You can **Block sign in** if you wish to delay the ability for the user to sign in. You can enable sign in later by editing the user's **Profile** in the Azure portal.
+1. Choose **Auto-generate password** or **Let me create password**.
+1. Specify the user's **First name** and **Last name**.
+1. Select **Create**.
+
+Unless you've selected **Block sign in**, the user can now sign in using the sign in method (email or username) that you specified.
+
+## Delete a consumer user
+
+1. In your Azure AD B2C directory, select **Users**, and then select the user you want to delete.
+1. Select **Delete**, and then **Yes** to confirm the deletion.
+
+For details about restoring a user within the first 30 days after deletion, or for permanently deleting a user, see [Restore or remove a recently deleted user using Azure Active Directory](../active-directory/fundamentals/active-directory-users-restore.md).
+
+## Next steps
+
+For automated user management scenarios, for example migrating users from another identity provider to your Azure AD B2C directory, see [Azure AD B2C: User migration](active-directory-b2c-user-migration.md).

articles/active-directory-b2c/manage-users-portal.md

@@ -58,7 +58,7 @@ The service itself doesn't directly support this scenario. Your managed domain i
 Yes. For more information, see [how to enable Azure AD Domain Services using PowerShell](powershell-create-instance.md).
 
 ### Can I enable Azure AD Domain Services using a Resource Manager Template?
-No, it's not currently possible to enable Azure AD Domain Services using a template. For a scripted approach, see [how to enable Azure AD Domain Services using PowerShell](powershell-create-instance.md).
+Yes, you can create an Azure AD Domain Services managed domain using a Resource Manager template. A service principal and Azure AD group for administration must be created using the Azure portal or Azure PowerShell before the template is deployed. When you create an Azure AD Domain Services managed domain in the Azure portal, there's an option to export the template for use with additional deployments. There's also an [example template in the GitHub templates sample repo](https://github.com/Azure/azure-quickstart-templates/tree/master/101-AAD-DomainServices).
 
 ### Can I add domain controllers to an Azure AD Domain Services managed domain?
 No. The domain provided by Azure AD Domain Services is a managed domain. You don't need to provision, configure, or otherwise manage domain controllers for this domain. These management activities are provided as a service by Microsoft. Therefore, you can't add additional domain controllers (read-write or read-only) for the managed domain.

articles/active-directory-domain-services/faqs.md

@@ -139,8 +139,6 @@
         href: howto-authentication-passwordless-security-key.md
       - name: Passwordless Windows 10
         href: howto-authentication-passwordless-security-key-windows.md
-      - name: Passwordless on-premises
-        href: howto-authentication-passwordless-security-key-on-premises.md
       - name: Passwordless phone sign-in
         href: howto-authentication-passwordless-phone.md
       - name: Windows Hello for Business

articles/active-directory/authentication/TOC.yml

@@ -72,7 +72,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | Feitian | [https://www.ftsafe.com/about/Contact_Us](https://www.ftsafe.com/about/Contact_Us) |
 | HID | [https://www.hidglobal.com/contact-us](https://www.hidglobal.com/contact-us) |
 | Ensurity | [https://www.ensurity.com/contact](https://www.ensurity.com/contact) |
-| eWBM | [https://www.ewbm.com/page/sub1_5](https://www.ewbm.com/page/sub1_5) |
+| eWBM | [https://www.ewbm.com/support](https://www.ewbm.com/support) |
 | AuthenTrend | [https://authentrend.com/about-us/#pg-35-3](https://authentrend.com/about-us/#pg-35-3) |
 
 > [!NOTE]

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -85,7 +85,7 @@ To target specific device groups to enable the credential provider, use the foll
 
 ### Enable with a provisioning package
 
-For devices not managed by Intune, a provisioning package can be installed to enable the functionality. The Windows Configuration Designer app can be installed from the [Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
+For devices not managed by Intune, a provisioning package can be installed to enable the functionality. The Windows Configuration Designer app can be installed from the [Microsoft Store](https://www.microsoft.com/en-us/p/windows-configuration-designer/9nblggh4tx22).
 
 1. Launch the Windows Configuration Designer.
 1. Select **File** > **New project**.

articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md

@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 This article helps you to manage Multi-Factor Authentication settings in the Azure portal. It covers various topics that help you to get the most out of Azure Multi-Factor Authentication. Not all of the features are available in every version of Azure Multi-Factor Authentication.
 
-You can access settings related to Azure Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **MFA**.
+You can access settings related to Azure Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **Security** > **MFA**.
 
 ![Azure portal - Azure AD Multi-Factor Authentication settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-portal.png)
 
@@ -59,15 +59,15 @@ Use the _block and unblock users_ feature to prevent users from receiving authen
 ### Block a user
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Block/unblock users**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Block/unblock users**.
 3. Select **Add** to block a user.
 4. Select the **Replication Group**. Enter the username for the blocked user as **username\@domain.com**. Enter a comment in the **Reason** field.
 5. Select **Add** to finish blocking the user.
 
 ### Unblock a user
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Block/unblock users**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Block/unblock users**.
 3. Select **Unblock** in the **Action** column next to the user to unblock.
 4. Enter a comment in the **Reason for unblocking** field.
 5. Select **Unblock** to finish unblocking the user.
@@ -79,7 +79,7 @@ Configure the _fraud alert_ feature so that your users can report fraudulent att
 ### Turn on fraud alerts
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Fraud alert**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Fraud alert**.
 3. Set the **Allow users to submit fraud alerts** setting to **On**.
 4. Select **Save**.
 
@@ -121,7 +121,7 @@ You can use your own recordings or greetings for two-step verification with the
 Before you begin, be aware of the following restrictions:
 
 * The supported file formats are .wav and .mp3.
-* The file size limit is 5 MB.
+* The file size limit is 1 MB.
 * Authentication messages should be shorter than 20 seconds. Messages that are longer than 20 seconds can cause the verification to fail. The user might not respond before the message finishes and the verification times out.
 
 ### Custom message language behavior
@@ -142,7 +142,7 @@ For example, if there is only one custom message, with a language of German:
 ### Set up a custom message
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-1. Browse to **Azure Active Directory** > **MFA** > **Phone call settings**.
+1. Browse to **Azure Active Directory** > **Security** > **MFA** > **Phone call settings**.
 1. Select **Add greeting**.
 1. Choose the type of greeting.
 1. Choose the language.
@@ -181,7 +181,7 @@ The _one-time bypass_ feature allows a user to authenticate a single time withou
 ### Create a one-time bypass
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **One-time bypass**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **One-time bypass**.
 3. Select **Add**.
 4. If necessary, select the replication group for the bypass.
 5. Enter the username as **username\@domain.com**. Enter the number of seconds that the bypass should last. Enter the reason for the bypass.
@@ -190,7 +190,7 @@ The _one-time bypass_ feature allows a user to authenticate a single time withou
 ### View the one-time bypass report
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Browse to **Azure Active Directory** > **MFA** > **One-time bypass**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **One-time bypass**.
 
 ## Caching rules
 
@@ -202,18 +202,20 @@ You can set a time period to allow authentication attempts after a user is authe
 ### Set up caching
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Caching rules**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Caching rules**.
 3. Select **Add**.
 4. Select the **cache type** from the drop-down list. Enter the maximum number of **cache seconds**.
 5. If necessary, select an authentication type and specify an application.
 6. Select **Add**.
 
 ## MFA service settings
 
-Settings for app passwords, trusted IPs, verification options, and remember multi-factor authentication for Azure Multi-Factor Authentication can be found in service settings. Service settings can be accessed from the Azure portal by browsing to **Azure Active Directory** > **MFA** > **Getting started** > **Configure** > **Additional cloud-based MFA settings**.
+Settings for app passwords, trusted IPs, verification options, and remember multi-factor authentication for Azure Multi-Factor Authentication can be found in service settings. Service settings can be accessed from the Azure portal by browsing to **Azure Active Directory** > **Security** > **MFA** > **Getting started** > **Configure** > **Additional cloud-based MFA settings**.
 
 ![Azure Multi-Factor Authentication service settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-service-settings.png)
 
+The trusted IP address ranges can be private or public.
+
 ## App passwords
 
 Some applications, like Office 2010 or earlier and Apple Mail before iOS 11, don't support two-step verification. The apps aren't configured to accept a second verification. To use these applications, take advantage of the _app passwords_ feature. You can use an app password in place of your traditional password to allow an app to bypass two-step verification and continue working.

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -21,16 +21,16 @@ Azure Multi-Factor Authentication provides several reports that can be used by y
 
 | Report | Location | Description |
 |:--- |:--- |:--- |
-| Blocked User History | Azure AD > MFA Server > Block/unblock users | Shows the history of requests to block or unblock users. |
+| Blocked User History | Azure AD > Security > MFA > Block/unblock users | Shows the history of requests to block or unblock users. |
 | Usage and fraud alerts | Azure AD > Sign-ins | Provides information on overall usage, user summary, and user details; as well as a history of fraud alerts submitted during the date range specified. |
-| Usage for on-premises components | Azure AD > MFA Server > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
-| Bypassed User History | Azure AD > MFA Server > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
-| Server status | Azure AD > MFA Server > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
+| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
+| Bypassed User History | Azure AD > Security > MFA > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
+| Server status | Azure AD > Security > MFA > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
 
 ## View MFA reports
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **MFA Server**.
+2. On the left, select **Azure Active Directory** > **Security** > **MFA**.
 3. Select the report that you wish to view.
 
    ![MFA Server server status report in the Azure portal](./media/howto-mfa-reporting/report.png)