Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into acifix2

Author: dlepow

.markdownlint.json

@@ -9,6 +9,7 @@
     "MD007": false,
     "MD009": false,
     "MD010": false,
+    "MD011": true,
     "MD012": false,
     "MD013": false,
     "MD014": false,
@@ -32,10 +33,28 @@
     "MD035": false,
     "MD036": false,
     "MD037": false,
+    "MD038": true,
+    "MD039": true,
     "MD040": false,
     "MD041": false,
     "MD042": false,
+    "MD043": true,
+    "MD044": {
+        "code_blocks": false,
+        "names": [
+            ".NET",
+            "ASP.NET",
+            "Azure",
+            "JavaScript",
+            "NuGet",
+            "PowerShell",
+            "macOS",
+            "C#",
+            "CLI"
+        ]
+    },
     "MD045": false,
     "MD046": false,
-    "MD047": false
+    "MD047": false,
+    "MD048": true
 }

.openpublishing.redirection.json

@@ -163,6 +163,9 @@
         href: active-directory-b2c-reference-kmsi-custom.md
       - name: Password change
         href: active-directory-b2c-reference-password-change-custom.md
+      - name: Phone sign-up & sign-in
+        href: phone-authentication.md
+        displayName: otp, passwordless, phone number
     - name: UX customization
       items:
       - name: Configure user input
@@ -262,6 +265,8 @@
             href: integer-transformations.md
           - name: JSON
             href: json-transformations.md
+          - name: Phone number
+            href: phone-number-claims-transformations.md
           - name: External accounts
             href: social-transformations.md
           - name: StringCollection
@@ -285,6 +290,9 @@
           items:
           - name: About technical profiles
             href: technical-profiles-overview.md
+          - name: Azure Multi-Factor Authentication
+            href: multi-factor-auth-technical-profile.md
+            displayName: mfa
           - name: Claim resolvers
             href: claim-resolver-overview.md
           - name: Azure Active Directory

articles/active-directory-b2c/TOC.yml

@@ -1,7 +1,7 @@
 ---
 title: Track user behavior with Application Insights
 titleSuffix: Azure AD B2C
-description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies (preview).
+description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
@@ -29,7 +29,7 @@ When you use Azure Active Directory B2C (Azure AD B2C) together with Azure Appli
 
 The Identity Experience Framework in Azure AD B2C includes the provider `Handler="Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0`. It sends event data directly to Application Insights by using the instrumentation key provided to Azure AD B2C.
 
-A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step`, or as a `validation technical profile` in a custom user journey.
+A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step` in a custom user journey.
 
 Application Insights can unify the events by using a correlation ID to record a user session. Application Insights makes the event and session available within seconds and presents many visualization, export, and analytical tools.
 

articles/active-directory-b2c/active-directory-b2c-custom-guide-eventlogger-appins.md

@@ -26,9 +26,6 @@ For B2C tenants, there are two primary modes of communicating with the Graph API
 
 In this article, you learn how to perform the automated use case. You'll build a .NET 4.5 `B2CGraphClient` that performs user create, read, update, and delete (CRUD) operations. The client will have a Windows command-line interface (CLI) that allows you to invoke various methods. However, the code is written to behave in a non-interactive, automated fashion.
 
->[!IMPORTANT]
-> You **must** use the [Azure AD Graph API](../active-directory/develop/active-directory-graph-api-quickstart.md) to manage users in an Azure AD B2C directory. The Azure AD Graph API is different from the Microsoft Graph API. Learn more in this MSDN blog post: [Microsoft Graph or Azure AD Graph](https://blogs.msdn.microsoft.com/aadgraphteam/2016/07/08/microsoft-graph-or-azure-ad-graph/).
-
 ## Prerequisites
 
 Before you can create applications or users, you need an Azure AD B2C tenant. If you don't already have one, [Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md).
@@ -59,8 +56,9 @@ The *Read and write directory data* permission that you granted earlier does **N
 
 If you want to give your application the ability to delete users or update passwords, you need to grant it the *User administrator* role.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and switch to the directory that contains your Azure AD B2C tenant.
-1. Select **Azure AD B2C** in the left menu. Or, select **All services** and then search for and select **Azure AD B2C**.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+1. In the Azure portal, search for and select **Azure AD B2C**.
 1. Under **Manage**, select **Roles and administrators**.
 1. Select the **User administrator** role.
 1. Select **Add assignment**.

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -27,10 +27,10 @@ ms.subservice: B2C
 
 ## Add signing and encryption keys
 
-1. Sign in to the [Azure portal](https://portal.azure.com)
-1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
-1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
-1. On the Overview page, select **Identity Experience Framework** from the **Policies** pane.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+1. In the Azure portal, search for and select **Azure AD B2C**.
+1. On the overview page, under **Policies**, select **Identity Experience Framework**.
 
 ### Create the signing key
 
@@ -73,10 +73,9 @@ To register an application in your Azure AD B2C tenant, you can use the current
 
 #### [Applications](#tab/applications/)
 
-1. Select **All services** in the top-left corner of the Azure portal.
-1. In the search box, enter `Azure Active Directory`.
-1. Select **Azure Active Directory** in the search results.
-1. Under **Manage** in the left-hand menu, select **App registrations (Legacy)**.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. In the Azure portal, search for and select **Azure Active Directory**.
+1. In the **Azure Active Directory** overview menu, under **Manage**, select **App registrations (Legacy)**.
 1. Select **New application registration**.
 1. For **Name**, enter `IdentityExperienceFramework`.
 1. For **Application type**, choose **Web app/API**.

articles/active-directory-b2c/active-directory-b2c-get-started-custom.md

@@ -73,9 +73,9 @@ Azure AD B2C provides functionality to allow users to update their profiles. The
 
 Click **Call API** to make a request to the protected resource.
 
-    ![Call API](media/active-directory-b2c-quickstarts-desktop-app/call-api-wpf.png)
+![Call API](media/active-directory-b2c-quickstarts-desktop-app/call-api-wpf.png)
 
-    The application includes the Azure AD access token in the request to the protected web API resource. The web API sends back the display name contained in the access token.
+The application includes the Azure AD access token in the request to the protected web API resource. The web API sends back the display name contained in the access token.
 
 You've successfully used your Azure AD B2C user account to make an authorized call an Azure AD B2C protected web API.
 

articles/active-directory-b2c/active-directory-b2c-quickstarts-desktop-app.md

@@ -271,6 +271,7 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 | {tenant} | Yes | Name of your Azure AD B2C tenant |
 | {policy} | Yes | The user flow that you want to use to sign the user out of your application. |
 | id_token_hint| No | A previously issued ID token to pass to the logout endpoint as a hint about the end user's current authenticated session with the client. The `id_token_hint` ensures that the `post_logout_redirect_uri` is a registered reply URL in your Azure AD B2C application settings. |
+| client_id | No* | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application.<br><br>\**This is required when using `Application` isolation SSO configuration and _Require ID Token_ in logout request is set to `No`.* |
 | post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you should not register this URL as a reply URL in your Azure AD B2C application settings. |
 | state | No | If a `state` parameter is included in the request, the same value should appear in the response. The application should verify that the `state` values in the request and response are identical. |
 

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -34,9 +34,9 @@ If you are using custom policies, you can ([configure password complexity in a c
 ## Configure password complexity
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directory + subscription** filter in the top menu and choosing the directory that contains your tenant.
-3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
-4. Select **User flows**.
+2. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+3. In the Azure portal, search for and select **Azure AD B2C**.
+4. Select **User flows (policies)**.
 2. Select a user flow, and click **Properties**.
 3. Under **Password complexity**, change the password complexity for this user flow to **Simple**, **Strong**, or **Custom**.
 

articles/active-directory-b2c/active-directory-b2c-reference-password-complexity.md

@@ -43,9 +43,9 @@ To use a QQ account as an identity provider in Azure Active Directory B2C (Azure
 
 ## Configure QQ as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directory + subscription** filter in the top menu and choosing the directory that contains your tenant.
-1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+1. In the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **QQ (Preview)**.
 1. Enter a **Name**. For example, *QQ*.
 1. For the **Client ID**, enter the APP ID of the QQ application that you created earlier.