Merge pull request #251949 from MicrosoftDocs/alexbuckgit/docutune-autopr-20230918-220612-1732385-ignore-build

[BULK] - DocuTune - Rebranding of Azure Active Directory to Microsoft Entra (part 45)

Author: Jill Grant

articles/active-directory/verifiable-credentials/admin-api.md

@@ -20,15 +20,15 @@ ms.author: barclayn
 
 The Microsoft Entra Verified ID Admin API enables you to manage all aspects of the Verifiable Credential service. It offers a way to set up a brand new service, manage and create Verifiable Credential contracts, revoke Verifiable Credentials and completely opt out the service as well.
 
-> The API is intended for developers comfortable with RESTful APIs and enough permissions on the Azure Active Directory tenant to enable the service
+> The API is intended for developers comfortable with RESTful APIs and enough permissions on the Microsoft Entra tenant to enable the service
 
 ## Base URL
 
 The Admin API is server over HTTPS. All URLs referenced in the documentation have the following base: `https://verifiedid.did.msidentity.com`.
 
 ## Authentication
 
-The API is protected through Azure Active Directory and uses OAuth2 bearer tokens. The access token can be for a user or for an application.
+The API is protected through Microsoft Entra ID and uses OAuth2 bearer tokens. The access token can be for a user or for an application.
 
 ### User bearer tokens
 
@@ -1359,4 +1359,4 @@ OK
 ## Next steps
 
 - [Specify the request service REST API issuance request](issuance-request-api.md)
-- [Entra Verified ID Network API](issuance-request-api.md)
+- [Microsoft Entra Verified ID Network API](issuance-request-api.md)

articles/active-directory/verifiable-credentials/credential-design.md

@@ -94,9 +94,9 @@ The rules definition is a simple JSON document that describes important properti
 
 ### Attestations
 
-The following four attestation types are currently available to be configured in the rules definition. They are different ways of providing claims used by the Entra verified ID issuing service to be inserted into a verifiable credential and attest to that information with your decentralized identifier (DID). Multiple attestation types can be used in the rules definition. 
+The following four attestation types are currently available to be configured in the rules definition. They are different ways of providing claims used by the Microsoft Entra Verified ID issuing service to be inserted into a verifiable credential and attest to that information with your decentralized identifier (DID). Multiple attestation types can be used in the rules definition. 
 
-* **ID token**: When this option is configured, you'll need to provide an Open ID Connect configuration URI and include the claims that should be included in the verifiable credential. Users are prompted to 'Sign in' on the Authenticator app to meet this requirement and add the associated claims from their account. To configure this option, see this [how to guide](how-to-use-quickstart-idtoken.md)
+* **ID token**: When this option is configured, you'll need to provide an OpenID Connect configuration URI and include the claims that should be included in the verifiable credential. Users are prompted to 'Sign in' on the Authenticator app to meet this requirement and add the associated claims from their account. To configure this option, see this [how to guide](how-to-use-quickstart-idtoken.md)
 
 
 * **ID token hint**: The sample App and Tutorial use the ID token Hint. When this option is configured, the relying party app will need to provide claims that should be included in the verifiable credential in the Request Service API issuance request. Where the relying party app gets the claims from is up to the app, but it can come from the current sign-in session, from backend CRM systems or even from self asserted user input. To configure this option, please see this [how to guide](how-to-use-quickstart.md)

articles/active-directory/verifiable-credentials/decentralized-identifier-overview.md

@@ -82,7 +82,7 @@ Enables real people to use decentralized identities and Verifiable Credentials.
 **4. Microsoft Resolver**.
 An API that looks up and resolves DIDs using the ```did:web``` or the ```did:ion``` methods and returns the DID Document Object (DDO). The DDO includes DPKI metadata associated with the DID such as public keys and service endpoints. 
 
-**5. Entra Verified ID Service**.
+**5. Microsoft Entra Verified ID Service**.
 An issuance and verification service in Azure and a REST API for [W3C Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) that are signed with the ```did:web``` or the ```did:ion``` method. They enable identity owners to generate, present, and verify claims. This forms the basis of trust between users of the systems.
 
 ## A sample scenario
@@ -126,7 +126,7 @@ The user is the person or entity that is requesting a VC. For example, Alice is
 The verifier is a company or entity who needs to verify claims from one or more issuers they trust. For example, Proseware trusts Woodgrove, Inc. does an adequate job of verifying their employees’ identity and issuing authentic and valid VCs. When Alice tries to order the equipment she needs for her job, Proseware will use open standards such as SIOP and Presentation Exchange to request credentials from the User proving they are an employee of Woodgrove, Inc. For example, Proseware might provide Alice a link to a website with a QR code she scans with her phone camera. This initiates the request for a specific VC, which Authenticator will analyze and give Alice the ability to approve the request to prove her employment to Proseware. Proseware can use the verifiable credentials service API or SDK, to verify the authenticity of the verifiable presentation. Based on the information provided by Alice they give Alice the discount. If other companies and organizations know that Woodgrove, Inc. issues VCs to their employees, they can also create a verifier solution and use the Woodgrove, Inc. verifiable credential to provide special offers reserved for Woodgrove, Inc. employees.
 
 > [!NOTE]
-> The verifier can use open standards to perform the presentation and verification, or simply [configure their own Azure AD tenant](verifiable-credentials-configure-tenant.md) to let the Azure AD Verifiable Credentials service perform most of the work.
+> The verifier can use open standards to perform the presentation and verification, or simply [configure their own Microsoft Entra tenant](verifiable-credentials-configure-tenant.md) to let the Microsoft Entra Verified ID service perform most of the work.
 
 ## Next steps
 

articles/active-directory/verifiable-credentials/how-to-create-a-free-developer-account.md

@@ -1,5 +1,5 @@
 ---
-title: Create a free Azure Active Directory developer tenant
+title: Create a free Microsoft Entra developer tenant
 description: This article shows you how to create a developer account.
 services: active-directory
 author: barclayn
@@ -9,22 +9,24 @@ ms.subservice: verifiable-credentials
 ms.topic: how-to
 ms.date: 01/26/2023
 ms.author: barclayn
-# Customer intent: As a developer, I want to learn how to create a developer Azure Active Directory account so I can participate in the preview with a P2 license. 
+# Customer intent: As a developer, I want to learn how to create a developer Microsoft Entra account so I can participate in the preview with a P2 license. 
 ---
 
 # Microsoft Entra Verified ID developer information
 
 [!INCLUDE [Verifiable Credentials announcement](../../../includes/verifiable-credentials-brand.md)]
 
 > [!NOTE]
-> The requirement of an Azure Active Directory (Azure AD) P2 license was removed in early May 2001. The Azure AD Free tier is now supported. 
+> The requirement of a Microsoft Entra ID P2 license was removed in early May 2001. The Microsoft Entra ID Free tier is now supported. 
 
-## Create an Azure AD tenant for development
+<a name='create-an-azure-ad-tenant-for-development'></a>
 
- With a free Azure Active Directory account, you can onboard the verifiable credential service and test issuing and verifying verifiable credentials. Create a free account in either of two ways:
+## Create a Microsoft Entra tenant for development
 
-- [Join the free Microsoft 365 Developer Program](https://aka.ms/o365devprogram), and get a free sandbox, tools, and other resources (for example, an Azure AD account with P2 licenses, configured users, groups, and mailboxes).
-- [Create a new tenant](../develop/quickstart-create-new-tenant.md) and [activate a free trial of Azure AD Premium P1 or P2](https://azure.microsoft.com/trial/get-started-active-directory/) in your new tenant.
+ With a free Microsoft Entra account, you can onboard the verifiable credential service and test issuing and verifying verifiable credentials. Create a free account in either of two ways:
+
+- [Join the free Microsoft 365 Developer Program](https://aka.ms/o365devprogram), and get a free sandbox, tools, and other resources (for example, a Microsoft Entra account with P2 licenses, configured users, groups, and mailboxes).
+- [Create a new tenant](../develop/quickstart-create-new-tenant.md) and [activate a free trial of Microsoft Entra ID P1 or P2](https://azure.microsoft.com/trial/get-started-active-directory/) in your new tenant.
 
 If you decide to sign up for the free Microsoft 365 developer program, you need to follow a few easy steps:
 
@@ -41,7 +43,7 @@ If you decide to sign up for the free Microsoft 365 developer program, you need
 1. Enter the security information needed to protect the administrator account of your new tenant. This sets up multifactor authentication for the account.
 
 
-At this point, you've created a tenant with 25 E5 user licenses. The E5 licenses include Azure AD P2 licenses. Optionally, you can add sample data packs with users, groups, mail, and SharePoint to help you test in your development environment. For the verifiable credential issuing service, they're not required.
+At this point, you've created a tenant with 25 E5 user licenses. The E5 licenses include Microsoft Entra ID P2 licenses. Optionally, you can add sample data packs with users, groups, mail, and SharePoint to help you test in your development environment. For the verifiable credential issuing service, they're not required.
 
 For your convenience, you could add your own work account as [guest](../external-identities/b2b-quickstart-add-guest-users-portal.md) in the newly created tenant and use that account to administer the tenant. If you want the guest account to be able to manage the verifiable credential service, you need to assign the *Global Administrator* role to that user.
 

articles/active-directory/verifiable-credentials/how-to-issuer-revoke.md

@@ -1,5 +1,5 @@
 ---
-title: How to Revoke a Verifiable Credential as an Issuer - Entra Verified ID
+title: How to Revoke a Verifiable Credential as an Issuer - Microsoft Entra Verified ID
 description: Learn how to revoke a Verifiable Credential that you've issued
 documentationCenter: ''
 author: barclayn

articles/active-directory/verifiable-credentials/how-to-opt-out.md

@@ -1,6 +1,6 @@
 ---
 title: Opt out of Microsoft Entra Verified ID
-description: Learn how to Opt Out of Entra Verified ID
+description: Learn how to Opt Out of Microsoft Entra Verified ID
 documentationCenter: ''
 author: barclayn
 manager: amycolannino
@@ -31,7 +31,7 @@ In this article:
 
 ## When do you need to opt out?
 
-Opting out is a one-way operation. After you opt-out, your Entra Verified ID environment is reset. Opting out may be required to:
+Opting out is a one-way operation. After you opt-out, your Microsoft Entra Verified ID environment is reset. Opting out may be required to:
 
 - Enable new service capabilities.
 - Reset your service configuration.

articles/active-directory/verifiable-credentials/how-to-use-quickstart-idtoken.md

@@ -135,17 +135,17 @@ The claims mapping in the following example requires that you configure the toke
 
 ## Application registration
 
-The clientId attribute is the application ID of a registered application in the OIDC identity provider. For Azure Active Directory, you create the application by doing the following:
+The clientId attribute is the application ID of a registered application in the OIDC identity provider. For Microsoft Entra ID, you create the application by doing the following:
 
-1. In the Azure portal, go to [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps).
+1. In the Azure portal, go to [Microsoft Entra ID](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps).
 
 1. Select **App registrations**, select **New registration**, and then give the app a name. 
 
    If you want only accounts in your tenant to be able to sign in, keep the **Accounts in this directory only** checkbox selected. 
 
 1. In **Redirect URI (optional)**, select **Public client/native (mobile & desktop)**, and then enter **vcclient://openid/**.
 
-If you want to be able to test what claims are in the Azure Active Directory ID token, do the following:
+If you want to be able to test what claims are in the Microsoft Entra token, do the following:
 
 1. On the left pane, select **Authentication**> **Add platform** > **Web**.
 
@@ -155,7 +155,7 @@ If you want to be able to test what claims are in the Azure Active Directory ID
 
 After you've finished testing your ID token, consider removing **https://jwt.ms** and the support for **implicit and hybrid flows**.
 
-**For Azure Active Directory**: You can test your app registration and, if you've enabled support for redirecting to **https://jwt.ms**, you can get an ID token by running the following in your browser: 
+**For Microsoft Entra ID**: You can test your app registration and, if you've enabled support for redirecting to **https://jwt.ms**, you can get an ID token by running the following in your browser: 
 
 ```http
 https://login.microsoftonline.com/<your-tenantId>/oauth2/v2.0/authorize?client_id=<your-appId>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid%20profile&response_type=id_token&prompt=login
@@ -171,7 +171,7 @@ Claims must exist in the returned identity provider so that they can successfull
 
 If the claims don't exist, there's no value in the issued verifiable credential. Most OIDC identity providers don't issue a claim in an ID token if the claim has a null value in your profile. Be sure to include the claim in the ID token definition, and ensure that you've entered a value for the claim in your user profile.
 
-**For Azure Active Directory**: To configure the claims to include in your token, see [Provide optional claims to your app](../develop/optional-claims.md). The configuration is per application, so this configuration should be for the app that has the application ID specified in the client ID in the rules definition.
+**For Microsoft Entra ID**: To configure the claims to include in your token, see [Provide optional claims to your app](../develop/optional-claims.md). The configuration is per application, so this configuration should be for the app that has the application ID specified in the client ID in the rules definition.
 
 To match the display and rules definitions, you should make your application's optionalClaims JSON look like the following:
 

articles/active-directory/verifiable-credentials/how-to-use-quickstart-verifiedemployee.md

@@ -17,7 +17,7 @@ ms.date: 06/22/2022
 
 [!INCLUDE [Verifiable Credentials announcement](../../../includes/verifiable-credentials-brand.md)]
 
-In this guide, you'll create a credential where the claims come from a user profile in the directory of the Azure AD tenant. With directory based claims you can create Verifiable Credentials of type VerifiedEmployee, if the users in the directory are employees.
+In this guide, you'll create a credential where the claims come from a user profile in the directory of the Microsoft Entra tenant. With directory based claims you can create Verifiable Credentials of type VerifiedEmployee, if the users in the directory are employees.
 
 In this article, you learn how to:
 
@@ -39,7 +39,7 @@ In this article, you learn how to:
 
 If you already have a test user, you can skip this section. If you want to create a test user, follow the steps below:
 
-1. As an **User Admin**, navigate to the Azure Active Directory in the [Azure portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/UsersManagementMenuBlade/~/MsGraphUsers)
+1. As an **User Admin**, navigate to the Microsoft Entra ID in the [Azure portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/UsersManagementMenuBlade/~/MsGraphUsers)
 1. Select **Users** and **+ New user**, then keep selection on [x] Create user
 1. Fill in **User name**, **Name**, **First name** and **Last name**. 
 1. Check **[x] Show Password** and copy the temporary password to somewhere, like Notepad, then select the Create button
@@ -55,7 +55,7 @@ Your test user needs to have Microsoft Authenticator setup for the account. To e
 
 1. On your mobile test device, open Microsoft Authenticator, go to the Authenticator tab at the bottom and tap **+**  sign to **Add account**. Select **Work or school account** 
 1. At the prompt, select **Sign in**. Don't select “Scan QR code”
-1. Sign in with the test user’s credentials in the Azure AD tenant
+1. Sign in with the test user’s credentials in the Microsoft Entra tenant
 1. Authenticator will launch [https://aka.ms/mfasetup](https://aka.ms/mfasetup) in the browser on your mobile device.   need to sign in again with your test users credentials.
 1. In the **Set up your account in the app**, select **Pair your account to the app by clicking this link**. The Microsoft Authenticator app and opens and you see your test user as an added account
 
@@ -73,7 +73,7 @@ In the next screen, you enter some of the Display definitions, like logo url, te
 
 ## Claims schema for Verified employee credential
 
-All of the claims in the Verified employee credential come from attributes in the [user's profile](/graph/api/resources/user) in Azure AD for the issuing tenant. You can't modify the set of claims. All claims, except photo, come from the Microsoft Graph Query [https://graph.microsoft.com/v1.0/me](/graph/api/user-get). The photo claim comes from the value returned from the Microsoft Graph Query [https://graph.microsoft.com/v1.0/me/photo/$value.](/graph/api/profilephoto-get)
+All of the claims in the Verified employee credential come from attributes in the [user's profile](/graph/api/resources/user) in Microsoft Entra ID for the issuing tenant. You can't modify the set of claims. All claims, except photo, come from the Microsoft Graph Query [https://graph.microsoft.com/v1.0/me](/graph/api/user-get). The photo claim comes from the value returned from the Microsoft Graph Query [https://graph.microsoft.com/v1.0/me/photo/$value.](/graph/api/profilephoto-get)
 
 | Claim | Directory attribute | Value  |
 |---------|---------|---------|
@@ -86,9 +86,9 @@ All of the claims in the Verified employee credential come from attributes in th
 | `mail` | `mail` | The user's email address. The `mail` value isn't the same as the UPN. It's also an attribute that doesn't have a value by default. 
 | `photo` | `photo` | The uploaded photo for the user. The image type should be JPEG and the maximum size is 2MB. When presenting the photo claim to a verifier, the photo claim is in the UrlEncode(Base64Encode(photo)) format. To use the photo, the verifier application has to Base64Decode(UrlDecode(photo)).
 
-See full Azure AD user profile [properties reference](/graph/api/resources/user).
+See full Microsoft Entra user profile [properties reference](/graph/api/resources/user).
 
-If attribute values change in the user's Azure AD profile, the VC isn't automatically reissued. You must reissue it manually. Issuance would be the same as the issuance process when working with the samples.
+If attribute values change in the user's Microsoft Entra profile, the VC isn't automatically reissued. You must reissue it manually. Issuance would be the same as the issuance process when working with the samples.
 
 ## Configure the samples to issue and verify your VerifiedEmployee credential
 
@@ -116,4 +116,4 @@ The configuration file depends on the sample in-use.
 
 ## Next steps
 
-Learn [how to customize your verifiable credentials](credential-design.md).
+Learn [how to customize your verifiable credentials](credential-design.md).