Merge branch 'MicrosoftDocs:main' into customContainer

Author: msangapu-msft

articles/active-directory-b2c/configure-authentication-sample-ios-app.md

@@ -6,7 +6,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
-ms.topic: reference
+ms.topic: how-to
 ms.date: 01/06/2023
 ms.author: kengaderdus
 ms.subservice: B2C

articles/active-directory-b2c/custom-policy-overview.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 
 ms.service: active-directory
 ms.workload: identity
-ms.topic: reference
+ms.topic: overview
 ms.date: 01/10/2023
 ms.author: kengaderdus
 ms.subservice: B2C

articles/active-directory-b2c/enable-authentication-web-api.md

@@ -6,7 +6,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
-ms.topic: reference
+ms.topic: how-to
 ms.date: 01/10/2023
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -262,7 +262,7 @@ Add two endpoints to your web API:
 
 # [ASP.NET Core](#tab/csharpclient)
 
-Under the */Controllers* folder, add a *PublicController.cs* file, and then add to it the following code snippet:
+Under the */Controllers* folder, add a *PublicController.cs* file, and then add it to the following code snippet:
 
 ```csharp
 using System;
@@ -307,7 +307,7 @@ app.get('/public', (req, res) => res.send( {'date': new Date() } ));
 
 # [ASP.NET Core](#tab/csharpclient)
 
-Under the */Controllers* folder, add a *HelloController.cs* file, and then add to it the following code:
+Under the */Controllers* folder, add a *HelloController.cs* file, and then add it to the following code:
 
 ```csharp
 using Microsoft.AspNetCore.Authorization;
@@ -438,7 +438,7 @@ In the *appsettings.json* file, update the following properties:
 
 # [Node.js](#tab/nodejsgeneric)
 
-Under the project root folder, create a *config.json* file, and then add to it the following JSON snippet:  
+Under the project root folder, create a *config.json* file, and then add it to the following JSON snippet:  
 
 ```json
 {

articles/active-directory-b2c/index.yml

@@ -16,7 +16,7 @@ metadata:
   ms.collection: collection
   author: kengaderdus
   ms.author: kengaderdus
-  ms.date: 12/14/2022
+  ms.date: 03/08/2023
 
 ## FRONT MATTER END
 
@@ -219,6 +219,9 @@ conceptualContent:
           - text: Customize user experiences using custom policies
             url: add-sign-up-and-sign-in-policy.md?pivots=b2c-custom-policy            
             itemType: how-to-guide 
+          - text: Custom policy how-to guide series
+            url: custom-policies-series-overview.md            
+            itemType: how-to-guide
           # - text: Use API connectors 
             # url: add-api-connector.md?pivots=b2c-user-flow
             # itemType: how-to-guide                     
@@ -330,38 +333,38 @@ conceptualContent:
 
 ## BAND 4 - TOOLS ###########################################################################################################################################
 tools:
-  title: Easy app integration with Microsoft Authentication Libraries (MSAL)
+  title:  Use Microsoft Authentication Libraries (MSAL) for easy app integration
   summary: >
-    GitHub hosts the open-source Microsoft Authentication Library (MSAL). Microsoft builds and supports MSAL. Access and use our MSAL samples for the most popular programming languages and frameworks. 
+    GitHub hosts the open-source Microsoft Authentication Library (MSAL). Microsoft builds and supports MSAL. We recommend MSAL for any app type that uses Azure AD B2C for authentication and authorization. 
   items:
   ## ROW 1 ######################
   - title: MSAL.NET
-    url: https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
     imageSrc: https://docs.microsoft.com/media/logos/logo_Csharp.svg
   - title: MSAL Android
-    url: https://github.com/Azure-Samples/ms-identity-android-java#b2cmodefragment-class
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-android
     imageSrc: ../active-directory/develop/media/hub/android.svg
   - title: MSAL Angular
-    url: https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular
     imageSrc: ../active-directory/develop/media/hub/angular.svg
   ## ROW 2 ######################
   - title: MSAL iOS
-    url: https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-objc
     imageSrc: https://docs.microsoft.com/media/logos/logo_ios.svg
   - title: MSAL Java
-    url: https://github.com/Azure-Samples/ms-identity-msal-java-samples/tree/main/1.%20Server-Side%20Scenarios/msal-b2c-web-sample
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-java
     imageSrc: https://docs.microsoft.com/media/logos/logo_java.svg
   - title: MSAL.js
-    url: https://github.com/Azure-Samples/ms-identity-b2c-javascript-spa
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser
     imageSrc: https://docs.microsoft.com/media/logos/logo_js.svg
   ## ROW 3 ######################
   - title: MSAL Node
-    url: https://github.com/Azure-Samples/active-directory-b2c-msal-node-sign-in-sign-out-webapp
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node
     imageSrc: ../active-directory/develop/media/hub/node.svg
   - title: MSAL Python
-    url: https://github.com/Azure-Samples/ms-identity-python-webapp
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-python
     imageSrc: https://docs.microsoft.com/media/logos/logo_python.svg
   - title: MSAL React
-    url: https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/tree/main/3-Authorization-II/2-call-api-b2c
+    url: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-react
     imageSrc: ../active-directory/develop/media/hub/react.svg
 ## BAND 4 - TOOLS END #######################################################################################################################################

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 03/07/2023
+ms.date: 03/08/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -222,7 +222,7 @@ Use the general guidelines when implementing a SCIM endpoint to ensure compatibi
 * If a value isn't present, don't send null values.
 * Property values should be camel cased (for example, readWrite).
 * Must return a list response.
-* The Azure AD Provisioning Service makes the /schemas request every time someone saves the provisioning configuration in the Azure portal or every time a user lands on the edit provisioning page in the Azure portal. Other attributes discovered are surfaced to customers in the attribute mappings under the target attribute list. Schema discovery only leads to more target attributes being added. Attributes aren't removed. 
+* The Azure AD Provisioning Service makes the /schemas request when you save the provisioning configuration in the Azure portal. The request is also made when you open the edit provisioning page in the Azure portal. Other attributes discovered are surfaced to customers in the attribute mappings under the target attribute list. Schema discovery only leads to more target attributes being added. Attributes aren't removed. 
 
 ### User provisioning and deprovisioning
 
@@ -275,7 +275,7 @@ This article provides example SCIM requests emitted by the Azure Active Director
 
 ### User Operations
 
-* Users can be queried by `userName` or `emails[type eq "work"]` attributes.  
+* Use `userName` or `emails[type eq "work"]` attributes to query users.  
 
 #### Create User
 
@@ -606,8 +606,8 @@ This article provides example SCIM requests emitted by the Azure Active Director
 
 ### Group Operations
 
-* Groups shall always be created with an empty members list.
-* Groups can be queried by the `displayName` attribute.
+* Groups are created with an empty members list.
+* Use the `displayName` attribute to query groups.
 * Update to the group PATCH request should yield an *HTTP 204 No Content* in the response. Returning a body with a list of all the members isn't advisable.
 * It isn't necessary to support returning all the members of the group.
 
@@ -924,7 +924,7 @@ Now that you've designed your schema and understood the Azure AD SCIM implementa
 
 For guidance on how to build a SCIM endpoint including examples, see [Develop a sample SCIM endpoint](use-scim-to-build-users-and-groups-endpoints.md).
 
-The open source .NET Core [reference code example](https://aka.ms/SCIMReferenceCode) published by the Azure AD provisioning team is one such resource that can jump start your development. Once you have built your SCIM endpoint, you'll want to test it out. You can use the collection of [Postman tests](https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint) provided as part of the reference code or run through the sample requests / responses provided [above](#user-operations).  
+The open source .NET Core [reference code example](https://aka.ms/SCIMReferenceCode) published by the Azure AD provisioning team is one such resource that can jump start your development. Build a SCIM endpoint, then test it out. Use the collection of [Postman tests](https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint) provided as part of the reference code or run through the sample requests / responses [provided](#user-operations).  
 
    > [!Note]
    > The reference code is intended to help you get started building your SCIM endpoint and is provided "AS IS." Contributions from the community are welcome to help build and maintain the code.
@@ -968,7 +968,7 @@ The SCIM endpoint must have an HTTP address and server authentication certificat
 * WoSign
 * DST Root CA X3
 
-The .NET Core SDK includes an HTTPS development certificate that can be used during development, the certificate is installed as part of the first-run experience. Depending on how you run the ASP.NET Core Web Application it will listen to a different port:
+The .NET Core SDK includes an HTTPS development certificate that is used during development. The certificate is installed as part of the first-run experience. Depending on how you run the ASP.NET Core Web Application it listens to a different port:
 
 * Microsoft.SCIM.WebHostSample: `https://localhost:5001`
 * IIS Express: `https://localhost:44359`
@@ -1351,10 +1351,10 @@ Once the initial cycle has started, you can select **Provisioning logs** in the
 
 ## Publish your application to the Azure AD application gallery
 
-If you're building an application that will be used by more than one tenant, you can make it available in the Azure AD application gallery. It's easy for organizations to discover the application and configure provisioning. Publishing your app in the Azure AD gallery and making provisioning available to others is easy. Check out the steps [here](../manage-apps/v2-howto-app-gallery-listing.md). Microsoft will work with you to integrate your application into our gallery, test your endpoint, and release onboarding [documentation](../saas-apps/tutorial-list.md) for customers to use.
+If you're building an application used by more than one tenant, make it available in the Azure AD application gallery. It's easy for organizations to discover the application and configure provisioning. Publishing your app in the Azure AD gallery and making provisioning available to others is easy. Check out the steps [here](../manage-apps/v2-howto-app-gallery-listing.md). Microsoft works with you to integrate your application into the gallery, test your endpoint, and release onboarding [documentation](../saas-apps/tutorial-list.md) for customers.
 
 ### Gallery onboarding checklist
-Use the checklist to onboard your application quickly and customers have a smooth deployment experience. The information will be gathered from you when onboarding to the gallery. 
+Use the checklist to onboard your application quickly and customers have a smooth deployment experience. The information is gathered from you when onboarding to the gallery. 
 > [!div class="checklist"]
 > * Support a [SCIM 2.0](#understand-the-azure-ad-scim-implementation) user and group endpoint (Only one is required but both are recommended)
 > * Support at least 25 requests per second per tenant to ensure that users and groups are provisioned and deprovisioned without delay (Required)
@@ -1418,7 +1418,7 @@ Best practices (recommended, but not required):
 > [!NOTE]
 > While it's not possible to setup OAuth on the non-gallery applications, you can manually generate an access token from your authorization server and input it as the secret token to a non-gallery application. This allows you to verify compatibility of your SCIM server with the Azure AD Provisioning Service before onboarding to the app gallery, which does support the OAuth code grant.  
 
-**Long-lived OAuth bearer tokens:** If your application doesn't support the OAuth authorization code grant flow, instead generate a long lived OAuth bearer token that an administrator can use to set up the provisioning integration. The token should be perpetual, or else the provisioning job will be [quarantined](application-provisioning-quarantine-status.md) when the token expires.
+**Long-lived OAuth bearer tokens:** If your application doesn't support the OAuth authorization code grant flow, instead generate a long lived OAuth bearer token that an administrator can use to set up the provisioning integration. The token should be perpetual, or else the provisioning job is [quarantined](application-provisioning-quarantine-status.md) when the token expires.
 
 For more authentication and authorization methods, let us know on [UserVoice](https://aka.ms/appprovisioningfeaturerequest).
 

articles/active-directory/develop/howto-add-terms-of-service-privacy-statement.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 09/27/2021
+ms.date: 03/07/2023
 ms.author: ryanwi
 ms.reviewer: sureshja
 ms.custom: aaddev
@@ -56,7 +56,7 @@ Follow these steps in the Azure portal.
 
 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a> and select the correct Azure AD tenant(not B2C).
 2. Navigate to the **App registrations** section and select your app.
-3. Under **Manage**, select **Branding**.
+3. Under **Manage**, select **Branding & properties**.
 4. Fill out the **Terms of service URL** and **Privacy statement URL** fields.
 5. Select **Save**.
 
@@ -66,10 +66,10 @@ Follow these steps in the Azure portal.
 
 If you prefer to modify the app object JSON directly, you can use the manifest editor in the Azure portal or Application Registration Portal to include links to your app's terms of service and privacy statement.
 
-1. Navigating to the **App Registrations** section and select your app.
+1. Navigate to the **App Registrations** section and select your app.
 2. Open the **Manifest** pane.
 3. Ctrl+F, Search for "informationalUrls". Fill in the information.
-4. Save your changes.
+4. Save your changes by downloading the app manifest, modifying it, and uploading it.
 
 ```json
     "informationalUrls": { 
@@ -80,12 +80,12 @@ If you prefer to modify the app object JSON directly, you can use the manifest e
 
 ### <a name="msgraph-rest-api"></a>Using the Microsoft Graph API
 
-To programmatically update all your apps, you can use the Microsoft Graph API to update all your apps to include links to the terms of service and privacy statement documents.
+To programmatically [update your app](/graph/api/application-update?view=graph-rest-1.0&tabs=http), you can use the Microsoft Graph API to update all your apps to include links to the terms of service and privacy statement documents.
 
 ```
-PATCH https://graph.microsoft.com/v1.0/applications/{application id}
+PATCH https://graph.microsoft.com/v1.0/applications/{applicationObjectId}
 { 
-    "appId": "{your application id}", 
+    "appId": "{your application object id}", 
     "info": { 
         "termsOfServiceUrl": "<your_terms_of_service_url>", 
         "supportUrl": null, 

articles/active-directory/develop/reply-url.md

@@ -116,7 +116,7 @@ To add a redirect URI that uses the `http` scheme with the `127.0.0.1` loopback
 
 ## Restrictions on wildcards in redirect URIs
 
-Wildcard URIs like `https://*.contoso.com` may seem convenient, but should be avoided due to security implications. According to the OAuth 2.0 specification ([section 3.1.2 of RFC 6749](https://tools.ietf.org/html/rfc6749#section-3.1.2)), a redirection endpoint URI must be an absolute URI.
+Wildcard URIs like `https://*.contoso.com` may seem convenient, but should be avoided due to security implications. According to the OAuth 2.0 specification ([section 3.1.2 of RFC 6749](https://tools.ietf.org/html/rfc6749#section-3.1.2)), a redirection endpoint URI must be an absolute URI. As such, when a configured wildcard URI matches a redirect URI, query strings and fragments in the redirect URI are stripped.
 
 Wildcard URIs are currently unsupported in app registrations configured to sign in personal Microsoft accounts and work or school accounts. Wildcard URIs are allowed, however, for apps that are configured to sign in only work or school accounts in an organization's Azure AD tenant.
 

articles/active-directory/fundamentals/security-operations-introduction.md

@@ -82,7 +82,7 @@ Microsoft has many products and services that enable you to customize your IT en
   * [Monitor sign-ins with the Azure AD sign-in log](../reports-monitoring/concept-all-sign-ins.md)
   * [Audit activity reports in the Azure Active Directory portal](../reports-monitoring/concept-audit-logs.md)
   * [Investigate risk with Azure Active Directory Identity Protection](../identity-protection/howto-identity-protection-investigate-risk.md) 
-  * [Connect Azure AD Identity Protection data to Microsoft Sentinel](../../sentinel/data-connectors-reference.md#azure-active-directory-identity-protection)
+  * [Connect Azure AD Identity Protection data to Microsoft Sentinel](../../sentinel/data-connectors/azure-active-directory-identity-protection.md)
 
 * Active Directory Domain Services (AD DS)
 

articles/active-directory/identity-protection/howto-export-risk-data.md

@@ -69,14 +69,14 @@ Azure Event Hubs can look at incoming data from sources like Azure AD Identity P
 
 ## Other options
 
-Organizations can choose to [connect Azure AD data to Microsoft Sentinel](../../sentinel/data-connectors-reference.md#azure-active-directory-identity-protection) as well for further processing.
+Organizations can choose to [connect Azure AD data to Microsoft Sentinel](../../sentinel/data-connectors/azure-active-directory-identity-protection.md) as well for further processing.
 
 Organizations can use the [Microsoft Graph API to programatically interact with risk events](howto-identity-protection-graph-api.md).
 
 ## Next steps
 
 - [What is Azure Active Directory monitoring?](../reports-monitoring/overview-monitoring.md)
 - [Install and use the log analytics views for Azure Active Directory](../reports-monitoring/howto-install-use-log-analytics-views.md)
-- [Connect data from Azure Active Directory (Azure AD) Identity Protection](../../sentinel/data-connectors-reference.md#azure-active-directory-identity-protection)
+- [Connect data from Azure Active Directory (Azure AD) Identity Protection](../../sentinel/data-connectors/azure-active-directory-identity-protection.md)
 - [Azure Active Directory Identity Protection and the Microsoft Graph PowerShell SDK](howto-identity-protection-graph-api.md)
 - [Tutorial: Stream Azure Active Directory logs to an Azure event hub](../reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md)