Merge pull request #187612 from MicrosoftDocs/master

2/04 PM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -755,14 +755,29 @@
             "redirect_url": "/azure/active-directory/active-directory-b2b-admin-add-users",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/external-identities/delegate-invitations.md",
+            "redirect_url": "/azure/active-directory/external-identities/external-collaboration-settings-configure",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/external-identities/conditional-access.md",
+            "redirect_url": "/azure/active-directory/external-identities/authentication-conditional-access",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/external-identities/compare-with-b2c.md",
+            "redirect_url": "/azure/active-directory/external-identities/external-identities-overview",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/active-directory/external-identities/add-guest-to-role.md",
             "redirect_url": "/azure/active-directory/external-identities/add-users-administrator",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-compare-external-identities.md",
-            "redirect_url": "/azure/active-directory/active-directory-b2b-compare-b2c",
+            "redirect_url": "/azure/active-directory/external-identities/external-identities-overview",
             "redirect_document_id": false
         },
         {
@@ -1827,13 +1842,13 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-compare-b2c.md",
-            "redirect_url": "/azure/active-directory/b2b/compare-with-b2c",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/external-identities/external-identities-overview",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-mfa-instructions.md",
             "redirect_url": "/azure/active-directory/b2b/conditional-access",
-            "redirect_document_id": true
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-configure-saas-apps.md",
@@ -1852,8 +1867,8 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-delegate-invitations.md",
-            "redirect_url": "/azure/active-directory/b2b/delegate-invitations",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/external-identities/external-collaboration-settings-configure",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/active-directory-b2b-faq.md",
@@ -3822,13 +3837,13 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/b2b/compare-with-b2c.md",
-            "redirect_url": "/azure/active-directory/external-identities/compare-with-b2c",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/external-identities/external-identities-overview",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/b2b/conditional-access.md",
-            "redirect_url": "/azure/active-directory/external-identities/conditional-access",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/external-identities/authentication-conditional-access",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/b2b/configure-saas-apps.md",
@@ -3847,8 +3862,8 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/b2b/delegate-invitations.md",
-            "redirect_url": "/azure/active-directory/external-identities/delegate-invitations",
-            "redirect_document_id": true
+            "redirect_url": "/azure/active-directory/external-identities/external-collaboration-settings-configure",
+            "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/b2b/direct-federation.md",

.openpublishing.redirection.azure-sql.json

@@ -179,6 +179,11 @@
             "source_path_from_root": "/articles/azure-sql/database/job-automation-managed-instances.md",
             "redirect_url": "/azure/azure-sql/managed-instance/job-automation-managed-instance",
             "redirect_document_id": true
-        }                                                                                                                        
+        },   
+        {
+            "source_path": "articles/azure-sql/database/service-tiers-general-purpose-business-critical.md",
+            "redirect_url": "/azure/azure-sql/database/service-tiers-vcore",
+            "redirect_document_id": false
+        }                                                                                                                  
     ]
 }

articles/active-directory-b2c/TOC.yml

@@ -52,7 +52,7 @@
 - name: Concepts
   items:
   - name: Compare solutions for External Identities
-    href: ../active-directory/external-identities/compare-with-b2c.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
+    href: ../active-directory/external-identities/external-identities-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
   - name: Learn authentication basics
     items:
     - name: Authentication and authorization

articles/active-directory-b2c/faq.yml

@@ -131,7 +131,7 @@ sections:
       - question: |
           Should I use Azure AD B2C or B2B to manage external identities?
         answer: |
-          Read [Compare B2B collaboration and B2C in Azure AD](../active-directory/external-identities/compare-with-b2c.md) to learn more about applying the appropriate features to your external identity scenarios.
+          Read [Compare solutions for External Identities](../active-directory/external-identities/external-identities-overview.md) to learn more about applying the appropriate features to your external identity scenarios.
           
       - question: |
           What reporting and auditing features does Azure AD B2C provide? Are they the same as in Azure AD Premium?

articles/active-directory-b2c/index.yml

@@ -29,7 +29,7 @@ landingContent:
           - text: What is Azure AD B2C?
             url: overview.md
           - text: Compare solutions for External Identities
-            url: ../active-directory/external-identities/compare-with-b2c.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
+            url: ../active-directory/external-identities/external-identities-overview.md?bc=%2fazure%2factive-directory-b2c%2fbread%2ftoc.json&toc=%2fazure%2factive-directory-b2c%2fTOC.json
           - text: Get started with Azure AD B2C
             url: tutorial-create-tenant.md
           - text: Technical and feature overview

articles/active-directory/authentication/howto-sspr-deployment.md

@@ -86,7 +86,6 @@ For more information about pricing, see [Azure Active Directory pricing](https:/
 | |[Azure AD password reset from the login screen for Windows 10](./howto-sspr-windows.md) |
 | FAQ|[Password management frequently asked questions](./active-directory-passwords-faq.yml) |
 
-
 ### Solution architecture
 
 The following example describes the password reset solution architecture for common hybrid environments.
@@ -109,8 +108,6 @@ You can help users register quickly by deploying SSPR alongside another popular
 
 Before deploying SSPR, you may opt to determine the number and the average cost of each password reset call. You can use this data post deployment to show the value SSPR is bringing to the organization.
 
-#### Enable combined registration for SSPR and MFA
-
 ### Combined registration for SSPR and Azure AD Multi-Factor Authentication
 
 We recommend that organizations use the [combined registration experience for Azure AD Multi-Factor Authentication and self-service password reset (SSPR)](howto-registration-mfa-sspr-combined.md). SSPR allows users to reset their password in a secure way using the same methods they use for Azure AD Multi-Factor Authentication. Combined registration is a single step for end users. To make sure you understand the functionality and end-user experience, see the [Combined security information registration concepts](concept-registration-mfa-sspr-combined.md).

articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 06/15/2021
+ms.date: 02/03/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -108,12 +108,21 @@ The Microsoft Azure Management application includes multiple services.
    - Classic deployment model APIs
    - Azure PowerShell
    - Azure CLI
-   - Visual Studio subscriptions administrator portal
    - Azure DevOps
    - Azure Data Factory portal
+   - Azure Event Hubs
+   - Azure Service Bus
+   - [Azure SQL Database](../../azure-sql/database/conditional-access-configure.md)
+   - SQL Managed Instance
+   - Azure Synapse
+   - Visual Studio subscriptions administrator portal
 
 > [!NOTE]
-> The Microsoft Azure Management application applies to Azure PowerShell, which calls the Azure Resource Manager API. It does not apply to Azure AD PowerShell, which calls Microsoft Graph.
+> The Microsoft Azure Management application applies to [Azure PowerShell](/powershell/azure/what-is-azure-powershell), which calls the [Azure Resource Manager API](../../azure-resource-manager/management/overview.md). It does not apply to [Azure AD PowerShell](/powershell/azure/active-directory/overview), which calls the [Microsoft Graph API](/graph/overview).
+
+For more information on how to set up a sample policy for Microsoft Azure Management, see [Conditional Access: Require MFA for Azure management](howto-conditional-access-policy-azure-management.md).
+
+For Azure Government, you should target the Azure Government Cloud Management API application.
 
 ### Other applications
 

articles/active-directory/conditional-access/howto-conditional-access-policy-azure-management.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: how-to
-ms.date: 11/05/2021
+ms.date: 02/03/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -42,6 +42,9 @@ Organizations can choose to deploy this policy using the steps outlined below or
 
 The following steps will help create a Conditional Access policy to require users who access the [Microsoft Azure Management](concept-conditional-access-cloud-apps.md#microsoft-azure-management) suite do multi-factor authentication.
 
+> [!CAUTION]
+> Make sure you understand how Conditional Access works before setting up a policy to manage access to Microsoft Azure Management. Make sure you don't create conditions that could block your own access to the portal.
+
 1. Sign in to the **Azure portal** as a global administrator, security administrator, or Conditional Access administrator.
 1. Browse to **Azure Active Directory** > **Security** > **Conditional Access**.
 1. Select **New policy**.

articles/active-directory/develop/TOC.yml

@@ -387,6 +387,8 @@
         href: msal-compare-msal-js-and-adal-js.md
       - name: Migrate to MSAL Node
         href: msal-node-migration.md
+      - name: MSAL Node extension
+        href: msal-node-extensions.md
       - name: Single sign-on with MSAL.js
         href: msal-js-sso.md
       - name: Considerations - IE

articles/active-directory/develop/msal-node-extensions.md

@@ -0,0 +1,103 @@
+---
+title: "Learn about Microsoft Authentication Extensions for Node | Azure"
+titleSuffix: Microsoft identity platform
+description: The Microsoft Authentication Extensions for Node enables application developers to perform cross-platform token cache serialization and persistence. It gives extra support to the Microsoft Authentication Library for Node (MSAL Node).
+services: active-directory
+author: henrymbuguakiarie
+manager: CelesteDG
+
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+ms.workload: identity
+ms.date: 02/04/2022
+ms.reviewer: j-mantu, samuelkubai, Dickson-Mwendia
+ms.author: henrymbugua
+#Customer intent: As an application developer, I want to learn how to use the Microsoft Authentication Extensions for Node to perform cross-platform token cache serialization and persistence.
+---
+
+# Microsoft Authentication Extensions for Node
+
+The Microsoft Authentication Extensions for Node enables developers to perform cross-platform token cache serialization and persistence to disk. It gives extra support to the Microsoft Authentication Library (MSAL) for Node.
+
+The [MSAL for Node](tutorial-v2-nodejs-webapp-msal.md) supports an in-memory cache by default and provides the ICachePlugin interface to perform cache serialization, but doesn't provide a default way of storing the token cache to disk. The Microsoft Authentication Extensions for Node is the default implementation for persisting cache to disk across different platforms.
+
+The Microsoft Authentication Extensions for Node support the following platforms:
+
+- Windows - Data protection API (DPAPI) is used for protection.
+- Mac - The Mac Keychain is used.
+- Linux - LibSecret is used for storing to "Secret Service".
+
+## Installation
+
+The `msal-node-extensions` package is available on Node Package Manager (NPM).
+
+```bash
+npm i @azure/msal-node-extensions --save
+```
+
+## Configure the token cache
+
+Here's an example of code that uses Microsoft Authentication Extensions for Node to configure the token cache.
+
+```javascript
+const {
+  DataProtectionScope,
+  Environment,
+  PersistenceCreator,
+  PersistenceCachePlugin,
+} = require("@azure/msal-node-extensions");
+
+// You can use the helper functions provided through the Environment class to construct your cache path
+// The helper functions provide consistent implementations across Windows, Mac and Linux.
+const cachePath = path.join(Environment.getUserRootDirectory(), "./cache.json");
+
+const persistenceConfiguration = {
+  cachePath,
+  dataProtectionScope: DataProtectionScope.CurrentUser,
+  serviceName: "<SERVICE-NAME>",
+  accountName: "<ACCOUNT-NAME>",
+  usePlaintextFileOnLinux: false,
+};
+
+// The PersistenceCreator obfuscates a lot of the complexity by doing the following actions for you :-
+// 1. Detects the environment the application is running on and initializes the right persistence instance for the environment.
+// 2. Performs persistence validation for you.
+// 3. Performs any fallbacks if necessary.
+PersistenceCreator.createPersistence(persistenceConfiguration).then(
+  async (persistence) => {
+    const publicClientConfig = {
+      auth: {
+        clientId: "<CLIENT-ID>",
+        authority: "<AUTHORITY>",
+      },
+
+      // This hooks up the cross-platform cache into MSAL
+      cache: {
+        cachePlugin: new PersistenceCachePlugin(persistence),
+      },
+    };
+
+    const pca = new msal.PublicClientApplication(publicClientConfig);
+
+    // Use the public client application as required...
+  }
+);
+```
+
+The following table provides an explanation for all the arguments for the persistence configuration.
+
+| Field Name              | Description                                                                                         | Required For           |
+| ----------------------- | --------------------------------------------------------------------------------------------------- | ---------------------- |
+| cachePath               | The path to the lock file the library uses to synchronize the reads and the writes          | Windows, Mac, and Linux |
+| dataProtectionScope     | Specifies the scope of the data protection on Windows either the current user or the local machine. | Windows                |
+| serviceName             | Specifies the service name to be used on Mac and/or Linux                                      | Mac and Linux          |
+| accountName             | Specifies the account name to be used on Mac and/or Linux                                      | Mac and Linux          |
+| usePlaintextFileOnLinux | The flag to default to plain text on linux if LibSecret fails. Defaults to `false`            | Linux                  |
+
+## Next steps
+
+For more information about Microsoft Authentication Extensions for Node and MSAL Node, see:
+
+- [Microsoft Authentication Extensions for Node](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/extensions/msal-node-extensions)
+- [Microsoft Authentication Library for Node](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node)