Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory/develop/howto-configure-publisher-domain.md

@@ -9,9 +9,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 06/23/2021
+ms.date: 11/11/2022
 ms.author: ryanwi
-ms.reviewer: lenalepa, sureshja, zachowd
+ms.reviewer: xurobert, brianokoyo
 ms.custom: contperf-fy21q4, aaddev
 ---
 

articles/active-directory/develop/index.yml

@@ -16,7 +16,7 @@ metadata:
   author: Dickson-Mwendia
   manager: CelesteDG
   ms.author: dmwendia
-  ms.date: 04/01/2022
+  ms.date: 11/11/2022
   ms.service: active-directory
   ms.subservice: develop
   ms.topic: hub-page
@@ -27,20 +27,29 @@ metadata:
 highlightedContent:
   items:
     - title: What is the Microsoft identity platform?
-      itemType: overview # controls the icon image and super-title text
+      itemType: overview
       url: v2-overview.md
     - title: Authentication & authorization basics
       url: authentication-vs-authorization.md
       itemType: concept
-#    - title: OAuth 2.0 and OpenID Connect (OIDC)
-#      url: active-directory-v2-protocols.md
-#      itemType: concept
     - title: App types and authentication flows
       url: authentication-flows-app-scenarios.md
       itemType: concept
     - title: Code samples
       url: sample-v2-code.md
       itemType: sample
+    - title: What's new in docs
+      url: whats-new-docs.md
+      itemType: whats-new
+    - title: OAuth 2.0 and OpenID Connect (OIDC)
+      url: active-directory-v2-protocols.md
+      itemType: concept
+    - title: Migrate apps to MSAL
+      url: msal-migration.md
+      itemType: concept
+    - title: Register an application
+      url: quickstart-register-app.md
+      itemType: quickstart
 ## BAND 1 - HIGHLIGHTED CONTENT END ##########################################################################################################################
 
 
@@ -88,7 +97,7 @@ productDirectory:
 ## BAND 3 - CONCEPTUAL CONTENT #############################################################################################################################
 conceptualContent:
   title: Get started
-  summary: Quick access to documentation for adding core IAM features to your applications and guidance on the best practices for keeping your apps secure and available.
+  summary: Quick access to guidance on adding core IAM features to your applications and best practices for keeping your apps secure and available.
   items:
     ## CARD 1 ######################
     - title: Sign in users

articles/active-directory/develop/mark-app-as-publisher-verified.md

@@ -8,10 +8,10 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 09/27/2021
+ms.date: 11/12/2022
 ms.author: ryanwi
 ms.custom: aaddev
-ms.reviewer: ardhanap, jesakowi
+ms.reviewer: xurobert, brianokoyo, ardhanap
 ---
 
 # Mark your app as publisher verified

articles/active-directory/develop/scenario-web-app-sign-user-sign-in.md

@@ -54,7 +54,7 @@ In ASP.NET Core, for Microsoft identity platform applications, the **Sign in** b
 
 # [ASP.NET](#tab/aspnet)
 
-In ASP.NET MVC, the sign-out button is exposed in `Views\Shared\_LoginPartial.cshtml`. It's displayed only when there's an authenticated account. That is, it's displayed when the user has previously signed in.
+In ASP.NET MVC, the **Sign in** button is exposed in `Views\Shared\_LoginPartial.cshtml`. It's displayed only when the user isn't authenticated. That is, it's displayed when the user hasn't yet signed in or has signed out.
 
 ```html
 @if (Request.IsAuthenticated)
@@ -125,7 +125,7 @@ This controller also handles the Azure AD B2C applications.
 
 # [ASP.NET](#tab/aspnet)
 
-In ASP.NET, signing out is triggered from the `SignOut()` method on a controller (for instance, [AccountController.cs#L16-L23](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/a2da310539aa613b77da1f9e1c17585311ab22b7/WebApp/Controllers/AccountController.cs#L16-L23)). This method isn't part of the ASP.NET framework (contrary to what happens in ASP.NET Core). It sends an OpenID sign-in challenge after proposing a redirect URI.
+In ASP.NET, Sign in is triggered from the `SignIn()` method on a controller (for instance, [AccountController.cs#L16-L23](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/a2da310539aa613b77da1f9e1c17585311ab22b7/WebApp/Controllers/AccountController.cs#L16-L23)). This method isn't part of the ASP.NET framework (contrary to what happens in ASP.NET Core). It sends an OpenID sign-in challenge after proposing a redirect URI.
 
 ```csharp
 public void SignIn()

articles/active-directory/external-identities/reset-redemption-status.md

@@ -7,7 +7,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 06/16/2022
+ms.date: 11/11/2022
 
 ms.author: mimart
 author: msmimart
@@ -28,13 +28,21 @@ In this article, you'll learn how to update the [guest user's](user-properties.m
 
 To manage these scenarios previously, you had to manually delete the guest user’s account from your directory and reinvite the user. Now you can use the Azure portal, PowerShell or the Microsoft Graph invitation API to reset the user's redemption status and reinvite the user while keeping the user's object ID, group memberships, and app assignments. When the user redeems the new invitation, the [UPN](../hybrid/plan-connect-userprincipalname.md#what-is-userprincipalname) of the user doesn't change, but the user's sign-in name changes to the new email. Then the user can sign in using the new email or an email you've added to the `otherMails` property of the user object.
 
+## Required Azure AD roles
+
+To reset a user's redemption status, you'll need one of the following roles:
+
+- [Guest Inviter](../roles/permissions-reference.md#guest-inviter) (least privileged)
+- [User Administrator](../roles/permissions-reference.md#user-administrator)
+- [Global Administrator](../roles/permissions-reference.md#global-administrator)
+
 ## Use the Azure portal to reset redemption status
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) using a Global administrator or User administrator account for the directory.
-1. Search for and select **Azure Active Directory**.
-1. Select **Users**.
-1. In the list, select the user's name to open their user profile.
-1. If the user wants to sign in using a different email:
+1. Sign in to the [Azure portal](https://portal.azure.com/) using an account that has one of the [required Azure AD roles](#required-azure-ad-roles).
+2. Search for and select **Azure Active Directory**.
+3. Select **Users**.
+4. In the list, select the user's name to open their user profile.
+5. If the user wants to sign in using a different email:
    - Select **Edit properties**.
    - Select the **Contact Information** tab.
    - Next to **Email**, type the new email.

articles/active-directory/governance/lifecycle-workflow-tasks.md

@@ -301,7 +301,7 @@ For Microsoft Graph the parameters for the **Run a Custom Task Extension** task
 |category    |  joiner, leaver      |
 |displayName     | Run a Custom Task Extension (Customizable by user)        |
 |description     |  Run a Custom Task Extension to call-out to an external system. (Customizable by user)      |
-|taskDefinitionId     |   "d79d1fcc-16be-490c-a865-f4533b1639ee      |
+|taskDefinitionId     |   d79d1fcc-16be-490c-a865-f4533b1639ee      |
 |argument     |  Argument contains a name parameter that is the "customTaskExtensionID", and a value parameter that is the ID of the previously created extension that contains information about the Logic App.    |
 
 

articles/active-directory/hybrid/four-steps.md

@@ -164,7 +164,7 @@ Security logs and reports provide you with an electronic record of suspicious ac
 
 ### Assign least privileged admin roles for operations
 
-As you think about your approach to operations, there are a couple levels of administration to consider. The first level places the burden of administration on your global administrator(s). Always using the global administrator role, might be appropriate for smaller companies. But for larger organizations with help desk personnel and administrators responsible for specific tasks, assigning the role of global administrator can be a security risk since it provides those individuals with the ability to manage tasks that are above and beyond what they should be capable of doing.
+As you think about your approach to operations, there are a couple levels of administration to consider. The first level places the burden of administration on your Hybrid Identity Administrator(s). Always using the Hybrid Identity Administrator role, might be appropriate for smaller companies. But for larger organizations with help desk personnel and administrators responsible for specific tasks, assigning the role of Hybrid Identity Administrator can be a security risk since it provides those individuals with the ability to manage tasks that are above and beyond what they should be capable of doing.
 
 In this case, you should consider the next level of administration. Using Azure AD, you can designate end users as "limited administrators" who can manage tasks in less-privileged roles. For example, you might assign your help desk personnel the [security reader](../roles/permissions-reference.md#security-reader) role to provide them with the ability to manage security-related features with read-only access. Or perhaps it makes sense to assign the [authentication administrator](../roles/permissions-reference.md#authentication-administrator) role to individuals to give them the ability to reset non-password credentials or read and configure Azure Service Health.
 

articles/active-directory/hybrid/how-to-bypassdirsyncoverrides.md

@@ -138,4 +138,4 @@ Clear-ADSyncToolsDirSyncOverridesUser '[email protected]' -MobilePhoneInAAD -Alt
 
 ## Next Steps
 
-Learn more about [Azure AD Connect: ADSyncTools PowerShell Module](reference-connect-adsynctools.md)
+Learn more about [Azure AD Connect: ADSyncTools PowerShell Module](reference-connect-adsynctools.md)

articles/active-directory/hybrid/how-to-connect-create-custom-sync-rule.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na

articles/active-directory/hybrid/how-to-connect-device-writeback.md

@@ -5,7 +5,6 @@ services: active-directory
 documentationcenter: ''
 author: billmath
 manager: amycolannino
-editor: curtand
 ms.assetid: c0ff679c-7ed5-4d6e-ac6c-b2b6392e7892
 ms.service: active-directory
 ms.workload: identity