Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Learn Build Service GitHub App

.openpublishing.redirection.azure-monitor.json

@@ -6160,6 +6160,11 @@
             "source_path_from_root": "/articles/azure-monitor/logs/api/app-insights-azure-ad-api.md",
             "redirect_url": "/azure/azure-monitor/app/app-insights-azure-ad-api",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/app/javascript-sdk-advanced.md",
+            "redirect_url": "/azure/azure-monitor/app/javascript-sdk-configuration",
+            "redirect_document_id": false
         }
     ]
 }

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -1,9 +1,9 @@
-  - name: Permissions Management
+  - name: Microsoft Entra Permissions Management
     href: index.yml
   - name: Overview
     expanded: true
     items:
-      - name: What's Permissions Management?
+      - name: What's Microsoft Entra Permissions Management?
         href: overview.md       
   - name: How-to guides
     expanded: true

articles/active-directory/cloud-infrastructure-entitlement-management/index.yml

@@ -1,10 +1,10 @@
 ### YamlMime:Landing
 
-title: Permissions Management
-summary: Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities (users and workloads),  actions, and resources across cloud infrastructures. It detects, right-sizes, and monitors unused and excessive permissions and enables Zero Trust security through least privilege access in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
+title: Microsoft Entra Permissions Management
+summary: Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities (users and workloads),  actions, and resources across cloud infrastructures. It detects, right-sizes, and monitors unused and excessive permissions and enables Zero Trust security through least privilege access in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
 
 metadata:
-  title: Permissions Management
+  title: Microsoft Entra Permissions Management
   description: Learn how to use Permissions Management and Cloud Infrastructure Entitlement Management (CIEM)
   services: active-directory
   author: jenniferf-skc
@@ -13,7 +13,7 @@ metadata:
   ms.subservice: ciem
   ms.workload: identity
   ms.topic: landing-page
-  ms.date: 03/09/2022
+  ms.date: 06/16/2023
   ms.author: jfields
 
 
@@ -24,7 +24,7 @@ landingContent:
 # Cards and links should be based on top customer tasks or top subjects
 # Start card title with a verb
   # Card
-  - title: What's Permissions Management?
+  - title: What's Microsoft Entra Permissions Management?
     linkLists:
       - linkListType: overview
         links:

articles/active-directory/cloud-infrastructure-entitlement-management/onboard-enable-tenant.md

@@ -8,13 +8,13 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/24/2023
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
-# Enable Permissions Management in your organization
+# Enable Microsoft Entra Permissions Management in your organization
 
-This article describes how to enable Permissions Management in your organization. Once you've enabled Permissions Management, you can connect it to your Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) platforms.
+This article describes how to enable Microsoft Entra Permissions Management in your organization. Once you've enabled Permissions Management, you can connect it to your Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) platforms.
 
 > [!NOTE]
 > To complete this task, you must have *Microsoft Entra Permissions Management Administrator* permissions. You can't enable Permissions Management as a user from another tenant who has signed in via B2B or via Azure Lighthouse.

articles/active-directory/cloud-infrastructure-entitlement-management/overview.md

@@ -8,15 +8,15 @@ ms.service: active-directory
 ms.subservice: ciem
 ms.workload: identity
 ms.topic: overview
-ms.date: 04/20/2022
+ms.date: 06/16/2023
 ms.author: jfields
 ---
 
-# What's Permissions Management?
+# What's Microsoft Entra Permissions Management?
 
 ## Overview
 
-Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
+Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
 
 Permissions Management  detects, automatically right-sizes, and continuously monitors unused and excessive permissions.
 
@@ -70,5 +70,6 @@ Once your organization has explored and implemented the discover, remediation an
 
 ## Next steps
 
-- For information on how to onboard Permissions Management for your organization, see [Enable Permissions Management in your organization](onboard-enable-tenant.md).
+- Deepen your learning with the [Introduction to Microsoft Entra Permissions Management](https://go.microsoft.com/fwlink/?linkid=2240016) learn module. 
+- Sign up for a [45-day free trial](https://aka.ms/TryPermissionsManagement) of Permissions Management.
 - For a list of frequently asked questions (FAQs) about Permissions Management, see [FAQs](faqs.md).

articles/active-directory/develop/scenario-web-app-call-api-acquire-token.md

@@ -199,6 +199,16 @@ public ModelAndView getUserFromGraph(HttpServletRequest httpRequest, HttpServlet
 // Code omitted here
 ```
 
+# [Node.js](#tab/nodejs)
+
+In the Node.js sample, the code that acquires a token is in the *acquireToken* method of the **AuthProvider** class.
+
+:::code language="js" source="~/ms-identity-node/App/auth/AuthProvider.js" range="79-121":::
+
+This access token is then used to handle requests to the `/profile` endpoint:
+
+:::code language="js" source="~/ms-identity-node/App/routes/users.js" range="29-39":::
+
 # [Python](#tab/python)
 
 In the Python sample, the code that calls the API is in `app.py`.
@@ -226,6 +236,11 @@ Move on to the next article in this scenario,
 Move on to the next article in this scenario,
 [Call a web API](scenario-web-app-call-api-call-api.md?tabs=java).
 
+# [Node.js](#tab/nodejs)
+
+Move on to the next article in this scenario,
+[Call a web API](scenario-web-app-call-api-call-api.md?tabs=nodejs).
+
 # [Python](#tab/python)
 
 Move on to the next article in this scenario,

articles/active-directory/develop/scenario-web-app-call-api-app-configuration.md

@@ -261,6 +261,14 @@ Code examples in this article and the following one are extracted from the [ASP.
 Code examples in this article and the following one are extracted from the [Java web application that calls Microsoft Graph](https://github.com/Azure-Samples/ms-identity-java-webapp), a web-app sample that uses MSAL for Java.
 The sample currently lets MSAL for Java produce the authorization-code URL and handles the navigation to the authorization endpoint for the Microsoft identity platform. It's also possible to use Sprint security to sign the user in. You might want to refer to the sample for full implementation details.
 
+# [Node.js](#tab/nodejs)
+
+Code examples in this article and the following one are extracted from the [Node.js & Express.js web application that calls Microsoft Graph](https://github.com/Azure-Samples/ms-identity-node), a web app sample that uses MSAL Node.
+
+The sample currently lets MSAL Node produce the authorization-code URL and handles the navigation to the authorization endpoint for the Microsoft identity platform. This is shown below:
+
+:::code language="js" source="~/ms-identity-node/App/auth/AuthProvider.js" range="187-232":::
+
 # [Python](#tab/python)
 
 Code snippets in this article and the following are extracted from the [Python web application calling Microsoft graph](https://github.com/Azure-Samples/ms-identity-python-webapp) sample using the [identity package](https://pypi.org/project/identity/) (a wrapper around MSAL Python).
@@ -279,6 +287,12 @@ Microsoft.Identity.Web simplifies your code by setting the correct OpenID Connec
 
 *Microsoft.Identity.Web.OWIN* simplifies your code by setting the correct OpenID Connect settings, subscribing to the code received event, and redeeming the code. No extra code is required to redeem the authorization code. See [Microsoft.Identity.Web source code](https://github.com/AzureAD/microsoft-identity-web/blob/9fdcf15c66819b31b1049955eed5d3e5391656f5/src/Microsoft.Identity.Web.OWIN/AppBuilderExtension.cs#L95) for details on how this works.
 
+# [Node.js](#tab/nodejs)
+
+The *handleRedirect* method in **AuthProvider** class processes the authorization code received from Azure AD. This is shown below:
+
+:::code language="js" source="~/ms-identity-node/App/auth/AuthProvider.js" range="123-155":::
+
 # [Java](#tab/java)
 
 See [Web app that signs in users: Code configuration](scenario-web-app-sign-user-app-configuration.md?tabs=java#initialization-code) to understand how the Java sample gets the authorization code. After the app receives the code, the [AuthFilter.java#L51-L56](https://github.com/Azure-Samples/ms-identity-java-webapp/blob/d55ee4ac0ce2c43378f2c99fd6e6856d41bdf144/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java#L51-L56):
@@ -468,6 +482,12 @@ IAuthenticationResult getAuthResultBySilentFlow(HttpServletRequest httpRequest,
 
 The detail of the `SessionManagementHelper` class is provided in the [MSAL sample for Java](https://github.com/Azure-Samples/ms-identity-java-webapp/blob/d55ee4ac0ce2c43378f2c99fd6e6856d41bdf144/src/main/java/com/microsoft/azure/msalwebsample/SessionManagementHelper.java).
 
+# [Node.js](#tab/nodejs)
+
+In the Node.js sample, the application session is used to store the token cache. Using MSAL Node cache methods, the token cache in session is read before a token request is made, and then updated once the token request is successfully completed. This is shown below:
+
+:::code language="js" source="~/ms-identity-node/App/auth/AuthProvider.js" range="79-121":::
+
 # [Python](#tab/python)
 
 In the Python sample, the identity package takes care of the token cache, using the global `session` object for storage. 
@@ -501,6 +521,11 @@ Move on to the next article in this scenario,
 Move on to the next article in this scenario,
 [Remove accounts from the cache on global sign out](scenario-web-app-call-api-sign-in.md?tabs=java).
 
+# [Node.js](#tab/nodejs)
+
+Move on to the next article in this scenario,
+[Remove accounts from the cache on global sign out](scenario-web-app-call-api-sign-in.md?tabs=nodejs).
+
 # [Python](#tab/python)
 
 Move on to the next article in this scenario,

articles/active-directory/develop/scenario-web-app-call-api-call-api.md

@@ -295,6 +295,12 @@ private String getUserInfoFromGraph(String accessToken) throws Exception {
 }
 ```
 
+# [Node.js](#tab/nodejs)
+
+After successfully retrieving a token, the code uses the **axios** package to query the API endpoint and retrieve a JSON result.
+
+:::code language="js" source="~/ms-identity-node/App/fetch.js" range="8-28":::
+
 # [Python](#tab/python)
 
 After successfully retrieving a token, the code uses the requests package to query the API endpoint and retrieve a JSON result.

articles/active-directory/develop/scenario-web-app-call-api-sign-in.md

@@ -38,6 +38,10 @@ The ASP.NET sample doesn't remove accounts from the cache on global sign-out.
 
 The Java sample doesn't remove accounts from the cache on global sign-out.
 
+# [Node.js](#tab/nodejs)
+
+The Node sample doesn't remove accounts from the cache on global sign-out.
+
 # [Python](#tab/python)
 
 The Python sample doesn't remove accounts from the cache on global sign-out.
@@ -61,6 +65,11 @@ Move on to the next article in this scenario,
 Move on to the next article in this scenario,
 [Acquire a token for the web app](./scenario-web-app-call-api-acquire-token.md?tabs=java).
 
+# [Node.js](#tab/nodejs)
+
+Move on to the next article in this scenario,
+[Acquire a token for the web app](./scenario-web-app-call-api-acquire-token.md?tabs=nodejs).
+
 # [Python](#tab/python)
 
 Move on to the next article in this scenario,

articles/active-directory/develop/scenario-web-app-sign-user-app-configuration.md

@@ -167,9 +167,9 @@ In the Azure portal, the reply URIs that you register on the **Authentication**
 
 # [Node.js](#tab/nodejs)
 
-Here, the configuration parameters reside in *.env* as environment variables:
+Here, the configuration parameters reside in *.env.dev* as environment variables:
 
-:::code language="text" source="~/ms-identity-node/App/.env":::
+:::code language="text" source="~/ms-identity-node/App/.env.dev":::
 
 These parameters are used to create a configuration object in *authConfig.js* file, which will eventually be used to initialize MSAL Node: