Merge pull request #181574 from MicrosoftDocs/master

12/01 PM Publish

Author: huypub

articles/active-directory/develop/msal-net-acquire-token-silently.md

@@ -26,39 +26,39 @@ The recommended pattern is to call the `AcquireTokenSilent` method first.  If `A
 In the following example, the application first attempts to acquire a token from the token cache.  If a `MsalUiRequiredException` exception is thrown, the application acquires a token interactively. 
 
 ```csharp
-AuthenticationResult result = null;
 var accounts = await app.GetAccountsAsync();
 
+AuthenticationResult result = null;
 try
 {
- result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
-        .ExecuteAsync();
+     result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
+                       .ExecuteAsync();
 }
 catch (MsalUiRequiredException ex)
 {
- // A MsalUiRequiredException happened on AcquireTokenSilent.
- // This indicates you need to call AcquireTokenInteractive to acquire a token
- System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
+    // A MsalUiRequiredException happened on AcquireTokenSilent.
+    // This indicates you need to call AcquireTokenInteractive to acquire a token
+    Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
 
- try
- {
-    result = await app.AcquireTokenInteractive(scopes)
-          .ExecuteAsync();
- }
- catch (MsalException msalex)
- {
-    ResultText.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
- }
+    try
+    {
+        result = await app.AcquireTokenInteractive(scopes)
+                          .ExecuteAsync();
+    }
+    catch (MsalException msalex)
+    {
+        ResultText.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
+    }
 }
 catch (Exception ex)
 {
- ResultText.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
- return;
+    ResultText.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
+    return;
 }
 
 if (result != null)
 {
- string accessToken = result.AccessToken;
- // Use the token
+    string accessToken = result.AccessToken;
+    // Use the token
 }
 ```

articles/active-directory/identity-protection/howto-export-risk-data.md

@@ -28,9 +28,6 @@ Azure AD stores reports and security signals for a defined period of time. When
 
 Organizations can choose to store data for longer periods by changing diagnostic settings in Azure AD to send **RiskyUsers** and **UserRiskEvents** data to a Log Analytics workspace, archive data to a storage account, stream data to an Event Hub, or send data to a partner solution. Find these options in the **Azure portal** > **Azure Active Directory**, **Diagnostic settings** > **Edit setting**. If you don't have a diagnostic setting, follow the instructions in the article [Create diagnostic settings to send platform logs and metrics to different destinations](../../azure-monitor/essentials/diagnostic-settings.md) to create one.
 
->[!NOTE]
->The diagnostic settings for RiskyUsers and UserRiskEvents are currently in public preview.
-
 [ ![Diagnostic settings screen in Azure AD showing existing configuration](./media/howto-export-risk-data/change-diagnostic-setting-in-portal.png) ](./media/howto-export-risk-data/change-diagnostic-setting-in-portal.png#lightbox)
 
 ## Log Analytics

articles/active-directory/manage-apps/f5-big-ip-ldap-header-easybutton.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: roles
 ms.topic: reference
-ms.date: 11/16/2021
+ms.date: 12/01/2021
 ms.author: rolyon
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -232,8 +232,8 @@ You can further restrict permissions by assigning roles at smaller scopes or by
 > | Task | Least privileged role | Additional roles |
 > | ---- | --------------------- | ---------------- |
 > | Delete all existing app passwords generated by the selected users | Global Administrator |  |
-> | Disable MFA | Authentication Administrator (via PowerShell) | Privileged Authentication Administrator (via PowerShell) |
-> | Enable MFA | Authentication Administrator (via PowerShell) | Privileged Authentication Administrator (via PowerShell) | 
+> | Disable per-user MFA ([see documentation](../authentication/howto-mfa-userstates.md)) | Authentication Administrator (via PowerShell) | Privileged Authentication Administrator (via PowerShell) |
+> | Enable per-user MFA ([see documentation](../authentication/howto-mfa-userstates.md)) | Authentication Administrator (via PowerShell) | Privileged Authentication Administrator (via PowerShell) | 
 > | Manage MFA service settings | Authentication Policy Administrator |  |
 > | Require selected users to provide contact methods again | Authentication Administrator |  |
 > | Restore multi-factor authentication on all remembered devices  | Authentication Administrator |  |

articles/active-directory/roles/delegate-by-task.md

@@ -68,13 +68,13 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
    ![Edit Basic SAML Configuration](common/edit-urls.png)
 
-4. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
+1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
 
-5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
+1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer.
 
 	![The Certificate download link](common/metadataxml.png)
 
-6. On the **Set up Sauce Labs - Mobile and Web Testing** section, copy the appropriate URL(s) as per your requirement.
+1. On the **Set up Sauce Labs - Mobile and Web Testing** section, copy the appropriate URL(s) as per your requirement.
 
 	![Copy configuration URLs](common/copy-configuration-urls.png)
 
@@ -106,31 +106,31 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In a different web browser window, sign in to your Sauce Labs - Mobile and Web Testing company site as an administrator.
 
-2. Click on the **User icon** and select **Team Management** tab.
+1. Click the **Account** dropdown and select the **Team Management** tab.
 
-	![Screenshot that shows the "User" icon and "Team Management" drop-down selected.](./media/saucelabs-mobileandwebtesting-tutorial/user.png)
+   :::image type="content" source="./media/saucelabs-mobileandwebtesting-tutorial/user.png" alt-text="Screenshot that shows the Account dropdown and Team Management dropdown item selected.":::
 
-3. Enter your **Domain name** in the textbox.
+1. Click **View Settings** under **Organization Settings**.
 
-	![Screenshot that shows an example domain name in the textbox.](./media/saucelabs-mobileandwebtesting-tutorial/domain.png)
+   :::image type="content" source="./media/saucelabs-mobileandwebtesting-tutorial/org-settings.png" alt-text="Screenshot that shows the View Settings button in the Organization Settings box." border="true":::
 
-4. Click **Configure** tab.
+1. Click the **Single Sign-On** tab.
 
-	![Screenshot that shows the "Configure" tab selected under "Single Sign On is Enabled".](./media/saucelabs-mobileandwebtesting-tutorial/configure.png)
+   :::image type="content" source="./media/saucelabs-mobileandwebtesting-tutorial/configure.png" alt-text="Screenshot that shows the Single Sign-On tab selected under Organization Settings.":::
 
-5. In the **Configure Single Sign On** section, perform the following steps.
+1. In the **Single Sign-On** section, perform the following steps.
 
-	![Configure Single Sign-On](./media/saucelabs-mobileandwebtesting-tutorial/browse.png)
+   :::image type="content" source="./media/saucelabs-mobileandwebtesting-tutorial/browse.png" alt-text="Screenshot that shows selecting options on the Single Sign-On tab.":::
 
-	a. Click **Browse** and upload the downloaded metadata file from the Azure AD.
+   1. Define your Unique Identifier String (UIS) and click **Save**.
 
-	b. Select the **ALLOW JUST-IN-TIME PROVISIONING** checkbox.
+   1. Click **Upload New Metadata File** and upload the downloaded metadata file from Azure AD.
 
-	c. Click **Save**.
+   1. Under **Enable Single Sign-On**, select **Enabled**.
 
 ### Create Sauce Labs - Mobile and Web Testing test user
 
-In this section, a user called Britta Simon is created in Sauce Labs - Mobile and Web Testing. Sauce Labs - Mobile and Web Testing supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Sauce Labs - Mobile and Web Testing, a new one is created after authentication.
+In this section, a user called B.Simon is created in Sauce Labs - Mobile and Web Testing. Sauce Labs - Mobile and Web Testing supports just-in-time user provisioning, which is always enabled. There is no action item for you in this section. If a user doesn't already exist in Sauce Labs - Mobile and Web Testing, a new one is created after authentication.
 
 > [!Note]
 > If you need to create a user manually, contact [Sauce Labs - Mobile and Web Testing support team](mailto:[email protected]).
@@ -141,7 +141,7 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 * Click on Test this application in Azure portal and you should be automatically signed in to the Sauce Labs - Mobile and Web Testing for which you set up the SSO.
 
-* You can use Microsoft My Apps. When you click the Sauce Labs - Mobile and Web Testing tile in the My Apps, you should be automatically signed in to the Sauce Labs - Mobile and Web Testing for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+* You can use Microsoft My Apps. When you click the Sauce Labs - Mobile and Web Testing tile in the My Apps, you should be automatically signed in to the Sauce Labs - Mobile and Web Testing for which you set up the SSO. For more information about My Apps, see [Introduction to My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
 ## Next steps