Merge pull request #243467 from MicrosoftDocs/main

6/29/2023 10AM Publishing

Author: huypub

articles/active-directory-b2c/enable-authentication-web-application-options.md

@@ -303,7 +303,7 @@ To support a secured logout redirect in your application, first follow the steps
 1. In the **Startup.cs** class, parse the `id_token_hint` value and append the value to the authentication request. The following code snippet demonstrates how to pass the `id_token_hint` value to the authentication request:
 
     ```csharp
-    private async Task OnRedirectToIdentityProviderFunc(RedirectContext context)
+    private async Task OnRedirectToIdentityProviderForSignOutFunc(RedirectContext context)
     {
         var id_token_hint = context.Properties.Items.FirstOrDefault(x => x.Key == "id_token_hint").Value;
         if (id_token_hint != null)
@@ -324,7 +324,7 @@ To support a secured logout redirect in your application, first follow the steps
         {
             Configuration.Bind("AzureAdB2C", options);
             options.Events ??= new OpenIdConnectEvents();        
-            options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProviderFunc;
+            options.Events.OnRedirectToIdentityProviderForSignOut += OnRedirectToIdentityProviderForSignOutFunc;
             options.SaveTokens = true;
         });
     ```

articles/active-directory/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.workload: identity
 ms.topic: how-to
-ms.date: 05/04/2023
+ms.date: 06/29/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -61,16 +61,16 @@ The time it takes for a given user to be provisioned depends mainly on whether y
 The following table summarizes synchronization times for common provisioning scenarios. In these scenarios, the source system is Azure AD and the target system is a SaaS application. The sync times are derived from a statistical analysis of sync jobs for the SaaS applications ServiceNow, Workplace, Salesforce, and G Suite.
 
 
-| Scope configuration | Users, groups, and members in scope | Initial cycle time | Incremental cycle time |
-| -------- | -------- | -------- | -------- |
-| Sync assigned users and groups only |  < 1,000 |  < 30 minutes | < 30 minutes |
-| Sync assigned users and groups only |  1,000 - 10,000 | 142 - 708 minutes | < 30 minutes |
-| Sync assigned users and groups only |   10,000 - 100,000 | 1,170 - 2,340 minutes | < 30 minutes |
-| Sync all users and groups in Azure AD |  < 1,000 | < 30 minutes  | < 30 minutes |
-| Sync all users and groups in Azure AD |  1,000 - 10,000 | < 30 - 120 minutes | < 30 minutes |
-| Sync all users and groups in Azure AD |  10,000 - 100,000  | 713 - 1,425 minutes | < 30 minutes |
-| Sync all users in Azure AD|  < 1,000  | < 30 minutes | < 30 minutes |
-| Sync all users in Azure AD | 1,000 - 10,000  | 43 - 86 minutes | < 30 minutes |
+| Scope configuration | Users, groups, and members in scope | Initial cycle time |
+| -------- | -------- | -------- | 
+| Sync assigned users and groups only |  < 1,000 |  < 30 minutes |
+| Sync assigned users and groups only |  1,000 - 10,000 | 142 - 708 minutes | 
+| Sync assigned users and groups only |   10,000 - 100,000 | 1,170 - 2,340 minutes |
+| Sync all users and groups in Azure AD |  < 1,000 | < 30 minutes  | 
+| Sync all users and groups in Azure AD |  1,000 - 10,000 | < 30 - 120 minutes | 
+| Sync all users and groups in Azure AD |  10,000 - 100,000  | 713 - 1,425 minutes |
+| Sync all users in Azure AD|  < 1,000  | < 30 minutes |
+| Sync all users in Azure AD | 1,000 - 10,000  | 43 - 86 minutes |
 
 For the configuration **Sync assigned user and groups only**, you can use the following formulas to determine the approximate minimum and maximum expected **initial cycle** times:
 
@@ -93,12 +93,7 @@ Summary of factors that influence the time it takes to complete an **initial cyc
 
 - If performance becomes an issue, and you're attempting to provision most users and groups in your tenant, then use scoping filters. Scoping filters allow you to fine tune the data that the provisioning service extracts from Azure AD by filtering out users based on specific attribute values. For more information on scoping filters, see [Attribute-based application provisioning with scoping filters](define-conditional-rules-for-provisioning-user-accounts.md).
 
-The **incremental cycle** may also take longer than the duration we have documented above. Some of the factors that influence this duration are:
-
-- The  number of changes on the individual objects properties.
-- The number of changes on the groups memberships.
-- The scope of assignment configured for the app. Configuration of **sync assigned users and groups only** is recommended where possible.
-
+In most cases, the **incremental cycle** completes in 30 minutes. However, when there are hundreds or thousands of user changes or group membership changes, the incremental cycle time will increase proportionally with the number of changes to process and can take several hours. Using **sync assigned users and groups** and minimizing the number of users / groups in scope for provisioning will help to reduce the sync time.
 
 ## Next steps
 [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](user-provisioning.md)

articles/active-directory/app-proxy/application-proxy-integrate-with-remote-desktop-services.md

@@ -40,6 +40,7 @@ In an RDS deployment, the RD Web role and the RD Gateway role run on Internet-fa
 - You should already have [deployed RDS](/windows-server/remote/remote-desktop-services/rds-in-azure), and [enabled Application Proxy](../app-proxy/application-proxy-add-on-premises-application.md). Ensure you have satisfied the pre-requisites to enable Application Proxy, such as installing the connector, opening required ports and URLs, and enabling TLS 1.2 on the server. To learn which ports need to be opened, and other details, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](application-proxy-add-on-premises-application.md).
 - Your end users must use a compatible browser to connect to RD Web or the RD Web client. For more details see [Support for client configurations](#support-for-other-client-configurations).
 - When publishing RD Web, it is recommended to use the same internal and external FQDN. If the internal and external FQDNs are different then you should disable Request Header Translation to avoid the client receiving invalid links.
+- If you are using the RD Web client, you *must* use the same internal and external FQDN. If the internal and external FQDNs are different, you will encounter websocket errors when making a RemoteApp connection through the RD Web client.
 - If you are using RD Web on Internet Explorer, you will need to enable the RDS ActiveX add-on.
 - If you are using the RD Web client, you will need to use the Application Proxy [connector version 1.5.1975 or later](./application-proxy-release-version-history.md).
 - For the Azure AD pre-authentication flow, users can only connect to resources published to them in the **RemoteApp and Desktops** pane. Users can't connect to a desktop using the **Connect to a remote PC** pane.

articles/active-directory/cloud-infrastructure-entitlement-management/TOC.yml

@@ -151,11 +151,6 @@
     items:
     - name: Troubleshoot issues
       href: troubleshoot.md
-  - name: Training videos
-    expanded: false
-    items:
-    - name: Get started with Permissions Management training videos
-      href: training-videos.md
   - name: Reference
     expanded: false
     items:

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -167,7 +167,7 @@ Now that you've created the VM, you need to configure an Azure RBAC policy to de
 - **Virtual Machine Administrator Login**: Users who have this role assigned can log in to an Azure virtual machine with administrator privileges.
 - **Virtual Machine User Login**: Users who have this role assigned can log in to an Azure virtual machine with regular user privileges.
 
-To allow a user to log in to the VM over RDP, you must assign the Virtual Machine Administrator Login or Virtual Machine User Login role to the resource group that contains the VM and its associated virtual network, network interface, public IP address, or load balancer resources. 
+To allow a user to log in to the VM over RDP, you must assign the Virtual Machine Administrator Login or Virtual Machine User Login role to the Virtual Machine resource.
 
 > [!NOTE]
 > Manually elevating a user to become a local administrator on the VM by adding the user to a member of the local administrators group or by running `net localgroup administrators /add "AzureAD\UserUpn"` command is not supported. You need to use Azure roles above to authorize VM login.

articles/active-directory/external-identities/customers/how-to-desktop-app-maui-sample-sign-in.md

@@ -69,9 +69,15 @@ git clone https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial.git
 
 ## Run and test sample .NET MAUI desktop application
 
-Select the Windows platform to work on by setting the startup project in the **Solution Explorer**. Make sure that your platform of choice is marked for build and deploy in the configuration manager.
+.NET MAUI apps are designed to run on multiple operating systems and devices. You'll need to select which target you want to test and debug your app with.
 
-Clean the solution, rebuild the solution, and run it.
+Set the **Debug Target** in the Visual Studio toolbar to the device you want to debug and test with. The following steps demonstrate setting the **Debug Target** to _Windows_:
+
+1. Select **Debug Target** drop-down.
+1. Select **Framework** 
+1. Select **net7.0-windows...**
+
+Run the app by pressing _F5_ or select the _play button_ at the top of Visual Studio.
 
 1. You can now test the sample .NET MAUI desktop application. After you run the application, the desktop application window appears automatically:
 

articles/active-directory/external-identities/customers/how-to-mobile-app-maui-sample-sign-in.md

@@ -72,9 +72,15 @@ git clone https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial.git
 
 ## Run and test sample .NET MAUI Android application
 
-Select the Android platform to work on by setting the startup project in the **Solution Explorer**. Make sure that your platform of choice is marked for build and deploy in the configuration manager.
+.NET MAUI apps are designed to run on multiple operating systems and devices. You'll need to select which target you want to test and debug your app with.
 
-Clean the solution, rebuild the solution, and run it.
+Set the **Debug Target** in the Visual Studio toolbar to the device you want to debug and test with. The following steps demonstrate setting the **Debug Target** to _Android_:
+
+1. Select **Debug Target** drop-down.
+1. Select **Android Emulators**. 
+1. Select emulator device.
+
+Run the app by pressing _F5_ or select the _play button_ at the top of Visual Studio.
 
 1. You can now test the sample .NET MAUI Android app. After you run the app, the Android app window appears in an emulator:
 

articles/active-directory/external-identities/customers/toc.yml

@@ -189,7 +189,17 @@ items:
                   - name: Prepare app
                     href: how-to-daemon-node-call-api-prepare-app.md 
                   - name: Acquire access token and call API
-                    href: how-to-daemon-node-call-api-call-api.md 
+                    href: how-to-daemon-node-call-api-call-api.md
+      - name: Desktop app
+        items:
+          - name: .NET MAUI
+            items:
+              - name: Prepare tenant
+                href: tutorial-desktop-app-maui-sign-in-prepare-tenant.md
+              - name: Prepare app
+                href: tutorial-desktop-app-maui-sign-in-prepare-app.md
+              - name: Sign in and sign out
+                href: tutorial-desktop-app-maui-sign-in-sign-out.md
       - name: Mobile
         items: 
         - name: .NET MAUI

articles/active-directory/external-identities/customers/tutorial-desktop-app-maui-sign-in-prepare-app.md

@@ -0,0 +1,112 @@
+---
+title: "Tutorial: Create a .NET MAUI shell app, add MSAL SDK, and include an image resource"
+description: This tutorial demonstrates how to create a .NET MAUI shell app, add MSAL SDK support via MSALClient helper, and include an image resource.
+author: henrymbuguakiarie
+manager: mwongerapk
+
+ms.author: henrymbugua
+ms.service: active-directory
+ms.topic: tutorial
+ms.subservice: ciam
+ms.date: 06/05/2023
+---
+
+# Tutorial: Create a .NET MAUI app
+
+This tutorial demonstrates how to create a .NET Multi-platform App UI (.NET MAUI) shell app. You'll also add a custom Microsoft Authentication Library (MSAL) client helper to initialize the MSAL SDK, install required libraries and include an image resource.
+
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+>
+> - Create a .NET MAUI shell app.
+> - Add MSAL SDK support using MSAL helper classes.
+> - Install required packages.
+> - Add image resource.
+
+## Prerequisites
+
+- [.NET 7.0 SDK](https://dotnet.microsoft.com/download/dotnet/7.0)
+- [Visual Studio 2022](https://aka.ms/vsdownloads) with the MAUI workload installed:
+  - [Instructions for Windows](/dotnet/maui/get-started/installation?tabs=vswin)
+  - [Instructions for macOS](/dotnet/maui/get-started/installation?tabs=vsmac)
+
+## Create .NET MAUI app
+
+1. In the start window of Visual Studio 2022, select **Create a new project**.
+1. In the **Create a new project** window, select **MAUI** in the All project types drop-down, select the **.NET MAUI App** template, and select **Next**.
+1. In the **Configure your new project** window, **Project name** must be set to _SignInMaui_. Update the **Solution name**  to _sign-in-maui_ and select **Next**.
+1. In the **Additional information** window, choose .NET 7.0 and select **Create**.
+
+Wait for the project to be created and its dependencies to be restored.
+
+## Add MSAL SDK support using MSAL helper classes
+
+MSAL client enables developers to acquire security tokens from Azure Active Directory (Azure AD) for customers tenant to authenticate and access secured web APIs. In this section, you download files that makes up MSALClient.
+
+Download the following files:
+
+- [AzureAdConfig.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/AzureAdConfig.cs) - This file gets and sets the Azure AD app unique identifiers from your app configuration file.
+- [DownStreamApiConfig.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/DownStreamApiConfig.cs) - This file gets and sets the scopes for Microsoft Graph call.
+- [DownstreamApiHelper.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/DownstreamApiHelper.cs) - This file handles the exceptions that occur when calling the downstream API.
+- [Exception.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/Exception.cs) - This file offers a few extension method related to exception throwing and handling.
+- [IdentityLogger.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/IdentityLogger.cs) - This file handles shows how to use MSAL.NET logging.
+- [MSALClientHelper.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/MSALClientHelper.cs) - This file contains methods to initialize MSAL SDK.
+- [PlatformConfig.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/PlatformConfig.cs) - This file contains methods to handle specific platform. For example, Windows.
+- [PublicClientSingleton.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/PublicClientSingleton.cs) - This file contains a singleton implementation to wrap the MSALClient and associated classes to support static initialization model for platforms.
+- [WindowsHelper.cs](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/MSALClient/WindowsHelper.cs) - This file contains methods to retrieve window handle.
+
+> [!IMPORTANT]
+> Don't skip downloading the MSALClient files, they're required to complete this tutorial.
+
+### Move the MSALClient files with Visual Studio
+
+1. In the **Solution Explorer** pane, right-click on the **SignInMaui** project and select **Add** > **New Folder**. Name the folder _MSALClient_.
+1. Right-click on **MSALClient** folder, select **Add** > **Existing Item...**.
+1. Navigate to the folder that contains the downloaded MSALClient files.
+1. Select all of the MSALClient files you downloaded, then select **Add**
+
+## Install required packages
+
+You need to install the following packages:
+
+- _Microsoft.Identity.Client_ - This package contains the binaries of the Microsoft Authentication Library for .NET (MSAL.NET).
+- _Microsoft.Extensions.Configuration.Json_ - This package contains JSON configuration provider implementation for Microsoft.Extensions.Configuration.
+- _Microsoft.Extensions.Configuration.Binder_ - This package contains functionality to bind an object to data in configuration providers for Microsoft.Extensions.Configuration.
+- _Microsoft.Extensions.Configuration.Abstractions_ - This package contains abstractions of key-value pair based configuration.
+- _Microsoft.Identity.Client.Extensions.Msal_ - This package contains extensions to Microsoft Authentication Library for .NET (MSAL.NET).
+
+### NuGet Package Manager
+
+To use the **NuGet Package Manager** to install the _Microsoft.Identity.Client_ package in Visual Studio, follow these steps:
+
+1. Select **Tools** > **NuGet Package Manager** > **Manage NuGet Packages for Solution...**.
+1. From the **Browse** tab, search for _Microsoft.Identity.Client_.
+1. Select **Microsoft.Identity.Client** in the list.
+1. Select **SignInMaui** in the **Project** list pane.
+1. Select **Install**.
+1. If you're prompted to verify the installation, select **OK**.
+
+Repeat the process to install the remaining required packages.
+
+## Add image resource
+
+In this section, you download an image that you use in your app to enhance how users interact with it.
+
+Download the following image:
+
+- [Icon: Azure AD](https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/1-Authentication/2-sign-in-maui/Resources/Images/azure_active_directory.png) - This image is used as icon in the main page.
+
+### Move the image with Visual Studio
+
+1. In the **Solution Explorer** pane of Visual Studio, expand the **Resources** folder, which reveals the **Images** folder.
+1. Right-click on **Images** and select **Add** > **Existing Item...**.
+1. Navigate to the folder that contains the downloaded images.
+1. Change the filter to file type filter to **Image Files**.
+1. Select the image you downloaded.
+1. Select **Add**.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Tutorial: Sign in users in .NET MAUI shell app](tutorial-desktop-app-maui-sign-in-sign-out.md)