Merge pull request #286445 from MicrosoftDocs/main

Publish to live, Tuesday 4 AM PST, 9/10

Author: ttorble

.openpublishing.redirection.app-service.json

@@ -1980,6 +1980,11 @@
             "redirect_url": "/azure/app-service/tutorial-java-spring-cosmosdb",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/app-service/tutorial-java-quarkus-postgresql-app.md",
+            "redirect_url": "/azure/app-service/tutorial-java-spring-cosmosdb",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/app-service/containers/tutorial-java-spring-cosmosdb.md",
             "redirect_url": "/azure/app-service/tutorial-java-spring-cosmosdb",

articles/active-directory-b2c/add-ropc-policy.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -55,7 +55,7 @@ When using the ROPC flow, consider the following limitations:
 
 ##  Create a resource owner user flow
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as the **global administrator** of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. In the Azure portal, search for and select **Azure AD B2C**.
 1. Select **User flows**, and select **New user flow**.

articles/active-directory-b2c/azure-monitor.md

@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.author: kengaderdus
 ms.subservice: B2C
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.custom: "b2c-support"
 
 
@@ -56,13 +56,13 @@ The following diagram depicts the components you'll configure in your Microsoft
 
 ![Resource group projection](./media/azure-monitor/resource-group-projection.png)
 
-During this deployment, you'll configure your Azure AD B2C tenant where logs are generated. You'll also configure Microsoft Entra tenant where the Log Analytics workspace will be hosted. The Azure AD B2C accounts used (such as your admin account) should be assigned the [Global Administrator](../active-directory/roles/permissions-reference.md#global-administrator) role on the Azure AD B2C tenant. The Microsoft Entra account you'll use to run the deployment must be assigned the [Owner](../role-based-access-control/built-in-roles.md#owner) role in the Microsoft Entra subscription. It's also important to make sure you're signed in to the correct directory as you complete each step as described.
+During this deployment, you'll configure your Azure AD B2C tenant where logs are generated. You'll also configure Microsoft Entra tenant where the Log Analytics workspace will be hosted. The Azure AD B2C accounts used (such as your admin account) should be assigned the [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) role on the Azure AD B2C tenant. The Microsoft Entra account you'll use to run the deployment must be assigned the [Owner](../role-based-access-control/built-in-roles.md#owner) role in the Microsoft Entra subscription. It's also important to make sure you're signed in to the correct directory as you complete each step as described.
 
 In summary, you'll use Azure Lighthouse to allow a user or group in your Azure AD B2C tenant to manage a resource group in a subscription associated with a different tenant (the Microsoft Entra tenant). After this authorization is completed, the subscription and log analytics workspace can be selected as a target in the Diagnostic settings in Azure AD B2C.
 
 ## Prerequisites 
 
-- An Azure AD B2C account with [Global Administrator](../active-directory/roles/permissions-reference.md#global-administrator) role on the Azure AD B2C tenant.
+- An Azure AD B2C account with [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) role on the Azure AD B2C tenant.
 
 -  A Microsoft Entra account with the [Owner](../role-based-access-control/built-in-roles.md#owner) role in the Microsoft Entra subscription. See how to [Assign a user as an administrator of an Azure subscription](../role-based-access-control/role-assignments-portal-subscription-admin.yml). 
 

articles/active-directory-b2c/billing.md

@@ -1,19 +1,15 @@
 ---
 title: Billing model for Azure Active Directory B2C
 description: Learn about Azure AD B2C's monthly active users (MAU) billing model, how to link an Azure AD B2C tenant to an Azure subscription, and how to select the appropriate premium tier pricing.
-
 author: kengaderdus
 manager: CelesteDG
-
 ms.service: active-directory
 ms.topic: reference
-
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
 
-
 #Customer intent: As a business decision maker managing an Azure AD B2C tenant, I want to understand the billing model based on monthly active users (MAU), so that I can determine the cost and pricing structure for my Azure AD B2C tenant.
 
 ---
@@ -33,7 +29,7 @@ A monthly active user (MAU) is a unique user that performs an authentication wit
 
 If Azure AD B2C [Go-Local add-on](data-residency.md#go-local-add-on) is available in your country/region, and you enable it, you'll be charged per MAU, which is an added charge to your Azure AD B2C [Premium P1 or P2 pricing](https://azure.microsoft.com/pricing/details/active-directory-b2c/) license. Learn more [About Local Data Residency add-on](#about-go-local-add-on)  
 
-Also, if you choose to provide higher levels of assurance by using Multi-factor Authentication (MFA) for Voice and SMS, you'll be charged a worldwide flat fee for each MFA attempt that month, whether the sign in is successful or unsuccessful. 
+Also, if you choose to provide higher levels of assurance by using multifactor authentication (MFA) for Voice and SMS, you'll be charged a worldwide flat fee for each MFA attempt that month, whether the sign in is successful or unsuccessful. 
 
 
 > [!IMPORTANT]
@@ -93,7 +89,7 @@ A subscription linked to an Azure AD B2C tenant can be used for the billing of A
 1. Select **Create a resource**, and then, in the **Search services and Marketplace** field, search for and select **Azure Active Directory B2C**.
 1. Select **Create**.
 1. Select **Link an existing Azure AD B2C Tenant to my Azure subscription**.
-1. Select an **Azure AD B2C Tenant** from the dropdown. Only tenants for which you're a global administrator and that aren't already linked to a subscription are shown. The **Azure AD B2C Resource name** field is populated with the domain name of the Azure AD B2C tenant you select.
+1. Select an **Azure AD B2C Tenant** from the dropdown. Only tenants for which you're a Global Administrator and that aren't already linked to a subscription are shown. The **Azure AD B2C Resource name** field is populated with the domain name of the Azure AD B2C tenant you select.
 1. Select an active Azure **Subscription** of which you're an owner.
 1. Under **Resource group**, select **Create new**, and then specify the **Resource group location**. The resource group settings here have no impact on your Azure AD B2C tenant location, performance, or billing status.
 1. Select **Create**.
@@ -214,7 +210,7 @@ Before you start the move, be sure to read the entire article to fully understan
 
 If the source and destination subscriptions are associated with different Microsoft Entra tenants, you can't perform the move via Azure Resource Manager as explained above. However, you can still achieve the same result by unlinking the Azure AD B2C tenant from the source subscription and relinking it to the destination subscription. This method is safe because the only object you delete is the *billing link*, not the Azure AD B2C tenant itself. None of the users, apps, user flows, etc. will be affected.
 
-1. In the Azure AD B2C directory itself, [invite a guest user](user-overview.md#guest-user) from the destination Microsoft Entra tenant (the one that the destination Azure subscription is linked to) and ensure this user has the **Global administrator** role in Azure AD B2C.
+1. In the Azure AD B2C directory itself, [invite a guest user](user-overview.md#guest-user) from the destination Microsoft Entra tenant (the one that the destination Azure subscription is linked to) and ensure this user has the *Global Administrator* role in Azure AD B2C.
 1. Navigate to the *Azure resource* representing Azure AD B2C in your source Azure subscription as explained in the [Manage your Azure AD B2C tenant resources](#manage-your-azure-ad-b2c-tenant-resources) section above. Don't switch to the actual Azure AD B2C tenant.
 1. Select the **Delete** button on the **Overview** page. This action *doesn't* delete the related Azure AD B2C tenant's users or applications. It merely removes the billing link from the source subscription.
 1. Sign in to the Azure portal with the user account that was added as an administrator in Azure AD B2C in step 1. Then navigate to the destination Azure subscription, which is linked to the destination Microsoft Entra tenant. 

articles/active-directory-b2c/conditional-access-user-flow.md

@@ -5,7 +5,7 @@ description: Learn how to add Conditional Access to your Azure AD B2C user flows
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: overview
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 author: kengaderdus
 manager: CelesteDG
@@ -437,4 +437,4 @@ To review the result of a Conditional Access event:
 
 ## Next steps
 
-[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)
+[Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)

articles/active-directory-b2c/custom-policies-series-store-user.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 
 ms.topic: how-to
 ms.custom: b2c-docs-improvements
-ms.date: 06/21/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.reviewer: yoelh
 ms.subservice: B2C
@@ -263,7 +263,7 @@ Follow the steps in [Test the custom policy](custom-policies-series-validate-use
 
 After the policy finishes execution, and you receive your ID token, check that the user record has been created: 
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as at least Privileged Role Administrator.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
 
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 

articles/active-directory-b2c/extensions-app.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
@@ -55,14 +55,14 @@ To restore the app using Microsoft Graph, you must restore both the application
 
 To restore the application object:
 1. Browse to [https://developer.microsoft.com/en-us/graph/graph-explorer](https://developer.microsoft.com/en-us/graph/graph-explorer).
-1. Log in to the site as a global administrator for the Azure AD B2C directory that you want to restore the deleted app for. This global administrator must have an email address similar to the following: `username@{yourTenant}.onmicrosoft.com`.
+1. Sign in to the site as a [Application Administrator](/entra/identity/role-based-access-control/permissions-reference#application-administrator) for the Azure AD B2C directory that you want to restore the deleted app for.
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.application`. This operation will list all of the applications that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.application?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the application in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
-1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.]
+1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.
 
 To restore the service principal object:
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.servicePrincipal`. This operation will list all of the service principals that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the service principal in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
 1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.
 
-You should now be able to [see the restored app](#verifying-that-the-extensions-app-is-present) in the Azure portal.
+You should now be able to [see the restored app](#verifying-that-the-extensions-app-is-present) in the Azure portal.

articles/active-directory-b2c/idp-pass-through-user-flow.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -49,7 +49,7 @@ The following diagram shows how an identity provider token returns to your app:
 
 ## Enable the claim
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **User flows (policies)**, and then select your user flow. For example, **B2C_1_signupsignin1**.

articles/active-directory-b2c/partner-twilio.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
@@ -98,7 +98,7 @@ The following components make up the Twilio solution:
 
 Add the policy files to Azure AD B2C:
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) as the [B2C IEF Policy Administrator](/entra/identity/role-based-access-control/permissions-reference#b2c-ief-policy-administrator) of your Azure AD B2C tenant.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Navigate to **Azure AD B2C** > **Identity Experience Framework** > **Policy Keys**.

articles/active-directory-b2c/phone-based-mfa.md

@@ -7,7 +7,7 @@ author: kengaderdus
 manager: CelesteDG
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 03/01/2024
+ms.date: 09/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
@@ -93,7 +93,7 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
 - Remove country codes that aren't relevant to your organization from the drop-down menu where the user verifies their phone number (this change will apply to future sign-ups):
 
-   1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of your Azure AD B2C tenant.
+   1. Sign in to the [Azure portal](https://portal.azure.com) as the [External ID User Flow Administrator](/entra/identity/role-based-access-control/permissions-reference#external-id-user-flow-administrator) of your Azure AD B2C tenant.
    1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
    1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
    1. Select the user flow, and then select **Languages**. Select the language for your organization's geographic location to open the language details panel. (For this example, we'll select **English en** for the United States). Select **Multifactor authentication page**, and then select **Download defaults (en)**.
@@ -110,8 +110,8 @@ Take the following actions to help mitigate fraudulent sign-ups.
 
       ![Country code drop-down](media/phone-based-mfa/country-code-drop-down.png)
 
-## Next steps
+## Related content
 
 - Learn about [Identity Protection and Conditional Access for Azure AD B2C](conditional-access-identity-protection-overview.md) 
 
-- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)
+- Apply [Conditional Access to user flows in Azure Active Directory B2C](conditional-access-user-flow.md)