Merge pull request #83294 from MicrosoftDocs/repo_sync_working_branch

Resolve syncing conflicts from repo_sync_working_branch to master

Author: ktoliver

.openpublishing.redirection.json

@@ -26176,6 +26176,11 @@
       "redirect_url": "/azure/sentinel/data-connectors-reference#salesforce-service-cloud-preview",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/sentinel/connect-security-events.md",
+      "redirect_url": "/azure/sentinel/data-connectors-reference#security-events-windows",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/sentinel/connect-sophos-cloud-optix.md",
       "redirect_url": "/azure/sentinel/data-connectors-reference#sophos-cloud-optix-preview",
@@ -26241,6 +26246,11 @@
       "redirect_url": "/azure/sentinel/data-connectors-reference#windows-firewall",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/sentinel/connect-windows-security-events.md",
+      "redirect_url": "/azure/sentinel/data-connectors-reference#windows-security-events-preview",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/sentinel/connect-wirex-systems.md",
       "redirect_url": "/azure/sentinel/data-connectors-reference#wirex-network-forensics-platform-preview",

CODEOWNERS

@@ -46,7 +46,7 @@ articles/service-health @rboucher
 /articles/synapse-analytics/synapse-link/ @Rodrigossz @SnehaGunda @jovanpop-msft
 
 # Cognitive Services
-/articles/cognitive-services/ @aahill @patrickfarley @nitinme @mrbullwinkle @laujan
+/articles/cognitive-services/ @aahill @patrickfarley @nitinme @mrbullwinkle @laujan @eric-urban
 
 # DevOps
 /articles/ansible/ @TomArcherMsft

articles/active-directory-b2c/TOC.yml

@@ -7,6 +7,7 @@
     href: overview.md
   - name: Technical and feature overview
     href: technical-overview.md
+    displayName: Azure AD B2C architecture, SLA, Azure AD B2C high availability, Azure AD B2C SLA, HA
   - name: Supported Azure AD features
     href: supported-azure-ad-features.md
   - name: What's new in docs?
@@ -81,7 +82,7 @@
       href: custom-policy-overview.md
   - name: API Connectors
     href: api-connectors-overview.md
-    displayName: REST API, web API, API connectors
+    displayName: REST API, web API, API connectors, Dynamic data retrieval, external data sources, external identity data source, outbound webhooks, third-party integration
   - name: User accounts
     href: user-overview.md
   - name: User profile attributes
@@ -396,12 +397,13 @@
     items:
     - name: Modify sign-up experiences 
       href: add-api-connector.md
-      displayName: rest claims validation, validate
+      displayName: rest claims validation, validate, third-party integration, outbound webhook, third-party integration
     - name: Enrich tokens with external claims
       href: add-api-connector-token-enrichment.md
-      displayName: rest claims exchange
+      displayName: rest claims exchange, API connectors, Dynamic data retrieval, external data sources, external identity data source, outbound webhooks, third-party integration
     - name: Secure an API connector
       href: secure-rest-api.md
+      displayName: API connectors, Dynamic data retrieval, external data sources, external identity data source, outbound webhooks, third-party integration
   - name: Troubleshooting
     items:
     - name: Collect logs using Application Insights
@@ -607,6 +609,7 @@
     displayName: Page version
   - name: Region availability & data residency
     href: data-residency.md
+    displayName: SLA, Azure AD B2C high availability, Azure AD B2C SLA, high availability, HA
   - name: Build for resilience
     items:
     - name: Azure AD B2C introduction to resilience

articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -1,6 +1,6 @@
 ---
 title: Token enrichment  - Azure Active Directory B2C
-description: Enrich tokens with claims from external sources using APIs.
+description: Enrich tokens with claims from external identity data sources using APIs or outbound webhooks.
 services: active-directory-b2c
 author: kengaderdus
 manager: CelesteDG
@@ -18,7 +18,7 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-Azure Active Directory B2C (Azure AD B2C) enables identity developers to integrate an interaction with a RESTful API into their user flow using [API connectors](api-connectors-overview.md). At the end of this walkthrough, you'll be able to create an Azure AD B2C user flow that interacts with APIs to enrich tokens with information from external sources.
+Azure Active Directory B2C (Azure AD B2C) enables identity developers to integrate an interaction with a RESTful API into their user flow using [API connectors](api-connectors-overview.md). It enables developers to dynamically retrieve data from external identity sources. At the end of this walkthrough, you'll be able to create an Azure AD B2C user flow that interacts with APIs to enrich tokens with information from external sources.
 
 ::: zone pivot="b2c-user-flow"
 

articles/active-directory-b2c/api-connectors-overview.md

@@ -1,11 +1,11 @@
 ---
 title: About API connectors in Azure AD B2C
-description: Use Azure Active Directory (Azure AD) API connectors to customize and extend your user flows by using REST APIs. 
+description: Use Azure Active Directory (Azure AD) API connectors to customize and extend your user flows by using REST APIs or outbound webhooks to external identity data sources. 
 services: active-directory-b2c
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: how-to
-ms.date: 07/05/2021
+ms.date: 11/02/2021
 
 ms.author: kengaderdus
 author: kengaderdus
@@ -14,7 +14,7 @@ ms.custom: "it-pro"
 zone_pivot_groups: b2c-policy-type
 ---
 
-# Use API connectors to customize and extend sign-up user flows
+# Use API connectors to customize and extend sign-up user flows with external identity data sources 
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
@@ -25,7 +25,7 @@ zone_pivot_groups: b2c-policy-type
 As a developer or IT administrator, you can use API connectors to integrate your sign-up user flows with REST APIs to customize the sign-up experience and integrate with external systems. For example, with API connectors, you can:
 
 - **Validate user input data**. Validate against malformed or invalid user data. For example, you can validate user-provided data against existing data in an external data store or list of permitted values. If invalid, you can ask a user to provide valid data or block the user from continuing the sign-up flow.
-- **Verify user identity**. Use an identity verification service to add an extra level of security to account creation decisions.
+- **Verify user identity**. Use an identity verification service or external identity data sources to add an extra level of security to account creation decisions.
 - **Integrate with a custom approval workflow**. Connect to a custom approval system for managing and limiting account creation.
 - **Augment tokens with attributes from external sources**. Enrich tokens with attributes about the user from sources external to Azure AD B2C such as cloud systems, custom user stores, custom permission systems, legacy identity services, and more.
 - **Overwrite user attributes**. Reformat or assign a value to an attribute collected from the user. For example, if a user enters the first name in all lowercase or all uppercase letters, you can format the name with only the first letter capitalized. 
@@ -74,9 +74,9 @@ The Identity Experience Framework, which underlies Azure Active Directory B2C (A
 
 Using Azure AD B2C, you can add your own business logic to a user journey by calling your own RESTful service. The Identity Experience Framework can send and receive data from your RESTful service to exchange claims. For example, you can:
 
-- **Validate user input data**. For example, you can verify that the email address provided by the user exists in your customer's database, and if not, present an error.
-- **Process claims**. If a user enters their first name in all lowercase or all uppercase letters, your REST API can format the name with only the first letter capitalized and return it to Azure AD B2C.
-- **Enrich user data by further integrating with corporate line-of-business applications**. Your RESTful service can receive the user's email address, query the customer's database, and return the user's loyalty number to Azure AD B2C. Then return claims can be stored in the user's Azure AD account, evaluated in the next orchestration steps, or included in the access token.
+- **Use external identity data source to validate user input data**. For example, you can verify that the email address provided by the user exists in your customer's database, and if not, present an error. You can as well think of API connectors as a way of supporting outbound webhooks because the call is made when an event occurs e.g. a sign up.
+- **Process claims**. If a user enters their first name in all lowercase or all uppercase letters, your REST API can format the name with only the first letter capitalized and return it to Azure AD B2C. However, when using a custom policy, [ClaimsTransformations](claimstransformations.md) is preferred over calling a RESTful API. 
+- **Dynamically enrich user data by further integrating with corporate line-of-business applications**. Your RESTful service can receive the user's email address, query the customer's database, and return the user's loyalty number to Azure AD B2C. Then return claims can be stored in the user's Azure AD account, evaluated in the next orchestration steps, or included in the access token.
 - **Run custom business logic**. You can send push notifications, update corporate databases, run a user migration process, manage permissions, audit databases, and perform any other workflows.
 
 ![Diagram of a RESTful service claims exchange](media/api-connectors-overview/restful-service-claims-exchange.png)

articles/active-directory-b2c/azure-sentinel.md

@@ -104,8 +104,7 @@ In the following example, you receive a notification if someone tries to force a
 
 6. Select **Next: Incident settings (Preview)**. You'll configure and add the automated response later.
 
-7. Go to the **Review and create** tab to review all the
-   settings for your new alert rule. When the **Validation passed** message appears, select **Create** to initialize your alert rule.
+7. Go to the **Review and create** tab to review all the settings for your new alert rule. When the **Validation passed** message appears, select **Create** to initialize your alert rule.
 
     ![Screenshot that shows the tab for reviewing and creating an rule.](./media/azure-sentinel/review-create.png)
 

articles/active-directory-b2c/data-residency.md

@@ -1,7 +1,7 @@
 ---
 title: Region availability and data residency
 titleSuffix: Azure AD B2C
-description: Region availability, data residency, and information about Azure Active Directory B2C preview tenants.
+description: Region availability, data residency, high availability, SLA, and information about Azure Active Directory B2C preview tenants.
 services: active-directory-b2c
 author: kengaderdus
 manager: CelesteDG
@@ -29,8 +29,7 @@ Azure AD B2C is **generally available worldwide** with the option for **data res
 
 ## Region availability
 
-Azure AD B2C is available worldwide via the Azure public cloud. You can see examples of this feature in both Azure's [Products Available By Region](https://azure.microsoft.com/regions/services/) page and the [Active Directory B2C pricing calculator](https://azure.microsoft.com/pricing/details/active-directory-b2c/).
-
+Azure AD B2C is available worldwide via the Azure public cloud. You can see availability of this service in both Azure's [Products Available By Region](https://azure.microsoft.com/regions/services/) page and the [Active Directory B2C pricing calculator](https://azure.microsoft.com/pricing/details/active-directory-b2c/). Also, Azure AD B2C service is highly available. Learn more about [Service Level Agreement (SLA) for Azure Active Directory B2C](https://azure.microsoft.com/support/legal/sla/active-directory-b2c/v1_1).
 ## Data residency
 
 Azure AD B2C stores user data in the United States, Europe, the Asia Pacific region, or Australia.

articles/active-directory-b2c/extensions-app.md

@@ -8,17 +8,17 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/06/2017
+ms.date: 11/02/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
 
-# Azure AD B2C: Extensions app
+# Azure AD B2C: Extensions app 
 
-When an Azure AD B2C directory is created, an app called `b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.` is automatically created inside the new directory. This app, referred to as the **b2c-extensions-app**, is visible in *App registrations*. It is used by the Azure AD B2C service to store information about users and custom attributes. If the app is deleted, Azure AD B2C will not function correctly and your production environment will be affected.
+When an Azure AD B2C directory is created, an app called **b2c-extensions-app** is automatically created inside the new directory. This app is visible in *App registrations*. It is used by the Azure AD B2C service to store information about users and custom attributes. If the app is deleted, Azure AD B2C will not function correctly and your production environment will be affected.
 
 > [!IMPORTANT]
-> Do not delete the b2c-extensions-app unless you are planning to immediately delete your tenant. If the app remains deleted for more than 30 days, user information will be permanently lost.
+> Do not delete the **b2c-extensions-app** unless you are planning to immediately delete your tenant. If the app remains deleted for more than 30 days, user information will be permanently lost.
 
 ## Verifying that the extensions app is present
 

articles/active-directory-b2c/technical-overview.md

@@ -1,6 +1,6 @@
 ---
 title: Technical and feature overview - Azure Active Directory B2C
-description: An in-depth introduction to the features and technologies in Azure Active Directory B2C.
+description: An in-depth introduction to the features and technologies in Azure Active Directory B2C. Azure Active Directory B2C has high availability globally. 
 services: active-directory-b2c
 author: kengaderdus
 manager: CelesteDG
@@ -157,9 +157,9 @@ You can customize the email to users that sign up to use your applications. By u
 * [Custom email verification with Mailjet](custom-email-mailjet.md)
 * [Custom email verification with SendGrid](custom-email-sendgrid.md)
 
-## Add your own business logic
+## Add your own business logic and call RESTful API
 
-If you choose to use custom policies, you can integrate with a RESTful API in a user journey to add your own business logic to the journey. For example, Azure AD B2C can exchange data with a RESTful service to:
+You can integrate with a RESTful API in both user flows and custom policies. The difference is, in user flows, you make calls at specified places, whereas in custom policies, you add your own business logic to the journey. This feature allows you to retrieve and use data from external identity sources. Azure AD B2C can exchange data with a RESTful service to:
 
 * Display custom user-friendly error messages.
 * Validate user input to prevent malformed data from persisting in your user directory. For example, you can modify the data entered by the user, such as capitalizing their first name if they entered it in all lowercase.
@@ -297,9 +297,9 @@ By integrating Azure Application Insights into Azure AD B2C custom policies, you
 For more information, see [Track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md).
 
 ## Region availability and data residency
-Azure AD B2C service is generally available worldwide, for availability, with the option for data residency in regions as specified in [Products available by region](https://azure.microsoft.com/regions/services/). Data residency is determined by the country/region you select when you [create your tenant](tutorial-create-tenant.md). 
+Azure AD B2C service is generally available worldwide with the option for data residency in regions as specified in [Products available by region](https://azure.microsoft.com/regions/services/). Data residency is determined by the country/region you select when you [create your tenant](tutorial-create-tenant.md). 
 
-Learn more about [Azure Active Directory B2C service Region availability & data residency](data-residency.md).
+Learn more about [Azure Active Directory B2C service Region availability & data residency](data-residency.md) and [Service Level Agreement (SLA) for Azure Active Directory B2C](https://azure.microsoft.com/support/legal/sla/active-directory-b2c/v1_1).
 
 ## Automation using Microsoft Graph API
 

articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md

@@ -70,7 +70,6 @@ The following scenarios aren't supported:
 - *Run as* by using a security key.
 - Log in to a server by using a security key.
 
-
 ## Install the Azure AD Kerberos PowerShell module
 
 The [Azure AD Kerberos PowerShell module](https://www.powershellgallery.com/packages/AzureADHybridAuthenticationManagement) provides FIDO2 management features for administrators.
@@ -93,18 +92,17 @@ The [Azure AD Kerberos PowerShell module](https://www.powershellgallery.com/pack
 
 ## Create a Kerberos Server object
 
-Administrators use PowerShell tools from their Azure AD Connect server to create an Azure AD Kerberos Server object in their on-premises directory. Run the following steps in each domain and forest in your organization that contains Azure AD users:
+Administrators use the Azure AD Kerberos PowerShell module to create an Azure AD Kerberos Server object in their on-premises directory.
+
+Run the following steps in each domain and forest in your organization that contain Azure AD users:
 
-1. Upgrade to the latest version of Azure AD Connect. The instructions assume that you've already configured Azure AD Connect to support your hybrid environment.
-1. On the Azure AD Connect server, open an elevated PowerShell prompt, and then go to *C:\Program Files\Microsoft Azure Active Directory Connect\AzureADKerberos\\*.
-1. Run the following PowerShell commands to create a new Azure AD Kerberos Server object in both your on-premises Active Directory domain and Azure AD tenant.
+1. Open a PowerShell prompt using the Run as administrator option.
+1. Run the following PowerShell commands to create a new Azure AD Kerberos Server object both in your on-premises Active Directory domain and in your Azure Active Directory tenant.
 
    > [!NOTE]
    > Replace `contoso.corp.com` in the following example with your on-premises Active Directory domain name.
 
-   ```powerShell
-   Import-Module ".\AzureAdKerberos.psd1"
-
+   ```powershell
    # Specify the on-premises Active Directory domain. A new Azure AD
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = "contoso.corp.com"
@@ -139,12 +137,10 @@ Administrators use PowerShell tools from their Azure AD Connect server to create
 
    > [!NOTE]
    > If your organization protects password-based sign-in and enforces modern authentication methods such as multifactor authentication, FIDO2, or smart card technology, you must use the `-UserPrincipalName` parameter with the User Principal Name (UPN) of a global administrator.
-   >    - Replace `contoso.corp.com` in the following example with your on-premises Active Directory domain name.
-   >    - Replace `[email protected]` in the following example with the UPN of a global administrator.
-
-   ```powerShell
-   Import-Module ".\AzureAdKerberos.psd1"
+   > - Replace `contoso.corp.com` in the following example with your on-premises Active Directory domain name.
+   > - Replace `[email protected]` in the following example with the UPN of a global administrator.
 
+   ```powershell
    # Specify the on-premises Active Directory domain. A new Azure AD
    # Kerberos Server object will be created in this Active Directory domain.
    $domain = "contoso.corp.com"