address verbatims- september and october

Author: kengaderdus

articles/active-directory-b2c/access-tokens.md

@@ -62,7 +62,7 @@ If the **response_type** parameter in an `/authorize` request includes `token`,
 
 To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code. Custom domains are not supported for use with access tokens. Use your tenant-name.onmicrosoft.com domain in the request URL.
 
-In the following example, you replace these values:
+In the following example, you replace these values in the query string:
 
 - `<tenant-name>` - The name of your Azure AD B2C tenant.
 - `<policy-name>` - The name of your custom policy or user flow.
@@ -86,7 +86,7 @@ The response with the authorization code should be similar to this example:
 https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 ```
 
-After successfully receiving the authorization code, you can use it to request an access token:
+After successfully receiving the authorization code, you can use it to request an access token. Note that the parameters are in the body of the HTTP POST request:
 
 ```http
 POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
@@ -100,7 +100,7 @@ grant_type=authorization_code
 &redirect_uri=https://jwt.ms
 &client_secret=2hMG2-_:y12n10vwH...
 ```
-
+ 
 You should see something similar to the following response:
 
 ```json

articles/active-directory-b2c/add-ropc-policy.md

@@ -68,7 +68,7 @@ When using the ROPC flow, consider the following:
 ::: zone pivot="b2c-custom-policy"
 
 ## Pre-requisite 
-If you've not done so, learn about custom policy starter pack in [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md)
+If you've not done so, learn about custom policy starter pack in [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).
 
 ##  Create a resource owner policy
 

articles/active-directory-b2c/configure-authentication-sample-spa-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/15/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"

articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -47,10 +47,10 @@ To enable sign-in for users with an Azure AD account from a specific Azure AD or
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Make sure you're using the directory that contains your organizational Azure AD tenant (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**.
+1. Under **Azure services**, select **App registrations** or search for and select **App registrations**.
 1. Select **New registration**.
 1. Enter a **Name** for your application. For example, `Azure AD B2C App`.
-1. Accept the default selection of **Accounts in this organizational directory only** for this application.
+1. Accept the default selection of **Accounts in this organizational directory only (Default Directory only - Single tenant)** for this application.
 1. For the **Redirect URI**, accept the value of **Web**, and enter the following URL in all lowercase letters, where `your-B2C-tenant-name` is replaced with the name of your Azure AD B2C tenant.
 
     ```

articles/active-directory-b2c/secure-rest-api.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/20/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -39,7 +39,7 @@ HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/r
 To configure an API Connector with HTTP basic authentication, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Under **Azure services**, select **Azure AD B2C**.
+2. Under **Azure services**, select **Azure AD B2C** or search for and select **Azure AD B2C**.
 3. Select **API connectors**, and then select the **API Connector** you want to configure.
 4. For the **Authentication type**, select **Basic**.
 5. Provide the **Username**, and **Password** of your REST API endpoint.

articles/active-directory-b2c/tenant-management.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/04/2021
+ms.date: 10/25/2021
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -35,19 +35,21 @@ To create a new administrative account, follow these steps:
 1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
 1. Under **Manage**, select **Users**.
 1. Select **New user**.
+1. Select **Create user** (you can create many users at once by selecting **I want to create users in bulk**).
 1. On the **User** page, enter information for this user:
 
-   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
-   - **User name**. Required. The user name of the new user. For example, `[email protected]`.
-     The domain part of the user name must use either the initial default domain name, *\<yourdomainname>.onmicrosoft.com*.
-   - **Groups**. Optionally, you can add the user to one or more existing groups. You can also add the user to groups at a later time. 
+  
+   - **User name**. *Required*. The user name of the new user. For example, `[email protected]`.
+     The domain part of the user name must use either the initial default domain name, *\<tenant name>.onmicrosoft.com* or your [custom domain](custom-domain.md) such as `contoso.com`.
+   - **Name**. *Required*. The first and last name of the new user. For example, *Mary Parker*.
+   - **Groups**. *Optional*. You can add the user to one or more existing groups. You can also add the user to groups at a later time. 
    - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. You can assign the user to be a Global administrator or one or more of the limited administrator roles in Azure AD. For more information about assigning roles, see [Use roles to control resource access](roles-resource-access-control.md).
    - **Job info**: You can add more information about the user here, or do it later. 
 
 1. Copy the autogenerated password provided in the **Password** box. You'll need to give this password to the user to sign in for the first time.
 1. Select **Create**.
 
-The user is created and added to your Azure AD B2C tenant. It's preferable to have at least one work account native to your Azure AD B2C tenant assigned the Global Administrator role. This account can be considered a break-glass account.
+The user is created and added to your Azure AD B2C tenant. It's preferable to have at least one work account native to your Azure AD B2C tenant assigned the Global Administrator role. This account can be considered a *break-glass account*.
 
 ## Invite an administrator (guest account)
 
@@ -63,10 +65,10 @@ To invite a user, follow these steps:
 1. Select **New guest account**.
 1. On the **User** page, enter information for this user:
 
-   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
-   - **Email address**. Required. The email address of the user you would like to invite. For example, `[email protected]`.   
+   - **Name**. *Required*. The first and last name of the new user. For example, *Mary Parker*.
+   - **Email address**. *Required*. The email address of the user you would like to invite, which must be a Microsoft account. For example, `[email protected]`.   
    - **Personal message**: You add a personal message that will be included in the invite email.
-   - **Groups**. Optionally, you can add the user to one or more existing groups. You can also add the user to groups at a later time.
+   - **Groups**. *Optional*. You can add the user to one or more existing groups. You can also add the user to groups at a later time.
    - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. You can assign the user to be a Global administrator or one or more of the limited administrator roles in Azure AD. For more information about assigning roles, see [Use roles to control resource access](roles-resource-access-control.md).
    - **Job info**: You can add more information about the user here, or do it later.
 

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -55,7 +55,7 @@ You learn how to register an application in the next tutorial.
 1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription your're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
 
     1. On the Azure portal, search for and select **Subscriptions**.
-    2. Select your subscription, and then in the left menu, select **Resource providers**. If you do not see the menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page.
+    2. Select your subscription, and then in the left menu, select **Resource providers**. If you do not see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to open it.
     3. Make sure the **Microsoft.AzureActiveDirectory** row shows a status of **Registered**. If it doesn't, select the row, and then select **Register**.
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.

articles/active-directory-b2c/user-flow-overview.md

@@ -78,9 +78,9 @@ The following table gives a detailed comparison of the scenarios you can enable
 |-|-------------------|-----------------|
 | Target users | All application developers with or without identity expertise. | Identity pros, systems integrators, consultants, and in-house identity teams. They are comfortable with OpenID Connect flows and understand identity providers and claims-based authentication. |
 | Configuration method | Azure portal with a user-friendly user-interface (UI). | Directly editing XML files and then uploading to the Azure portal. |
-| UI customization | [Full UI customization](customize-ui-with-html.md) including HTML, CSS and, [JavaScript](javascript-and-page-layout.md).<br><br>[Multilanguage support](language-customization.md) with Custom strings. | Same |
-| Attribute customization | Standard and custom attributes. | Same |
-| Token and session management | [Customize tokens](configure-tokens.md) and [sessions behavior](session-behavior.md). | Same |
+| UI customization | [Full UI customization](customize-ui-with-html.md) including HTML, CSS and, [JavaScript](javascript-and-page-layout.md).<br><br>[Multilanguage support](language-customization.md) with Custom strings. | Same as User flows |
+| Attribute customization | Standard and custom attributes. | Same as User flows |
+| Token and session management | [Customize tokens](configure-tokens.md) and [sessions behavior](session-behavior.md). | Same as User flows |
 | Identity Providers | [Predefined local](identity-provider-local.md) or [social provider](add-identity-provider.md), such as federation with Azure Active Directory tenants. | Standards-based OIDC, OAUTH, and SAML.  Authentication is also possible by using integration with REST APIs. |
 | Identity Tasks | [Sign-up or sign-in](add-sign-up-and-sign-in-policy.md) with local or many social accounts.<br><br>[Self-service password reset](add-password-reset-policy.md).<br><br>[Profile edit](add-profile-editing-policy.md).<br><br>Multi-Factor Authentication.<br><br>Access token flows. | Complete the same tasks as user flows using custom identity providers or use custom scopes.<br><br>Provision a user account in another system at the time of registration.<br><br>Send a welcome email using your own email service provider.<br><br>Use a user store outside Azure AD B2C.<br><br>Validate user provided information with a trusted system by using an API. |
 

includes/active-directory-b2c-advanced-audience-warning.md

@@ -6,4 +6,4 @@ ms.date: 04/09/2021
 ms.author: kengaderdus
 ---
 > [!NOTE]
-> In Azure Active Directory B2C, [custom policies](../articles/active-directory-b2c/user-flow-overview.md) are designed primarily to address complex scenarios. For most scenarios, we recommend that you use built-in [user flows](../articles/active-directory-b2c/user-flow-overview.md).
+> In Azure Active Directory B2C, [custom policies](../articles/active-directory-b2c/user-flow-overview.md) are designed primarily to address complex scenarios. For most scenarios, we recommend that you use built-in [user flows](../articles/active-directory-b2c/user-flow-overview.md). If you've not done so, learn about custom policy starter pack in [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).