Merge pull request #295196 from MicrosoftDocs/main

2/24/2025 AM Publish

Author: Taojunshen

articles/active-directory-b2c/add-ropc-policy.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 09/11/2024
+ms.date: 02/24/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type

articles/active-directory-b2c/b2clogin.md

@@ -1,15 +1,15 @@
 ---
 title: Migrate applications and APIs to b2clogin.com
 titleSuffix: Azure AD B2C
-description: Learn about using b2clogin.com in your redirect URLs for Azure Active Directory B2C.
+description: Learn how to update redirect URLs in Azure AD B2C applications to use b2clogin.com or a custom domain for authentication endpoints.
 
 author: kengaderdus
 manager: CelesteDG
 
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/26/2024
+ms.date: 02/26/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -40,9 +40,9 @@ With Azure AD B2C [custom domain](./custom-domain.md) the corresponding updated
 - <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/authorize</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/authorize?<b>p=\<policy-name\></b></code> for the `/authorize` endpoint.
 - <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/<b>\<policy-name\></b>/oauth2/v2.0/logout</code> or <code>https://<b>login.contoso.com</b>/\<tenant-name\>.onmicrosoft.com/oauth2/v2.0/logout?<b>p=\<policy-name\></b></code> for the `/logout` endpoint.
 
-## Endpoints that are not affected
+## Endpoints that aren't affected
 
-Some customers use the shared capabilities of Microsoft Entra enterprise tenants. For example, acquiring an access token to call the [MS Graph API](microsoft-graph-operations.md#code-discussion) of the Azure AD B2C tenant.
+Some customers use the shared capabilities of Microsoft Entra enterprise tenants. For example, acquiring an access token to call the [MS Graph API](microsoft-graph-operations.md) of the Azure AD B2C tenant.
 
 This change doesn't affect all endpoints, which don't contain a policy parameter in the URL. They're accessed only with the Microsoft Entra ID's login.microsoftonline.com endpoints, and can't be used with the *b2clogin.com*, or custom domains. The following example shows a valid token endpoint of the Microsoft identity platform:
 
@@ -64,7 +64,6 @@ There are several modifications you might need to make to migrate your applicati
 * Update your Azure AD B2C applications to use *b2clogin.com*, or custom domain in their user flow and token endpoint references. The change may include updating your use of an authentication library like Microsoft Authentication Library (MSAL).
 * Update any **Allowed Origins** that you define in the CORS settings for [user interface customization](customize-ui-with-html.md).
 
-
 ## Change identity provider redirect URLs
 
 On each identity provider's website in which you've created an application, change all trusted URLs to redirect to `your-tenant-name.b2clogin.com`, or a custom domain instead of *login.microsoftonline.com*.
@@ -146,7 +145,7 @@ this.clientApplication = new UserAgentApplication(
 );
 ```
 
-## Next steps
+## Related content
 
 For information about migrating OWIN-based web applications to b2clogin.com, see [Migrate an OWIN-based web API to b2clogin.com](multiple-token-endpoints.md).
 

articles/active-directory-b2c/custom-email-mailjet.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -33,7 +33,7 @@ Use custom email in Azure Active Directory B2C (Azure AD B2C) to send customized
 
 ::: zone pivot="b2c-custom-policy"
 
-Custom email verification requires the use of a third-party email provider like [Mailjet](https://www.mailjet.com/), [SendGrid](./custom-email-sendgrid.md), or [SparkPost](https://messagebird.com/email/cloud-sending?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses Mailjet.
+Custom email verification requires the use of a third-party email provider like [Mailjet](https://www.mailjet.com/), [SendGrid](./custom-email-sendgrid.md), or [SparkPost](https://messagebird.com/support-center/omnichannel-and-connectivity/sms/sending-email-to-sms?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses Mailjet.
 
 ## Create a Mailjet account
 
@@ -74,7 +74,7 @@ With a Mailjet account created and the Mailjet API key stored in an Azure AD B2C
 1. On the Mailjet site, open the [transactional templates](https://app.mailjet.com/templates/transactional) page and select **Create a new template**.
 1. Select **By coding it in HTML**, and then select **Code from scratch**.
 1. Enter a unique template name like `Verification email`, and then select **Create**.
-1. In the HTML editor, paste following HTML template or use your own. The `{{var:otp:""}}` and `{{var:email:""}}` parameters will be replaced dynamically with the one-time password value and the user email address.
+1. In the HTML editor, paste following HTML template or use your own. The `{{var:otp:""}}` and `{{var:email:""}}` parameters are replaced dynamically with the one-time password value and the user email address.
 
     ```HTML
     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -210,7 +210,7 @@ These claims types are necessary to generate and verify the email address using
 
 ## Add the claims transformation
 
-Next, you need a claims transformation to output a JSON string claim that will be the body of the request sent to Mailjet.
+Next, you need a claims transformation to output a JSON string claim that's the body of the request sent to Mailjet.
 
 The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md).
 
@@ -572,9 +572,9 @@ The Localization element allows you to support multiple locales or languages in
 ```
 
 
-## Next steps
+## Related content
 
 - You can find an example of a [Custom email verification - DisplayControls](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/Mailjet) custom policy on GitHub.
 - For information about using a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/custom-email-sendgrid.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -33,7 +33,7 @@ Use custom email in Azure Active Directory B2C (Azure AD B2C) to send customized
 
 ::: zone pivot="b2c-custom-policy"
 
-Custom email verification requires the use of a third-party email provider like [SendGrid](https://sendgrid.com), [Mailjet](https://www.mailjet.com/), or [SparkPost](https://messagebird.com/email/cloud-sending?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses SendGrid.
+Custom email verification requires the use of a third-party email provider like [SendGrid](https://sendgrid.com), [Mailjet](https://www.mailjet.com/), or [SparkPost](https://messagebird.com/support-center/omnichannel-and-connectivity/sms/sending-email-to-sms?sp=true), a custom REST API, or any HTTP-based email provider (including your own). This article describes setting up a solution that uses SendGrid.
 
 ## Create a SendGrid account
 
@@ -42,7 +42,7 @@ If you don't already have one, start by setting up a SendGrid account. For setup
 Make sure you complete the section in which you [create a SendGrid API key](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#to-find-your-sendgrid-api-key). Record the API key for use in a later step.
 
 > [!IMPORTANT]
-> SendGrid offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://docs.sendgrid.com/ui/account-and-settings/dedicated-ip-addresses). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [Warming Up An Ip Address](https://docs.sendgrid.com/ui/sending-email/warming-up-an-ip-address).
+> SendGrid offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://docs.sendgrid.com/ui/account-and-settings/dedicated-ip-addresses). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [Warming Up An IP Address](https://www.twilio.com/docs/sendgrid/ui/sending-email/warming-up-an-ip-address).
 
 ## Create Azure AD B2C policy key
 
@@ -558,9 +558,9 @@ The Localization element allows you to support multiple locales or languages in
 ```
 
 
-## Next steps
+## Related content
 
 - Find an example of [Custom email verification - DisplayControls custom policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid) on GitHub.
 - Learn how to use a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).
 
-::: zone-end
+::: zone-end

articles/active-directory-b2c/enable-authentication-python-web-app.md

@@ -1,5 +1,5 @@
 ---
-title: Enable authentication in your own Python web application using Azure Active Directory B2C
+title: Enable authentication in your own Python web application using Azure AD B2C
 description: This article explains how to enable authentication in your own Python web application using Azure AD B2C
 titleSuffix: Azure AD B2C
 
@@ -8,23 +8,23 @@ manager: CelesteDG
 ms.service: azure-active-directory
 ms.custom: devx-track-python
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/21/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 #Customer intent: As a Python web application developer, I want to enable Azure Active Directory B2C authentication in my application, so that users can sign in, sign out, update their profile, and reset their password using Azure AD B2C user flows.
 ---
 
 # Enable authentication in your own Python web application using Azure Active Directory B2C
 
-In this article, you'll learn how to add Azure Active Directory B2C (Azure AD B2C) authentication in your own Python web application. You'll enable users to sign in, sign out, update profile and reset password using Azure AD B2C user flows. This article uses [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/main) to simplify adding authentication to your Python web application.
+In this article, you learn how to add Azure Active Directory B2C (Azure AD B2C) authentication in your own Python web application. You enable users to sign in, sign out, update profile and reset password using Azure AD B2C user flows. This article uses [Microsoft Authentication Library (MSAL) for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/main) to simplify adding authentication to your Python web application.
 
 The aim of this article is to substitute the sample application you used in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md) with your own Python application.
 
-This article uses [Python 3.9+](https://www.python.org/) and [Flask 2.1](https://flask.palletsprojects.com/en/2.1.x/) to create a basic web app. The application's views uses [Jinja2 templates](https://flask.palletsprojects.com/en/2.1.x/templating/).
+This article uses [Python 3.9+](https://www.python.org/) and [Flask 2.1](https://flask.palletsprojects.com/en/stable/installation/) to create a basic web app. The application's views use [Jinja2 templates](https://flask.palletsprojects.com/en/2.1.x/templating/).
 
 ## Prerequisites
 
-- Complete the steps in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md). You'll create Azure AD B2C user flows and register a web application in Azure portal.
+- Complete the steps in [Configure authentication in a sample Python web application by using Azure AD B2C](configure-authentication-sample-python-web-app.md). You create Azure AD B2C user flows and register a web application in Azure portal.
 - Install [Python](https://www.python.org/downloads/) 3.9 or above
 - [Visual Studio Code](https://code.visualstudio.com/) or another code editor
 - Install the [Python extension](https://marketplace.visualstudio.com/items?itemName=ms-python.python) for Visual Studio Code
@@ -126,7 +126,7 @@ py -m pip install -r requirements.txt
 
 ## Step 3: Build app UI components
 
-Flask is a lightweight Python framework for web applications that provides the basics for URL routing and page rendering. It leverages Jinja2 as its template engine to render the content of your app. For more information, check out the [template designer documentation](https://jinja.palletsprojects.com/en/3.1.x/templates/). In this section, you add the required templates that provide the basic functionality of your web app.
+Flask is a lightweight Python framework for web applications that provides the basics for URL routing and page rendering. It uses Jinja2 as its template engine to render the content of your app. For more information, check out the [template designer documentation](https://jinja.palletsprojects.com/en/3.1.x/templates/). In this section, you add the required templates that provide the basic functionality of your web app.
 
 ### Step 3.1 Create a base template
 
@@ -475,6 +475,6 @@ To change the host name and/or port number, use the `args` array of the `launch.
 
 
 
-## Next steps
+## Related content
 
-- Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-python-web-app-options.md)
+- Learn how to [customize and enhance the Azure AD B2C authentication experience for your web app](enable-authentication-python-web-app-options.md)

articles/active-directory-b2c/microsoft-graph-operations.md

@@ -218,65 +218,11 @@ You can manage Microsoft Graph in two ways:
 > [!NOTE]
 > Delegated permissions for users signing in through user flows or custom policies can't be used against delegated permissions for Microsoft Graph API.
 
-## Code sample: How to programmatically manage user accounts
-
-This code sample is a .NET Core console application that uses the [Microsoft Graph SDK](/graph/sdks/sdks-overview) to interact with Microsoft Graph API. Its code demonstrates how to call the API to programmatically manage users in an Azure AD B2C tenant.
-You can [download the sample archive](https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management/archive/master.zip) (*.zip), [browse the repository](https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management) on GitHub, or clone the repository:
-
-```cmd
-git clone https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management.git
-```
-
-After you've obtained the code sample, configure it for your environment and then build the project:
-
-1. Open the project in [Visual Studio](https://visualstudio.microsoft.com) or [Visual Studio Code](https://code.visualstudio.com).
-1. Open `src/appsettings.json`.
-1. In the `appSettings` section, replace `your-b2c-tenant` with the name of your tenant, and `Application (client) ID` and `Client secret` with the values for your management application registration. For more information, see [Register a Microsoft Graph Application](microsoft-graph-get-started.md).
-1. Open a console window within your local clone of the repo, switch into the `src` directory, then build the project:
-
-    ```console
-    cd src
-    dotnet build
-    ```
-    
-1. Run the application with the `dotnet` command:
-
-    ```console
-    dotnet bin/Debug/netcoreapp3.1/b2c-ms-graph.dll
-    ```
-
-The application displays a list of commands you can execute. For example, get all users, get a single user, delete a user, update a user's password, and bulk import.
-
-> [!NOTE]
-> For the application to update user account passwords, you need to [grant the user administrator role](microsoft-graph-get-started.md#optional-grant-user-administrator-role) to the application.
- 
-### Code discussion
-
-The sample code uses the [Microsoft Graph SDK](/graph/sdks/sdks-overview), which is designed to simplify building high-quality, efficient, and resilient applications that access Microsoft Graph.
-
-Any request to the Microsoft Graph API requires an access token for authentication. The solution makes use of the [Microsoft.Graph.Auth](https://www.nuget.org/packages/Microsoft.Graph.Auth/) NuGet package that provides an authentication scenario-based wrapper of the Microsoft Authentication Library (MSAL) for use with the Microsoft Graph SDK.
-
-The `RunAsync` method in the _Program.cs_ file:
-
-1. Reads application settings from the _appsettings.json_ file
-1. Initializes the auth provider using [OAuth 2.0 client credentials grant](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md) flow. With the client credentials grant flow, the app is able to get an access token to call the Microsoft Graph API.
-1. Sets up the Microsoft Graph service client with the auth provider:
-
-The previously published sample code isn't available at this time.
-<!--:::code language="csharp" source="~/ms-identity-dotnetcore-b2c-account-management/src/Program.cs" id="ms_docref_set_auth_provider":::-->
-
-The initialized _GraphServiceClient_ is then used in _UserService.cs_ to perform the user management operations. For example, getting a list of the user accounts in the tenant:
-
-The previously published sample code isn't available at this time.
-<!--:::code language="csharp" source="~/ms-identity-dotnetcore-b2c-account-management/src/Services/UserService.cs" id="ms_docref_get_list_of_user_accounts":::-->
-
-[Make API calls using the Microsoft Graph SDKs](/graph/sdks/create-requests) includes information on how to read and write information from Microsoft Graph, use `$select` to control the properties returned, provide custom query parameters, and use the `$filter` and `$orderBy` query parameters.
-
 ## Related content
-- For code samples in JavaScript and Node.js, please see: [Manage B2C user accounts with MSAL.js and Microsoft Graph SDK](https://github.com/Azure-Samples/ms-identity-b2c-javascript-nodejs-management) 
+- Explore [Microsoft Graph API](/graph/overview)
 - Explore [Graph Explorer](https://aka.ms/ge) that lets you try Microsoft Graph APIs and learn about them.
 
 <!-- LINK -->
 
 [graph-objectIdentity]: /graph/api/resources/objectidentity
-[graph-user]: /graph/api/resources/user
+[graph-user]: /graph/api/resources/user

articles/api-management/backends.md

@@ -52,6 +52,8 @@ After creating a backend, you can reference the backend in your APIs. Use th
     [...]
 <policies/>
 ```
+> [!NOTE]
+> Alternatively, you can use `base-url`. Usually, the format is `https://backend.com/api`. Avoid adding a slash at the end to prevent misconfigurations. Typically, the `base-url` and HTTP(S) endpoint value in the backend should match to enable seamless integration between frontend and backend. Note that API Management instances append the backend service name to the `base-url`.
 
 You can use conditional logic with the `set-backend-service` policy to change the effective backend based on location, gateway that was called, or other expressions.