Fixing merge conflicts.

Author: roygara

articles/active-directory-b2c/custom-policies-series-hello-world.md

@@ -143,8 +143,10 @@ If you haven't already done so, create the following encryption keys. To automat
 
     ```xml
       <UserJourney Id="HelloWorldJourney">
-        <OrchestrationStep Order="1" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
-      </UserJourney>
+  <OrchestrationSteps>
+    <OrchestrationStep Order="1" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
+  </OrchestrationSteps>
+</UserJourney>
     ```
 
     We've added a [UserJourney](userjourneys.md). The user journey specifies the business logic the end user goes through as Azure AD B2C processes a request. This user journey has only one step that issues a JTW token with the claims that you'll define in the next step.

articles/active-directory/app-provisioning/plan-auto-user-provisioning.md

@@ -8,14 +8,14 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/04/2022
+ms.date: 04/12/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
 
 # Plan an automatic user provisioning deployment in Azure Active Directory
 
-Many organizations rely on software as a service (SaaS) applications such as ServiceNow, Zscaler, and Slack for end-user productivity. Historically IT staff have relied on manual provisioning methods such as uploading CSV files, or using custom scripts to securely manage user identities in each SaaS application. These processes are error prone, insecure, and hard to manage.
+Many organizations rely on software as a service (SaaS) applications such as ServiceNow, Zscaler, and Slack for end-user productivity. Historically IT staff has relied on manual provisioning methods such as uploading CSV files, or using custom scripts to securely manage user identities in each SaaS application. These processes are error prone, insecure, and hard to manage.
 
 Azure Active Directory (Azure AD) automatic user provisioning simplifies this process by securely automating the creation, maintenance, and removal of user identities in SaaS applications based on business rules. This automation allows you to effectively scale your identity management systems on both cloud-only and hybrid environments as you expand their dependency on cloud-based solutions.
 
@@ -33,7 +33,7 @@ The key benefits of enabling automatic user provisioning are:
 
 * **Manage risk**. You can increase security by automating changes based on employee status or group memberships that define roles and/or access.
 
-* **Address compliance and governance**. Azure AD supports native audit logs for every user provisioning request. Requests are executed in both the source and target systems. This enables you to track who has access to applications from a single screen.
+* **Address compliance and governance**. Azure AD supports native audit logs for every user provisioning request. Requests are executed in both the source and target systems. Audit logs let you track who has access to applications from a single screen.
 
 * **Reduce cost**. Automatic user provisioning reduces costs by avoiding inefficiencies and human error associated with manual provisioning. It reduces the need for custom-developed user provisioning solutions, scripts, and audit logs.
 
@@ -43,7 +43,7 @@ Azure AD provides self-service integration of any application using templates pr
 
 #### Application licensing
 
-You'll need the appropriate licenses for the application(s) you want to automatically provision. Discuss with the application owners whether the users assigned to the application have the proper licenses for their application roles. If Azure AD manages automatic provisioning based on roles, the roles assigned in Azure AD must align to application licenses. Incorrect licenses owned in the application may lead to errors during the provisioning/updating of a user.
+You need the appropriate licenses for the application(s) you want to automatically provision. Discuss with the application owners whether the users assigned to the application have the proper licenses for their application roles. If Azure AD manages automatic provisioning based on roles, the roles assigned in Azure AD must align to application licenses. Incorrect licenses owned in the application may lead to errors during the provisioning/updating of a user.
 
 ### Terms
 
@@ -57,7 +57,7 @@ This article uses the following terms:
 
 * Target system - The repository of users that the Azure AD provisions to. The Target system is typically a SaaS application such as ServiceNow, Zscaler, and Slack. The target system can also be an on-premises system such as AD.
 
-* [System for Cross-domain Identity Management (SCIM)](https://aka.ms/scimoverview) -  An open standard that allows for the automation of user provisioning. SCIM communicates user identity data between identity providers such as Microsoft, and service providers like Salesforce or other SaaS apps that require user identity information.
+* [System for Cross-domain Identity Management (SCIM)](https://aka.ms/scimoverview) -  An open standard that allows for the automation of user provisioning. SCIM communicates user identity data between identity providers and service providers. Microsoft is an example of an identity provider. Salesforce is an example of a service provider. Service providers require user identity information and an identity provider fulfills that need. SCIM is the mechanism the identity provider and service provider use to send information back and forth.
 
 ### Training resources
 
@@ -106,7 +106,7 @@ In this example, user creation occurs in Azure AD and the  Azure AD provisioning
 
 #### Automatic user provisioning for cloud HR applications 
 
-In this example, the users and or groups are created in a cloud HR application like such as Workday and SuccessFactors. The Azure AD provisioning service and Azure AD Connect provisioning agent provisions the user data from the cloud HR app tenant into AD. Once the accounts are updated in AD, it is synced with Azure AD through Azure AD Connect, and the email addresses and username attributes can be written back to the cloud HR app tenant.
+In this example, the users and or groups are created in a cloud HR application like such as Workday and SuccessFactors. The Azure AD provisioning service and Azure AD Connect provisioning agent provisions the user data from the cloud HR app tenant into AD. Once the accounts are updated in AD, it's synced with Azure AD through Azure AD Connect, and the email addresses and username attributes can be written back to the cloud HR app tenant.
 
 ![Picture 2](./media/plan-auto-user-provisioning/workdayprovisioning.png)
 
@@ -128,19 +128,19 @@ When technology projects fail, it's typically because of mismatched expectations
 
 ### Plan communications
 
-Communication is critical to the success of any new service. Proactively communicate with your users how their experience will change, when it will change, and how to gain support if they experience issues.
+Communication is critical to the success of any new service. Proactively communicate to your users about their experience, how the experience is changing, when to expect any change, and how to gain support if they experience issues.
 
 ### Plan a pilot
 
-We recommend that the initial configuration of automatic user provisioning be in a test environment with a small subset of users before scaling it to all users in production. See [best practices](../fundamentals/active-directory-deployment-plans.md#best-practices-for-a-pilot) for running a pilot.
+We recommend that the initial configuration of automatic user provisioning is in a test environment with a small subset of users before scaling it to all users in production. See [best practices](../fundamentals/active-directory-deployment-plans.md#best-practices-for-a-pilot) for running a pilot.
 
 #### Best practices for a pilot  
 
 A pilot allows you to test with a small group before deploying a capability for everyone. Ensure that as part of your testing, each use case within your organization is thoroughly tested.
 
 In your first wave, target IT, usability, and other appropriate users who can test and provide feedback. Use this feedback to further develop the communications and instructions you send to your users, and to give insights into the types of issues your support staff may see.
 
-Widen the rollout to larger groups of users by increasing the scope of the group(s) targeted. This can be done through [dynamic group membership](../enterprise-users/groups-dynamic-membership.md), or by manually adding users to the targeted group(s).
+Widen the rollout to larger groups of users by increasing the scope of the group(s) targeted. Increasing the scope of the group(s) is done through [dynamic group membership](../enterprise-users/groups-dynamic-membership.md), or by manually adding users to the targeted group(s).
 
 ## Plan application connections and administration
 
@@ -150,7 +150,7 @@ Use the Azure portal to view and manage all the applications that support provis
 
 The actual steps required to enable and configure automatic provisioning vary depending on the application. If the application you wish to automatically provision is listed in the [Azure AD SaaS app gallery](../saas-apps/tutorial-list.md), then you should select the [app-specific integration tutorial](../saas-apps/tutorial-list.md) to configure its pre-integrated user provisioning connector.
 
-If not, follow the steps below:
+If not, follow the steps:
 
 1. [Create a request](../manage-apps/v2-howto-app-gallery-listing.md) for a pre-integrated user provisioning connector. Our team will work with you and the application developer to onboard your application to our platform if it supports SCIM.
 
@@ -164,7 +164,7 @@ For more information, see [What applications and systems can I use with Azure AD
 
 Setting up automatic user provisioning is a per-application process. For each application, you need to provide [administrator credentials](../app-provisioning/configure-automatic-user-provisioning-portal.md) to connect to the target system’s user management endpoint.
 
-The image below shows one version of the required admin credentials:
+The image shows one version of the required admin credentials:
 
 ![Provisioning screen to manage user account provisioning settings](./media/plan-auto-user-provisioning/userprovisioning-admincredentials.png)
 
@@ -235,7 +235,7 @@ It's common for a security review to be required as part of a deployment. If you
 
 ### Plan rollback
 
-If the automatic user provisioning implementation fails to work as desired in the production environment, the following rollback steps below can assist you in reverting to a previous known good state:
+If the automatic user provisioning implementation fails to work as desired in the production environment, the following rollback steps can assist you in reverting to a previous known good state:
 
 1. Review the [provisioning logs](../app-provisioning/check-status-user-account-provisioning.md) to determine what incorrect operations occurred on the affected users and/or groups.
 
@@ -251,7 +251,7 @@ Choose the steps that align to your solution requirements.
 
 When the Azure AD provisioning service runs for the first time, the initial cycle against the source system and target systems creates a snapshot of all user objects for each target system.
 
-When enabling automatic provisioning for an application, the initial cycle can take anywhere from 20 minutes to several hours. The duration depends on the size of the Azure AD directory and the number of users in scope for provisioning.
+When you enable automatic provisioning for an application, the initial cycle takes anywhere from 20 minutes to several hours. The duration depends on the size of the Azure AD directory and the number of users in scope for provisioning.
 
 The provisioning service stores the state of both systems after the initial cycle, improving performance of subsequent incremental cycles.
 

articles/active-directory/authentication/howto-mfa-app-passwords.md

@@ -99,8 +99,7 @@ By default, users can't create app passwords. The app passwords feature must be
 
 When users complete their initial registration for Azure AD Multi-Factor Authentication, there's an option to create app passwords at the end of the registration process.
 
-Users can also create app passwords after registration. For more information and detailed steps for your users, see the following resources:
-* [What are app passwords in Azure AD Multi-Factor Authentication?](https://support.microsoft.com/account-billing/manage-app-passwords-for-two-step-verification-d6dc8c6d-4bf7-4851-ad95-6d07799387e9)
+Users can also create app passwords after registration. For more information and detailed steps for your users, see the following resource:
 * [Create app passwords from the Security info page](https://support.microsoft.com/account-billing/create-app-passwords-from-the-security-info-preview-page-d8bc744a-ce3f-4d4d-89c9-eb38ab9d4137)
 
 ## Next steps

articles/active-directory/develop/single-page-app-tutorial-03-sign-in-users.md

@@ -153,7 +153,7 @@ reactspalocal/
 
 ### Adding the sign in experience
 
-1. Open *SignInButton.jsx* and add the following code, which creates a button that signs in the user using either a popup or redirect.
+1. Open *SignInButton.jsx* and add the following code, which creates a button that signs in the user using either a pop-up or redirect.
 
    ```javascript 
    import React from "react";
@@ -255,4 +255,4 @@ reactspalocal/
 <!-- ::: zone-end -->
 
 > [!div class="nextstepaction"]
-> [Tutorial: Call an API from a React single-page app](single-page-app-tutorial-04-call-api.md)
+> [Tutorial: Call an API from a React single-page app](single-page-app-tutorial-04-call-api.md)

articles/active-directory/develop/tutorial-v2-javascript-spa.md

@@ -185,11 +185,11 @@ In the next steps, you'll create a new folder for the JavaScript SPA and set up
 
        <!-- msal.js with a fallback to backup CDN -->
          <script src="https://alcdn.msauth.net/browser/2.30.0/js/msal-browser.js"
-    integrity="sha384-L8LyrNcolaRZ4U+N06atid1fo+kBo8hdlduw0yx+gXuACcdZjjquuGZTA5uMmUdS"
+    integrity="sha384-o4ufwq3oKqc7IoCcR08YtZXmgOljhTggRwxP2CLbSqeXGtitAxwYaUln/05nJjit"
     crossorigin="anonymous"></script> 
 
        <!-- adding Bootstrap 4 for UI components  -->
-       <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-o4ufwq3oKqc7IoCcR08YtZXmgOljhTggRwxP2CLbSqeXGtitAxwYaUln/05nJjit" crossorigin="anonymous">
+       <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
      </head>
      <body>
        <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
@@ -585,4 +585,4 @@ The Microsoft Graph API requires the `User.Read` scope to read a user's profile.
 Delve deeper into SPA development on the Microsoft identity platform in the first part of a scenario series:
 
 > [!div class="nextstepaction"]
-> [Scenario: Single-page application](scenario-spa-overview.md)
+> [Scenario: Single-page application](scenario-spa-overview.md)

articles/active-directory/develop/web-app-quickstart-portal-node-js-ciam.md

@@ -0,0 +1,45 @@
+---
+title: "Quickstart: Add sign in to a React SPA"
+description: Learn how to run a sample React SPA to sign in users
+services: active-directory
+author: kengaderdus
+manager: mwongerapk
+ms.author: kengaderdus
+ms.service: active-directory
+ms.workload: identity
+ROBOTS: NOINDEX
+ms.subservice: ciam
+ms.topic: portal
+ms.date: 04/12/2023
+---
+
+# Portal quickstart for React SPA
+
+> [!div renderon="portal" class="sxs-lookup"]
+> In this quickstart, you download and run a code sample that demonstrates how a React single-page application (SPA) can sign in users with Azure AD CIAM.
+>
+> ## Prerequisites
+>
+> * Azure subscription - [Create an Azure subscription for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
+> * [Node.js](https://nodejs.org/en/download/)
+> * [Visual Studio Code](https://code.visualstudio.com/download) or another code editor
+>
+> ## Download the code
+>
+> > [!div class="nextstepaction"]
+> > [Download the code sample](https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial/archive/react-quickstart.zip)
+>
+> ## Run the sample
+>
+> 1. Unzip the downloaded file.
+>
+> 1. Locate the folder that contains the `package.json` file in your terminal, then run the following command:
+>
+>     ```console
+>     npm install && npm start
+>     ```
+>
+> 1. Open your browser and visit `http://locahost:3000`.
+>
+> 1. Select the **Sign-in** link on the navigation bar.
+>

articles/active-directory/enterprise-users/clean-up-unmanaged-azure-ad-accounts.md

@@ -62,7 +62,7 @@ Run the following cmdlets:
 
 To identify unmanaged Azure AD accounts, run:
 
-* `Connect-MgGraph -Scope User.ReadAll`
+* `Connect-MgGraph -Scope User.Read.All`
 * `Get-MsIdUnmanagedExternalUser`
 
 To reset unmanaged Azure AD account redemption status, run:

articles/active-directory/fundamentals/whats-new.md

@@ -171,7 +171,7 @@ For more information about Microsoft cloud settings for B2B collaboration., see:
 ### Modernizing Terms of Use Experiences
 
 **Type:** Plan for Change  
-**Service category:** Access Reviews                 
+**Service category:** Terms of use                  
 **Product capability:** AuthZ/Access Delegation        
 
 Starting July 2023, we're modernizing the following Terms of Use end user experiences with an updated PDF viewer, and moving the experiences from https://account.activedirectory.windowsazure.com to https://myaccount.microsoft.com:

articles/active-directory/reports-monitoring/howto-manage-inactive-user-accounts.md

@@ -57,7 +57,6 @@ The following details relate to the `lastSignInDateTime` property.
 
 - To read the property, you need to grant the app the following Microsoft Graph permissions: 
     - AuditLog.Read.All
-    - Directory.Read.All  
     - User.Read.All
 
 - Each interactive sign-in that was successful results in an update of the underlying data store. Typically, successful sign-ins show up in the related sign-in report within 10 minutes.

articles/active-directory/roles/delegate-by-task.md

@@ -387,7 +387,7 @@ You can further restrict permissions by assigning roles at smaller scopes or by
 > | Create user | [User Administrator](permissions-reference.md#user-administrator) |  |
 > | Delete users | [User Administrator](permissions-reference.md#user-administrator) |  |
 > | Invalidate refresh tokens of limited admins | [User Administrator](permissions-reference.md#user-administrator) |  |
-> | Invalidate refresh tokens of non-admins | [Password Administrator](permissions-reference.md#password-administrator) | [User Administrator](permissions-reference.md#user-administrator) |
+> | Invalidate refresh tokens of non-admins | [Helpdesk Administrator](permissions-reference.md#helpdesk-administrator) | [User Administrator](permissions-reference.md#user-administrator) |
 > | Invalidate refresh tokens of privileged admins | [Privileged Authentication Administrator](permissions-reference.md#privileged-authentication-administrator) |  |
 > | Read basic configuration | [Default user role](../fundamentals/users-default-permissions.md) |  |
 > | Reset password for limited admins | [User Administrator](permissions-reference.md#user-administrator) |  |