captcha - address review comments

kengaderdus · kengaderdus · commit a7d09aa04b78 · 2024-01-18T14:40:19.000+03:00
diff --git a/articles/active-directory-b2c/add-captcha.md b/articles/active-directory-b2c/add-captcha.md
@@ -11,15 +11,15 @@ ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
 
-#Customer intent: As a developer, I want to enable CAPTCHA in consumer-facing application that is secured by Azure Active Directory B2C.
+#Customer intent: As a developer, I want to enable CAPTCHA in consumer-facing application that is secured by Azure Active Directory B2C, so that I can protect my sign-in and sign-up flows from automated attacks.
 
 ---
 
 # Enable CAPTCHA in Azure Active Directory B2C
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA prevent to automated attacks on your consumer-facing applications. Azure AD B2C’s CAPTCHA supports both audio and visual captcha challenges. You can enable this security feature in both sign-up and sign-in flows for your local accounts. CAPTCHA isn't applicable for social identity providers' sign-in.   
+Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA prevent to automated attacks on your consumer-facing applications. Azure AD B2C’s CAPTCHA supports both audio and visual CAPTCHA challenges. You can enable this security feature in both sign-up and sign-in flows for your local accounts. CAPTCHA isn't applicable for social identity providers' sign-in.   
 
 > [!NOTE]
 > This feature is in public preview
diff --git a/articles/active-directory-b2c/captcha-technical-profile.md b/articles/active-directory-b2c/captcha-technical-profile.md
@@ -1,7 +1,7 @@
 ---
 title: Define a CAPTCHA technical profile in a custom policy
 titleSuffix: Azure AD B2C
-description: Define a captcha technical profile custom policy in Azure Active Directory B2C.
+description: Define a CAPTCHA technical profile custom policy in Azure Active Directory B2C.
 
 author: kengaderdus
 manager: mwongerapk
@@ -13,18 +13,18 @@ ms.date: 01/17/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
-#Customer intent: As a developer integrating a customer-facing application with Azure Active Directory B2C, I want to define a CAPTCHA technical profile, so that I can secure sign-up and sign-in flows from automated attacks.
+#Customer intent: As a developer integrating a customer-facing application with Azure AD B2C, I want to define a CAPTCHA technical profile, so that I can secure sign-up and sign-in flows from automated attacks.
 ---
 
 # Define a CAPTCHA technical profile in an Azure Active Directory B2C custom policy
 
 [!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
 
-A Completely Automated Public Turing Tests to Tell Computer and Human Apart (CAPTCHA) technical profiles enables Azure Active Directory B2C (Azure AD B2C) to prevent automated attacks. Azure AD B2C's CAPTCHA technical profiles supports both audio and visual captcha challenges types.
+A Completely Automated Public Turing Tests to Tell Computer and Human Apart (CAPTCHA) technical profiles enables Azure Active Directory B2C (Azure AD B2C) to prevent automated attacks. Azure AD B2C's CAPTCHA technical profile supports both audio and visual CAPTCHA challenges types.
 
 ## Protocol
 
-The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C, for captcha:
+The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C, for CAPTCHA:
 `Web.TPEngine.Providers.CaptchaProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null`
 
 > [!NOTE]
@@ -41,13 +41,13 @@ The following example shows a self-asserted technical profile for email sign-up:
 
 CAPTCHA technical profile operations has two operations:
 
-- **Get challenge operation** generates the captcha code string, then displays it on the user interface by using a [captcha display control](display-control-captcha.md). The display includes an input textbox. This operation directs the user to input the characters they see or hear into the input textbox. The user can switch between visual and audio challenge types as needed.
+- **Get challenge operation** generates the CAPTCHA code string, then displays it on the user interface by using a [CAPTCHA display control](display-control-captcha.md). The display includes an input textbox. This operation directs the user to input the characters they see or hear into the input textbox. The user can switch between visual and audio challenge types as needed.
 
 - **Verify code operation** verifies the characters input by the user.
 
 ## Get challenge
 
-The first operation generates the captcha code string, then displays it on the user interface.
+The first operation generates the CAPTCHA code string, then displays it on the user interface.
 
 ### Input claims
 
@@ -60,7 +60,7 @@ The **InputClaims** element contains a list of claims to send to Azure AD B2C's
 
 ### Display claims
 
-The **DisplayClaims** element contains a list of claims to be presented on the screen for the user to see. For example, the user is presented with the captcha challenge code to read. 
+The **DisplayClaims** element contains a list of claims to be presented on the screen for the user to see. For example, the user is presented with the CAPTCHA challenge code to read. 
 
  | ClaimReferenceId | Required | Description |
 | --------- | -------- | ----------- |
@@ -69,7 +69,7 @@ The **DisplayClaims** element contains a list of claims to be presented on the s
 
 ### Output claims
 
-The **OutputClaims** element contains a list of claims returned by the captcha technical profile.
+The **OutputClaims** element contains a list of claims returned by the CAPTCHA technical profile.
 
 | ClaimReferenceId | Required | Description |
 | --------- | -------- | ----------- |
@@ -84,9 +84,9 @@ The **OutputClaims** element contains a list of claims returned by the captcha t
 | Operation | Yes | Value must be *GetChallenge*.|
 | Brand | Yes | Value must be *HIP*.|
 
-### Example: Generate captcha code
+### Example: Generate CAPTCHA code
 
-The following example shows a captcha technical profile that is used to generate a code:
+The following example shows a CAPTCHA technical profile that you use to generate a code:
 
 ```xml
 <TechnicalProfile Id="HIP-GetChallenge">
@@ -116,9 +116,9 @@ The following example shows a captcha technical profile that is used to generate
 ```
 
 
-## Verify code
+## Verify challenge
 
-The second operation verifies the captcha code.
+The second operation verifies the CAPTCHA challenge.
 
 ### Input claims
 
@@ -127,9 +127,9 @@ The **InputClaims** element contains a list of claims to send to Azure AD B2C's
  | ClaimReferenceId | Required | Description |
 | --------- | -------- | ----------- |
 | challengeType | No | The CAPTCHA challenge type, Audio or Visual (default).|
-|challengeId|  ||
-|captchaEntered|  ||
-|azureregion|  ||
+|challengeId| Yes | A unique identifier for CAPTCHA used for session verification. Populated from the *GetChallenge* call. |
+|captchaEntered| Yes | The challenge code that the user inputs into the challenge textbox on the user interface. |
+|azureregion| Yes | The service region that will serve the CAPTCHA challenge request. Populated from the *GetChallenge* call.|
 
 
 ### Display claims
@@ -138,27 +138,27 @@ The **DisplayClaims** element contains a list of claims to be presented on the s
 
  | ClaimReferenceId | Required | Description |
 | --------- | -------- | ----------- |
-| captchaEntered |  | The CAPTCHA code entered by the user.|
+| captchaEntered | Yes | The CAPTCHA challenge code entered by the user.|
 
 ### Output claims 
 
 The **OutputClaims** element contains a list of claims returned by the captcha technical profile.
 
 | ClaimReferenceId | Required | Description |
 | --------- | -------- | ----------- |
-| challengeId |  | A unique identifier for CAPTCHA challenge code.|
-| isCaptchaSolved |  | A flag indicating whether the captcha challenge was successfully solved.|
-| reason | Yes | |
+| challengeId | Yes | A unique identifier for CAPTCHA used for session verification.|
+| isCaptchaSolved | Yes | A flag indicating whether the CAPTCHA challenge is successfully solved.|
+| reason | Yes | Used to communicate to the user whether the attempt to solve the challenge is successful or not. |
 
 ### Metadata
  | Attribute | Required | Description |
 | --------- | -------- | ----------- |
 | Operation | Yes | Value must be **VerifyChallenge**.|
 | Brand | Yes | Value must be **HIP**.|
 
-### Example: Verify captcha code
+### Example: Verify CAPTCHA code
 
-The following example shows a captcha technical profile that is used to verify a captcha code:
+The following example shows a CAPTCHA technical profile that you use to verify a CAPTCHA code:
 
 ```xml
   <TechnicalProfile Id="HIP-VerifyChallenge">
@@ -187,4 +187,8 @@ The following example shows a captcha technical profile that is used to verify a
     </OutputClaims>
 
   </TechnicalProfile>
-```
+```
+
+## Next steps
+
+- [Enable CAPTCHA in Azure Active Directory B2C](add-captcha.md).
diff --git a/articles/active-directory-b2c/display-control-captcha.md b/articles/active-directory-b2c/display-control-captcha.md
@@ -13,16 +13,16 @@ ms.date: 01/17/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
-#Customer intent: As a developer integrating customer-facing apps with Azure AD B2C, I want to learn how to define a CAPTCHA display control so that I can enable CAPTCHA in my authentication using Azure AD B2C's custom policies. 
+#Customer intent: As a developer integrating customer-facing apps with Azure AD B2C, I want to learn how to define a CAPTCHA display control for Azure AD B2C's custom policies so that I can protect my authentication flows from automated attacks. 
 ---
 
 # Verify CAPTCHA challenge string using CAPTCHA display control
 
-Use CAPTCHA display controls to generate a captcha challenge string, then verify it by asking the user to enter what they see or hear. To display a CAPTCHA display control, you reference it from a [self-asserted technical profile](self-asserted-technical-profile.md), and you must set the self-asserted technical profile's `setting.enableCaptchaChallenge` metadata value to *true*.
+Use CAPTCHA display controls to generate a CAPTCHA challenge string, then verify it by asking the user to enter what they see or hear. To display a CAPTCHA display control, you reference it from a [self-asserted technical profile](self-asserted-technical-profile.md), and you must set the self-asserted technical profile's `setting.enableCaptchaChallenge` metadata value to *true*.
 
 The screenshot shows the CAPTCHA display control shown on a sign-up page:
 
-:::image type="content" source="media/add-captcha/add-captcha.png" alt-text="Screenshot of captcha as it appears in the sign up page."::: 
+:::image type="content" source="media/add-captcha/add-captcha.png" alt-text="Screenshot of CAPTCHA as it appears in the sign up page."::: 
 
 The sign-up page loads with the CAPTCHA display control. The user then inputs the characters they see or hear. The **Send verification code** button sends a verification code to the user's email, and isn't CAPTCHA display control element, but it causes the CAPTCHA challenge string to be verified.
 
@@ -33,10 +33,10 @@ This table summarizes the elements that a CAPTCHA display control contains.
 | Element | Required | Description |
 | --------- | -------- | ----------- |
 | UserInterfaceControlType | Yes | Value must be *CaptchaControl*.|
-|  InputClaims  |  Yes  |  One or more claims required as input to specify the captcha challenge type and to uniquely identify the challenge.  |
-|  DisplayClaims  |  Yes  |  The claims to be shown to the user such as the captcha challenge code, or collected from the user, such as code input by the user  |
-|    OutputClaim    |  No  | Any claim to be returned to the self-asserted page after the user completes captcha code verification process.   |
-|  Actions  |  Yes  |  CAPTCHA display control contains two actions, *GetChallenge* and *VerifyChallenge*. <br> *GetChallenge* action generates, then displays a captcha challenge code on the user interface. <br> *VerifyChallenge* action verifies the CAPTCHA challenge code that the user inputs. |
+|  InputClaims  |  Yes  |  One or more claims required as input to specify the CAPTCHA challenge type and to uniquely identify the challenge.  |
+|  DisplayClaims  |  Yes  |  The claims to be shown to the user such as the CAPTCHA challenge code, or collected from the user, such as code input by the user  |
+|    OutputClaim    |  No  | Any claim to be returned to the self-asserted page after the user completes CAPTCHA code verification process.   |
+|  Actions  |  Yes  |  CAPTCHA display control contains two actions, *GetChallenge* and *VerifyChallenge*. <br> *GetChallenge* action generates, then displays a CAPTCHA challenge code on the user interface. <br> *VerifyChallenge* action verifies the CAPTCHA challenge code that the user inputs. |
 
 The following XML snippet code shows an examples of CaptchaProvider display control:
 
diff --git a/articles/active-directory-b2c/localization-string-ids.md b/articles/active-directory-b2c/localization-string-ids.md
@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 01/17/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
@@ -657,7 +657,7 @@ The following IDs are used for a [CAPTCHA display control](display-control-captc
 | `charsnotmatched_error` | The characters did not match for CAPTCHA challenge. Please try again | The message to display to the user if they enter a wrong CAPTCHA code. |
 | `api_error` | Api error on CAPTCHA control | The message to display to the user if an error occurs while Azure AD B2C attempts to validate the CAPTCHA code. |
 | `captcha_resolved` | Success! | The message to display to the user if they enter a correct CAPTCHA code. |
-|`DisplayName`| Help us beat the bots. | The CAPTCHA display control display name. | 
+|`DisplayName`| Help us beat the bots. | The CAPTCHA display control's display name. | 
 
 ### CAPTCHA display control example
 
diff --git a/articles/active-directory-b2c/self-asserted-technical-profile.md b/articles/active-directory-b2c/self-asserted-technical-profile.md
@@ -9,13 +9,13 @@ manager: CelesteDG
 ms.service: active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 01/17/2024
 
 ms.author: kengaderdus
 ms.subservice: B2C
 
 
-#Customer intent: As a developer using Azure Active Directory B2C, I want to define a self-asserted technical profile with display claims and output claims, so that I can collect and validate user input and return the claims to the next orchestration step.
+#Customer intent: As a developer using Azure Active Directory B2C, I want to define a self-asserted technical profile with display, so that I can collect and validate user input.
 
 ---
 
