Merge pull request #177363 from kengaderdus/address-verbatims

[Azure AD B2C] Address October verbatims

Author: ttorble

articles/active-directory-b2c/access-tokens.md

@@ -62,7 +62,7 @@ If the **response_type** parameter in an `/authorize` request includes `token`,
 
 To request an access token, you need an authorization code. Below is an example of a request to the `/authorize` endpoint for an authorization code. Custom domains are not supported for use with access tokens. Use your tenant-name.onmicrosoft.com domain in the request URL.
 
-In the following example, you replace these values:
+In the following example, you replace these values in the query string:
 
 - `<tenant-name>` - The name of your Azure AD B2C tenant.
 - `<policy-name>` - The name of your custom policy or user flow.
@@ -86,7 +86,7 @@ The response with the authorization code should be similar to this example:
 https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 ```
 
-After successfully receiving the authorization code, you can use it to request an access token:
+After successfully receiving the authorization code, you can use it to request an access token. Note that the parameters are in the body of the HTTP POST request:
 
 ```http
 POST <tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token HTTP/1.1
@@ -100,7 +100,7 @@ grant_type=authorization_code
 &redirect_uri=https://jwt.ms
 &client_secret=2hMG2-_:y12n10vwH...
 ```
-
+ 
 You should see something similar to the following response:
 
 ```json

articles/active-directory-b2c/add-ropc-policy.md

@@ -37,7 +37,7 @@ The following flows are not supported:
 
 When using the ROPC flow, consider the following:
 
-- ROPC doesn’t work when there is any interruption to the authentication flow that needs user interaction. For example, when a password has expired or needs to be changed, [multi-factor authentication](multi-factor-authentication.md) is required, or when more information needs to be collected during sign-in (for example, user consent).
+- ROPC doesn’t work when there is any interruption to the authentication flow that needs user interaction. For example, when a password has expired or needs to be changed, [multifactor authentication](multi-factor-authentication.md) is required, or when more information needs to be collected during sign-in (for example, user consent).
 - ROPC supports local accounts only. Users can’t sign in with [federated identity providers](add-identity-provider.md) like Microsoft, Google+, Twitter, AD-FS, or Facebook.
 - [Session Management](session-behavior.md), including [keep me signed-in (KMSI)](session-behavior.md#enable-keep-me-signed-in-kmsi), is not applicable.
 
@@ -67,6 +67,9 @@ When using the ROPC flow, consider the following:
 
 ::: zone pivot="b2c-custom-policy"
 
+## Pre-requisite 
+If you've not done so, learn about custom policy starter pack in [Get started with custom policies in Active Directory B2C](tutorial-create-user-flows.md).
+
 ##  Create a resource owner policy
 
 1. Open the *TrustFrameworkExtensions.xml* file.

articles/active-directory-b2c/configure-authentication-sample-spa-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 09/15/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"

articles/active-directory-b2c/configure-user-input.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 10/15/2021
+ms.date: 10/22/2021
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -32,6 +32,10 @@ In this article, you collect a new attribute during your sign-up journey in Azur
 
 ## Add user attributes your user flow
 
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Under  **Azure services**, select  **Azure AD B2C**. Or use the search box to find and select  **Azure AD B2C**.
 1. In your Azure AD B2C tenant, select **User flows**.
 1. Select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. Select **User attributes** and then select the user attribute (for example, "City"). 
@@ -63,7 +67,7 @@ To provide a set list of values for the city attribute:
 1. [Enable language customization on the user flow](language-customization.md#support-requested-languages-for-ui_locales)
 1. Select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. On the **Languages** page for the user flow, select the language that you want to customize.
-1. Under **Page-level-resources files**, select **Local account sign up page**.
+1. Under **Page-level resources files**, select **Local account sign up page**.
 1. Select **Download defaults** (or **Download overrides** if you have previously edited this language).
 1. Create a `LocalizedCollections` attribute.
 
@@ -107,7 +111,7 @@ The `LocalizedCollections` is an array of `Name` and `Value` pairs. The order fo
 1. Select **User flows** and select your policy (for example, "B2C_1_SignupSignin") to open it.
 1. Select **Languages**.
 1. Select the language that you want to translate to.
-1. Select the **Local account sign up page**.
+1. Under **Page-level-resources files**, select **Local account sign up page**.
 1. Select the folder icon, and select the JSON file to upload. The changes are saved to your user flow automatically.
 
 ## Test your user flow

articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -47,10 +47,10 @@ To enable sign-in for users with an Azure AD account from a specific Azure AD or
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Make sure you're using the directory that contains your organizational Azure AD tenant (for example, Contoso). Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **App registrations**.
+1. Under **Azure services**, select **App registrations** or search for and select **App registrations**.
 1. Select **New registration**.
 1. Enter a **Name** for your application. For example, `Azure AD B2C App`.
-1. Accept the default selection of **Accounts in this organizational directory only** for this application.
+1. Accept the default selection of **Accounts in this organizational directory only (Default Directory only - Single tenant)** for this application.
 1. For the **Redirect URI**, accept the value of **Web**, and enter the following URL in all lowercase letters, where `your-B2C-tenant-name` is replaced with the name of your Azure AD B2C tenant.
 
     ```

articles/active-directory-b2c/media/tutorial-create-tenant/show-menu-icon.png

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/20/2021
+ms.date: 10/25/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -39,7 +39,7 @@ HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/r
 To configure an API Connector with HTTP basic authentication, follow these steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-2. Under **Azure services**, select **Azure AD B2C**.
+2. Under **Azure services**, select **Azure AD B2C** or search for and select **Azure AD B2C**.
 3. Select **API connectors**, and then select the **API Connector** you want to configure.
 4. For the **Authentication type**, select **Basic**.
 5. Provide the **Username**, and **Password** of your REST API endpoint.

articles/active-directory-b2c/secure-rest-api.md

@@ -77,7 +77,7 @@ Learn more about [sign-in options](sign-in-options.md) or how to [set up the loc
 
 Azure AD B2C lets you manage common attributes of consumer account profiles. For example display name, surname, given name, city, and others.
 
-You can also extend the Azure AD schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multi-factor authentication. For more information, see:
+You can also extend the Azure AD schema to store additional information about your users. For example, their country/region of residency, preferred language, and preferences like whether they want to subscribe to a newsletter or enable multifactor authentication. For more information, see:
 
 * [User profile attributes](user-profile-attributes.md)
 * [Add user attributes and customize user input in](configure-user-input.md)
@@ -208,21 +208,21 @@ Multiple applications can use the same user flow or custom policy. A single appl
 
 For example, to sign in to an application, the application uses the *sign up or sign in* user flow. After the user has signed in, they may want to edit their profile, so the application initiates another authorization request, this time using the *profile edit* user flow.
 
-## Multi-factor authentication (MFA)
+## Multifactor authentication (MFA)
 
-Azure AD B2C multi-factor authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. 
+Azure AD B2C Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for your users. It provides extra security by requiring a second form of authentication, and delivers strong authentication by offering a range of easy-to-use authentication methods. 
 
 Your users may or may not be challenged for MFA based on configuration decisions that you can make as an administrator.
 
-See how to enable MFA in user flows in [Enable multi-factor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
+See how to enable MFA in user flows in [Enable multifactor authentication in Azure Active Directory B2C](multi-factor-authentication.md).
 
 ## Conditional Access
 
 Azure AD Identity Protection risk-detection features, including risky users and risky sign-ins, are automatically detected and displayed in your Azure AD B2C tenant. You can create Conditional Access policies that use these risk detections to determine remediation actions and enforce organizational policies. 
 
 ![Conditional access flow](media/technical-overview/conditional-access-flow.png)
 
-Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or sign-ins may be blocked, or challenged with a specific remediation like multi-factor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md).
+Azure AD B2C evaluates each sign-in event and ensures that all policy requirements are met before granting the user access. Risky users or sign-ins may be blocked, or challenged with a specific remediation like multifactor authentication (MFA). For more information, see [Identity Protection and Conditional Access](conditional-access-identity-protection-overview.md).
 
 ## Password complexity
 
@@ -296,6 +296,11 @@ By integrating Azure Application Insights into Azure AD B2C custom policies, you
 
 For more information, see [Track user behavior in Azure Active Directory B2C using Application Insights](analytics-with-application-insights.md).
 
+## Region availability and data residency
+Azure AD B2C service is generally available worldwide, for availability, with the option for data residency in regions as specified in [Products available by region](https://azure.microsoft.com/regions/services/). Data residency is determined by the country/region you select when you [create your tenant](tutorial-create-tenant.md). 
+
+Learn more about [Azure Active Directory B2C service Region availability & data residency](data-residency.md).
+
 ## Automation using Microsoft Graph API
 
 Use MS graph API to manage your Azure AD B2C directory. You can also create the Azure AD B2C directory itself. You can manage users, identity providers, user flows, custom policies and many more. 

articles/active-directory-b2c/technical-overview.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 10/04/2021
+ms.date: 10/25/2021
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -35,19 +35,21 @@ To create a new administrative account, follow these steps:
 1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
 1. Under **Manage**, select **Users**.
 1. Select **New user**.
+1. Select **Create user** (you can create many users at once by selecting **I want to create users in bulk**).
 1. On the **User** page, enter information for this user:
 
-   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
-   - **User name**. Required. The user name of the new user. For example, `[email protected]`.
-     The domain part of the user name must use either the initial default domain name, *\<yourdomainname>.onmicrosoft.com*.
-   - **Groups**. Optionally, you can add the user to one or more existing groups. You can also add the user to groups at a later time. 
+  
+   - **User name**. *Required*. The user name of the new user. For example, `[email protected]`.
+     The domain part of the user name must use either the initial default domain name, *\<tenant name>.onmicrosoft.com* or your [custom domain](custom-domain.md) such as `contoso.com`.
+   - **Name**. *Required*. The first and last name of the new user. For example, *Mary Parker*.
+   - **Groups**. *Optional*. You can add the user to one or more existing groups. You can also add the user to groups at a later time. 
    - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. You can assign the user to be a Global administrator or one or more of the limited administrator roles in Azure AD. For more information about assigning roles, see [Use roles to control resource access](roles-resource-access-control.md).
    - **Job info**: You can add more information about the user here, or do it later. 
 
 1. Copy the autogenerated password provided in the **Password** box. You'll need to give this password to the user to sign in for the first time.
 1. Select **Create**.
 
-The user is created and added to your Azure AD B2C tenant. It's preferable to have at least one work account native to your Azure AD B2C tenant assigned the Global Administrator role. This account can be considered a break-glass account.
+The user is created and added to your Azure AD B2C tenant. It's preferable to have at least one work account native to your Azure AD B2C tenant assigned the Global Administrator role. This account can be considered a *break-glass account*.
 
 ## Invite an administrator (guest account)
 
@@ -63,10 +65,10 @@ To invite a user, follow these steps:
 1. Select **New guest account**.
 1. On the **User** page, enter information for this user:
 
-   - **Name**. Required. The first and last name of the new user. For example, *Mary Parker*.
-   - **Email address**. Required. The email address of the user you would like to invite. For example, `[email protected]`.   
+   - **Name**. *Required*. The first and last name of the new user. For example, *Mary Parker*.
+   - **Email address**. *Required*. The email address of the user you would like to invite, which must be a Microsoft account. For example, `[email protected]`.   
    - **Personal message**: You add a personal message that will be included in the invite email.
-   - **Groups**. Optionally, you can add the user to one or more existing groups. You can also add the user to groups at a later time.
+   - **Groups**. *Optional*. You can add the user to one or more existing groups. You can also add the user to groups at a later time.
    - **Directory role**: If you require Azure AD administrative permissions for the user, you can add them to an Azure AD role. You can assign the user to be a Global administrator or one or more of the limited administrator roles in Azure AD. For more information about assigning roles, see [Use roles to control resource access](roles-resource-access-control.md).
    - **Job info**: You can add more information about the user here, or do it later.
 
@@ -133,7 +135,7 @@ The user is deleted and no longer appears on the **Users - All users** page. The
 
 ## Protect administrative accounts
 
-It's recommended that you protect all administrator accounts with multi-factor authentication (MFA) for more security. MFA is an identity verification process during sign-in that prompts the user for a more form of identification, such as a verification code on their mobile device or a request in their Microsoft Authenticator app.
+It's recommended that you protect all administrator accounts with multifactor authentication (MFA) for more security. MFA is an identity verification process during sign-in that prompts the user for a more form of identification, such as a verification code on their mobile device or a request in their Microsoft Authenticator app.
 
 ![Authentication methods in use at the sign-in screenshot](./media/tenant-management/sing-in-with-multi-factor-authentication.png)
 

articles/active-directory-b2c/tenant-management.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/25/2021
+ms.date: 10/26/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -43,7 +43,7 @@ You learn how to register an application in the next tutorial.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/). 
 
-1. Select the directory that contains your subscription:
+1. Switch to the directory that contains your subscription:
     1. In the Azure portal toolbar, select the **Directories + subscriptions** filter icon. 
 
         ![Directories + subscriptions filter icon](media/tutorial-create-tenant/directories-subscription-filter-icon.png)
@@ -54,8 +54,8 @@ You learn how to register an application in the next tutorial.
 
 1. Add **Microsoft.AzureActiveDirectory** as a resource provider for the Azure subscription your're using ([learn more](../azure-resource-manager/management/resource-providers-and-types.md?WT.mc_id=Portal-Microsoft_Azure_Support#register-resource-provider-1)):
 
-    1. On the Azure portal menu or from the **Home** page, select **Subscriptions**.
-    2. Select your subscription, and then in the left menu, select **Resource providers** .
+    1. On the Azure portal, search for and select **Subscriptions**.
+    2. Select your subscription, and then in the left menu, select **Resource providers**. If you do not see the left menu, select the **Show the menu for < name of your subscription >** icon at the top left part of the page to open it.
     3. Make sure the **Microsoft.AzureActiveDirectory** row shows a status of **Registered**. If it doesn't, select the row, and then select **Register**.
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.