1872781a

Author: dagiro

.github/workflows/stale.yml

@@ -2,7 +2,7 @@ name: Mark stale pull requests
 
 on:
   schedule:
-  - cron: "0 */6 * * *"
+  - cron: "0 */4 * * *"
 
 jobs:
   stale:
@@ -19,8 +19,8 @@ jobs:
         close-pr-label: auto-close
         exempt-pr-labels: keep-open
         operations-per-run: 1000
-        ascending: true
-        start-date: '2021-05-05'
+        ascending: false
+        start-date: '2019-05-30'
         stale-pr-message: >
           This pull request has been inactive for at least 14 days.
           If you are finished with your changes, don't forget to sign off. See the [contributor guide](https://review.docs.microsoft.com/help/contribute/contribute-how-to-write-pull-request-automation) for instructions.

.openpublishing.redirection.healthcare-apis.json

@@ -454,7 +454,7 @@
     },
     {
         "source_path_from_root": "/articles/healthcare-apis/azure-api-for-fhir/access-fhir-postman-tutorial.md",
-        "redirect_url": "/azure/healthcare-apis/fhir/using-postman",
+        "redirect_url": "/azure/healthcare-apis/use-postman",
         "redirect_document_id": true
     }
   ]

.openpublishing.redirection.json

@@ -489,6 +489,22 @@
       "source_path_from_root": "/articles/key-vault/general/key-vault-integrate-kubernetes.md",
       "redirect_url": "/azure/aks/csi-secrets-store-driver",
       "redirect_document_id": false
+    },
+
+    {
+      "source_path_from_root": "/articles/key-vault/general/assign-access-policy-portal.md",
+      "redirect_url": "/azure/key-vault/general/assign-access-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/key-vault/general/assign-access-policy-cli.md",
+      "redirect_url": "/azure/key-vault/general/assign-access-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/key-vault/general/assign-access-policy-powershell.md",
+      "redirect_url": "/azure/key-vault/general/assign-access-policy",
+      "redirect_document_id": false
     }
 
   ]

.openpublishing.redirection.key-vault.json

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/16/2021
+ms.date: 09/12/2021
 ms.custom: project-no-code
 ms.author: mimart
 ms.subservice: B2C
@@ -22,9 +22,6 @@ zone_pivot_groups: b2c-policy-type
 
 In Azure Active Directory B2C (Azure AD B2C), the resource owner password credentials (ROPC) flow is an OAuth standard authentication flow. In this flow, an application, also known as the relying party, exchanges valid credentials for tokens. The credentials include a user ID and password. The tokens returned are an ID token, access token, and a refresh token.
 
-[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
-
-
 ## ROPC flow notes
 
 In Azure Active Directory B2C (Azure AD B2C), the following options are supported:

articles/active-directory-b2c/add-ropc-policy.md

@@ -31,6 +31,10 @@ Sign-up and sign-in policy lets users:
 
 ![Profile editing flow](./media/add-sign-up-and-sign-in-policy/add-sign-up-and-sign-in-flow.png)
 
+Watch this video to learn how the user sign-up and sign-in policy works. 
+
+>[!Video https://www.youtube.com/embed/c8rN1ZaR7wk]
+
 ## Prerequisites
 
 If you haven't already done so, [register a web application in Azure Active Directory B2C](tutorial-register-applications.md).

articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md

@@ -71,7 +71,7 @@ Once you've configured your Azure AD B2C instance to send logs to Azure Monitor,
 
 Now that you've enabled Azure Sentinel, get notified when something suspicious occurs in your Azure AD B2C tenant.
 
-You can create [custom analytics rules](../sentinel/tutorial-detect-threats-custom.md) to discover threats and
+You can create [custom analytics rules](../sentinel/detect-threats-custom.md) to discover threats and
 anomalous behaviors that are present in your environment. These rules search for specific events or sets of events, alert you when certain event thresholds or conditions are reached. Then after, generate incidents for further investigation.
 
 In the following example, we explain the scenario where you receive a notification if someone is trying to force access to your environment but they aren't successful. It could mean a brute-force attack. You want to get notified for two or more non-successful logins within 60 seconds.
@@ -118,7 +118,7 @@ In the Query scheduling section, set the following parameters:
 8. View the results of your new Azure AD B2C non-successful logins rule. Go to the **Incidents** page, where you can triage, investigate, and remediate the threats. An incident can include multiple alerts. It's an aggregation of all the relevant evidence for a specific investigation. You can set properties such as severity and status at the incident level.
 
 >[!Note]
->A key feature of Azure Sentinel is [incident investigation](../sentinel/tutorial-investigate-cases.md).
+>A key feature of Azure Sentinel is [incident investigation](../sentinel/investigate-cases.md).
 
 9. To begin the investigation, select a specific incident. On the
 right, you can see detailed information for the incident including its severity, entities involved, the raw events that triggered the incident, and the incident's unique ID.
@@ -147,4 +147,4 @@ In this example, we add an email notification upon an incident created by the ru
 
 - [Sample workbooks](https://github.com/azure-ad-b2c/siem#workbooks)
 
-- [Azure Sentinel documentation](../sentinel/index.yml)
+- [Azure Sentinel documentation](../sentinel/index.yml)

articles/active-directory-b2c/azure-sentinel.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/04/2021
+ms.date: 09/12/2021
 ms.author: mimart
 ms.subservice: B2C
 ---
@@ -108,8 +108,6 @@ The **DataUri** element is used to specify the page identifier. Azure AD B2C use
 
 You can enable [JavaScript client-side code](javascript-and-page-layout.md) by inserting `contract` between `elements` and the page type. For example, `urn:com:microsoft:aad:b2c:elements:contract:page-name:version`.
 
-[!INCLUDE [active-directory-b2c-public-preview](../../includes/active-directory-b2c-public-preview.md)]
-
 The [version](page-layout.md) part of the `DataUri` specifies the package of content containing HTML, CSS, and JavaScript for the user interface elements in your  policy. If you intend to enable JavaScript client-side code, the elements you base your JavaScript on must be immutable. If they're not immutable, any changes could cause unexpected behavior on your user pages. To prevent these issues, enforce the use of a page layout and specify a page layout version. Doing so ensures that all content definitions you’ve based your JavaScript on are immutable. Even if you don’t intend to enable JavaScript, you still need to specify the page layout version for your pages.
 
 The following example shows the **DataUri** of `selfasserted` version `1.2.0`:

articles/active-directory-b2c/contentdefinitions.md

@@ -9,7 +9,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 06/21/2021
+ms.date: 09/12/2021
 ms.custom: project-no-code
 ms.author: mimart
 ms.subservice: B2C
@@ -51,7 +51,9 @@ The following table summarizes the OAuth 2.0 and OpenId Connect application auth
 [On-behalf-of](../active-directory/develop/v2-oauth2-on-behalf-of-flow.md)| NA | NA | An application invokes a service or web API, which in turn needs to call another service or web API. <br />  <br /> For the middle-tier service to make authenticated requests to the downstream service, pass a *client credential* token in the authorization header. Optionally, you can include a custom header with the Azure AD B2C user's token.  |
 [OpenId Connect](openid-connect.md) | GA | GA | OpenID Connect introduces the concept of an ID token, which is a security token that allows the client to verify the identity of the user. |
 [OpenId Connect hybrid flow](openid-connect.md) | GA | GA | Allows a web application retrieve the ID token on the authorize request along with an authorization code.  |
-[Resource owner password credentials (ROPC)](add-ropc-policy.md) | Preview | Preview | Allows a mobile application to sign in the user by directly handling their password. |
+[Resource owner password credentials (ROPC)](add-ropc-policy.md) | GA | GA | Allows a mobile application to sign in the user by directly handling their password. |
+| [Sign-out](session-behavior.md#sign-out)| GA | GA | |
+| [Single sign-out](session-behavior.md#sign-out)  | NA | Preview | |
 
 ### OAuth 2.0 options
 
@@ -62,6 +64,7 @@ The following table summarizes the OAuth 2.0 and OpenId Connect application auth
 | Insert JSON into user journey via `client_assertion`| NA| Deprecated |  |
 | Insert JSON into user journey as [id_token_hint](id-token-hint.md) | NA | GA | |
 | [Pass identity provider token to the application](idp-pass-through-user-flow.md)| Preview| Preview| For example, from Facebook to app. |
+| [Keep me signed in (KMSI)](session-behavior.md#enable-keep-me-signed-in-kmsi)| GA| GA| |
 
 ## SAML2 application authentication flows
 
@@ -77,6 +80,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 |Feature  |User flow  |Custom policy  |Notes  |
 |---------|:---------:|:---------:|---------|
 | [Multi-language support](localization.md)| GA | GA | |
+| [Custom domains](custom-domain.md)| Preview | Preview | |
 | [Custom email verification](custom-email-mailjet.md) | NA | GA| |
 | [Customize the user interface with built-in templates](customize-ui.md) | GA| GA| |
 | [Customize the user interface with custom templates](customize-ui-with-html.md) | GA| GA| By using HTML templates. |
@@ -88,6 +92,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 
 
 
+
 ## Identity providers
 
 |Feature  |User flow  |Custom policy  |Notes  |
@@ -143,7 +148,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 | [External login session provider](custom-policy-reference-sso.md#externalloginssosessionprovider) | GA |  |
 | [SAML SSO session provider](custom-policy-reference-sso.md#samlssosessionprovider) | GA |  |
 | [OAuth SSO Session Provider](custom-policy-reference-sso.md#oauthssosessionprovider)  | GA|  |
-| [Single sign-out](session-behavior.md#sign-out)  |  Preview |  |
+
 
 ### Components
 
@@ -155,6 +160,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 | [Azure Active Directory](active-directory-technical-profile.md) as local directory | GA |  |
 | [Predicate validations](predicates.md) | GA | For example, password complexity. |
 | [Display controls](display-controls.md) | GA |  |
+| [Sub journeys](subjourneys.md) | GA | |
 
 ### Developer interface
 

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -122,6 +122,7 @@ Use the .p8 file you downloaded previously to sign the client secret into a JWT
 
     - **appleTeamId**: Your Apple Developer Team ID
     - **appleServiceId**: The Apple Service ID (client ID)
+    - **appleKeyId**: The 10 digit Key Id stored in the JWT Header (required by Apple)
     - **p8key**: The PEM format key. You can obtain this by opening the .p8 file in a text editor and copying everything between 
     `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` without line breaks.
 
@@ -131,6 +132,7 @@ The following json is an example of a call to the Azure function:
 {
     "appleTeamId": "ABC123DEFG",
     "appleServiceId": "com.yourcompany.app1",
+    "appleKeyId": "URKEYID001",
     "p8key": "MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQg+s07NiAcuGEu8rxsJBG7ttupF6FRe3bXdHxEipuyK82gCgYIKoZIzj0DAQehRANCAAQnR1W/KbbaihTQayXH3tuAXA8Aei7u7Ij5OdRy6clOgBeRBPy1miObKYVx3ki1msjjG2uGqRbrc1LvjLHINWRD"
 }
 ```