Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into yelevin/unified-IIT-take-two

Author: yelevin

articles/active-directory-b2c/add-captcha.md

@@ -1,11 +1,11 @@
 ---
 title: Enable CAPTCHA in Azure Active Directory B2C  
-description: How to enable CAPTCHA for user flows and custom policies in Azure Active Directory B2C.
+description: Learn how to enable CAPTCHA in Azure AD B2C for user flows and custom policies to protect sign-in and sign-up flows from automated attacks.
 author: kengaderdus
 manager: mwongerapk
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 05/03/2024
+ms.date: 02/18/2024
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: b2c
@@ -50,7 +50,7 @@ Azure Active Directory B2C (Azure AD B2C) allows you to enable CAPTCHA to preven
 
 ## Test the user flow
 
-Use the steps in [Test the user flow](tutorial-create-user-flows.md?pivots=b2c-user-flow#test-the-user-flow-1) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type, visual or audio, you choose.
+Use the steps in [Test the user flow](tutorial-create-user-flows.md?pivots=b2c-user-flow#test-the-user-flow-1) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type, visual, or audio, you choose.
 
 ::: zone-end
 
@@ -387,15 +387,15 @@ Use the steps in [Upload the policies](tutorial-create-user-flows.md?pivots=b2c-
 
 ## Test the custom policy
 
-Use the steps in [Test the custom policy](tutorial-create-user-flows.md?pivots=b2c-custom-policy#test-the-custom-policy) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type, visual or audio, you choose.
+Use the steps in [Test the custom policy](tutorial-create-user-flows.md?pivots=b2c-custom-policy#test-the-custom-policy) to test and confirm that CAPTCHA is enabled for your chosen flow. You should be prompted to enter the characters you see or hear depending on the CAPTCHA type, visual, or audio, you choose.
 
 ::: zone-end
 
 > [!NOTE]
 > - You can't add CAPTCHA to an MFA step in a sign-up only user flow.
 > - In an MFA flow, CAPTCHA is applicable where the MFA method you select is SMS or phone call, SMS only or Phone call only.
 
-## Next steps 
+## Related content
 
 - Learn how to [Define a CAPTCHA technical profile](captcha-technical-profile.md).
 - Learn how to [Configure CAPTCHA display control](display-control-captcha.md).

articles/active-directory-b2c/add-password-change-policy.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/19/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -164,7 +164,7 @@ The password change flow involves the following steps:
 1. For **Application**, select the application that you registered earlier. To see the token, the **Reply URL** should show `https://jwt.ms`.
 1. Select **Run now**. In the new tab that opens, remove "&prompt=login" from the URL and refresh the tab. Then, sign in with the account you created earlier. A password change dialog gives you the option to change the password.
 
-## Next steps
+## Related content
 
 * Find the [sample policy on GitHub](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/password-change).
 * Learn about how you can [configure password complexity in Azure AD B2C](password-complexity.md).

articles/active-directory-b2c/add-password-reset-policy.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 11/27/2024
+ms.date: 02/18/2024
 ms.author: godonnell
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -40,16 +40,16 @@ The default name of the **Change email** button in *selfAsserted.html* is **chan
 [!INCLUDE [active-directory-b2c-customization-prerequisites](../../includes/active-directory-b2c-customization-prerequisites.md)]
 
 
-- The B2C Users need to have an authentication method specified for self-service password reset. Select the B2C User, in the left menu under **Manage**,  select **Authentication methods**, ensure **Authentication contact info** is set. B2C users created via a SignUp flow will have this set by default. For users created via Azure Portal or by Graph API need to have this set for SSPR to work. 
+- The B2C Users need to have an authentication method specified for self-service password reset. Select the B2C User, in the left menu under **Manage**, select **Authentication methods**. Ensure **Authentication contact info** is set. B2C users created via a Sign-up flow has this set by default. For users created via Azure Portal or by Graph API, you need to set **Authentication contact info** for SSPR to work. 
 
 
 ## Self-service password reset (recommended)
 
-The new password reset experience is now part of the sign-up or sign-in policy. When the user selects the **Forgot your password?** link, they are immediately sent to the Forgot Password experience. Your application no longer needs to handle the [AADB2C90118 error code](#password-reset-policy-legacy), and you don't need a separate policy for password reset.
+The new password reset experience is now part of the sign-up or sign-in policy. When the user selects the **Forgot your password?** link, they're immediately sent to the Forgot Password experience. Your application no longer needs to handle the [AADB2C90118 error code](#password-reset-policy-legacy), and you don't need a separate policy for password reset.
 
 ::: zone pivot="b2c-user-flow"
 
-The self-service password reset experience can be configured for the Sign in (Recommended) or Sign up and sign in (Recommended) user flows. If you don't have one of these user flows set up, create a [sign-up or sign-in](add-sign-up-and-sign-in-policy.md) user flow.
+The self-service password reset experience can be configured for the Sign in (Recommended) or Sign up and sign in (Recommended) user flows. If you don't have one of these user flows setup, create a [sign-up or sign-in](add-sign-up-and-sign-in-policy.md) user flow.
 
 To set up self-service password reset for the sign-up or sign-in user flow:
 
@@ -192,7 +192,7 @@ The sub journey is called from the user journey and performs the specific steps
 
 ### Prepare your user journey
 
-Next, to connect the **Forgot your password?** link to the **Forgot Password** sub journey you will need to reference the **Forgot Password** sub journey ID in the **ClaimsProviderSelection** element of the **CombinedSignInAndSignUp** step.
+Next, to connect the **Forgot your password?** link to the **Forgot Password** sub journey you need to reference the **Forgot Password** sub journey ID in the **ClaimsProviderSelection** element of the **CombinedSignInAndSignUp** step.
 
 If you don't have your own custom user journey that has a **CombinedSignInAndSignUp** step, complete the following steps to duplicate an existing sign-up or sign-in user journey. Otherwise, continue to the next section.
 
@@ -352,14 +352,14 @@ To test the user flow:
 
 ### Create a password reset policy
 
-Custom policies are a set of XML files that you upload to your Azure AD B2C tenant to define user journeys. We provide [starter packs](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack) that have several pre-built policies, including sign up and sign in, password reset, and profile editing policies. For more information, see [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy).
+Custom policies are a set of XML files that you upload to your Azure AD B2C tenant to define user journeys. We provide [starter packs](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack) that have several prebuilt policies, including sign up and sign in, password reset, and profile editing policies. For more information, see [Get started with custom policies in Azure AD B2C](tutorial-create-user-flows.md?pivots=b2c-custom-policy).
 
 ::: zone-end
 
 ## Troubleshoot Azure AD B2C user flows and custom policies
 Your application needs to handle certain errors coming from Azure B2C service. Learn [how to troubleshoot Azure AD B2C's user flows and custom policies](troubleshoot.md).
 
-## Next steps
+## Related content
 
 Set up a [force password reset](force-password-reset.md).
 

articles/active-directory-b2c/claim-resolver-overview.md

@@ -1,15 +1,15 @@
 ---
 title: Claim resolvers in custom policies
 titleSuffix: Azure AD B2C
-description: Learn how to use claims resolvers in a custom policy in Azure Active Directory B2C.
+description: Learn how to use claim resolvers in Azure AD B2C custom policies to provide context information and populate claims with dynamic values.
 
 author: kengaderdus
 manager: CelesteDG
 
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 01/17/2024
+ms.date: 02/19/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -161,7 +161,7 @@ The following table lists the [OAuth2 identity provider](oauth2-technical-profil
 | {oauth2:access_token} | The OAuth2 identity provider access token. The `access_token` attribute. | `eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni...` |
 | {oauth2:token_type}   | The type of the access token. The `token_type` attribute. | Bearer  |
 | {oauth2:expires_in}   | The length of time that the access token is valid in seconds. The `expires_in` attribute. The output claim [DataType](claimsschema.md#datatype) must be `int` or `long`. | 960000 |
-| {oauth2:refresh_token} | The OAuth2 identity provider refresh token. The `refresh_token` attribute. | `eyJraWQiOiJacW9pQlp2TW5pYVc2MUY...` |
+| {oauth2:refresh_token} | The OAuth2 identity providers refresh token. The `refresh_token` attribute. | `eyJraWQiOiJacW9pQlp2TW5pYVc2MUY...` |
 
 To use the OAuth2 identity provider claim resolvers, set the output claim's `PartnerClaimType` attribute to the claim resolver.  The following example demonstrates how the get the external identity provider claims:
 
@@ -312,6 +312,6 @@ In a [Relying party](relyingparty.md) policy technical profile, you may want to
   </RelyingParty>
 ```
 
-## Next steps
+## Related content
 
 - Find more [claims resolvers samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-resolver) on the Azure AD B2C community GitHub repo

articles/active-directory-b2c/conditional-access-user-flow.md

@@ -1,11 +1,11 @@
 ---
 title: Add Conditional Access to a user flow in Azure AD B2C
-description: Learn how to add Conditional Access to your Azure AD B2C user flows. Configure multifactor authentication (MFA) settings and Conditional Access policies in your user flows to enforce policies and remediate risky sign-ins.
+description: Learn how to add Conditional Access to Azure AD B2C user flows. Configure MFA settings and policies to enforce and remediate risky sign-ins.
 
 ms.service: azure-active-directory
 ms.subservice: b2c
 ms.topic: overview
-ms.date: 09/11/2024
+ms.date: 02/18/2025
 ms.author: kengaderdus
 author: kengaderdus
 manager: CelesteDG
@@ -40,14 +40,14 @@ The following example shows a Conditional Access technical profile that is used
 </TechnicalProfile>
 ```
 
-To ensure that Identity Protection signals are evaluated properly, you'll want to call the `ConditionalAccessEvaluation` technical profile for all users, including both [local and social accounts](technical-overview.md#consumer-accounts). Otherwise, Identity Protection indicates an incorrect degree of risk associated with users.
+To ensure that Identity Protection signals are evaluated properly, you need to call the `ConditionalAccessEvaluation` technical profile for all users, including both [local and social accounts](technical-overview.md#consumer-accounts). Otherwise, Identity Protection indicates an incorrect degree of risk associated with users.
 ::: zone-end
 In the *Remediation* phase that follows, the user is challenged with MFA. Once complete, Azure AD B2C informs Identity Protection that the identified sign-in threat has been remediated and by which method. In this example, Azure AD B2C signals that the user has successfully completed the multifactor authentication challenge.
 The remediation may also happen through other channels. For example, when the account's password is reset, either by the administrator or by the user. You can check the user *Risk state* in the [risky users report](identity-protection-investigate-risk.md#navigating-the-risky-users-report).
 ::: zone pivot="b2c-custom-policy"
 > [!IMPORTANT]
 > To remediate the risk successfully within the journey, make sure the *Remediation* technical profile is called after the *Evaluation* technical profile is executed. If  *Evaluation* is invoked without *Remediation*, the risk state indicates as *At risk*.
-When the *Evaluation* technical profile recommendation returns `Block`, the call to the *Evaluation* technical profile is not required. The risk state is set to *At risk*.
+When the *Evaluation* technical profile recommendation returns `Block`, the call to the *Evaluation* technical profile isn't required. The risk state is set to *At risk*.
 The following example shows a Conditional Access technical profile used to remediate the identified threat:
 
 ```xml
@@ -153,7 +153,7 @@ To add a Conditional Access policy:
 
 ## Template 1: Sign-in risk-based Conditional Access
 
-Most users have a normal behavior that can be tracked, when they fall outside of this norm it could be risky to allow them to just sign in. You may want to block that user or maybe just ask them to perform multifactor authentication to prove that they are really who they say they are. A sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner. Azure AD B2C tenants with P2 licenses can create Conditional Access policies incorporating Microsoft Entra ID Protection sign-in risk detections.
+Most users have a normal behavior that can be tracked, when they fall outside of this norm it could be risky to allow them to just sign in. You may want to block that user or maybe just ask them to perform multifactor authentication to prove that they're really who they say they are. A sign-in risk represents the probability that a given authentication request isn't authorized by the identity owner. Azure AD B2C tenants with P2 licenses can create Conditional Access policies incorporating Microsoft Entra ID Protection sign-in risk detections.
 
 Note the limitations on Identity Protection detections for B2C. If risk is detected, users can perform multifactor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators.
 
@@ -351,11 +351,11 @@ Multiple Conditional Access policies may apply to an individual user at any time
 
 When adding Conditional Access to a user flow, consider using **Multi-factor authentication (MFA)**. Users can use a one-time code via SMS or voice, a one-time password via email, or a time-based one-time password (TOTP) code via an authenticator app for multifactor authentication. MFA settings are configured separately from Conditional Access settings. You can choose from these MFA options:
 
-- **Off** - MFA is never enforced during sign-in, and users are not prompted to enroll in MFA during sign-up or sign-in.
+- **Off** - MFA is never enforced during sign-in, and users aren't prompted to enroll in MFA during sign-up or sign-in.
 - **Always on** - MFA is always required, regardless of your Conditional Access setup. During sign-up, users are prompted to enroll in MFA. During sign-in, if users aren't already enrolled in MFA, they're prompted to enroll.
 - **Conditional** - During sign-up and sign-in, users are prompted to enroll in MFA (both new users and existing users who aren't enrolled in MFA). During sign-in, MFA is enforced only when an active Conditional Access policy evaluation requires it:
    - If the result is an MFA challenge with no risk, MFA is enforced. If the user isn't already enrolled in MFA, they're prompted to enroll.
-   - If the result is an MFA challenge due to risk *and* the user is not enrolled in MFA, sign-in is blocked.
+   - If the result is an MFA challenge due to risk *and* the user isn't enrolled in MFA, sign-in is blocked.
    > [!NOTE]
    > With general availability of Conditional Access in Azure AD B2C, users are now prompted to enroll in an MFA method during sign-up. Any sign-up user flows you created prior to general availability won't automatically reflect this new behavior, but you can include the behavior by creating new user flows.
 
@@ -435,6 +435,6 @@ To review the result of a Conditional Access event:
    - **AppliedPolicies**: A list of all the Conditional Access policies where the conditions were met and the policies are ON.
    - **ReportingPolicies**: A list of the Conditional Access policies that were set to report-only mode and where the conditions were met.
 
-## Next steps
+## Related content
 
 [Customize the user interface in an Azure AD B2C user flow](customize-ui-with-html.md)

articles/active-directory-b2c/configure-authentication-in-azure-web-app-file-based.md

@@ -1,13 +1,13 @@
 ---
-title: Configure authentication in an Azure Web App configuration file by using Azure Active Directory B2C
+title: Configure authentication in an Azure Web App configuration file by using Azure AD B2C
 description:  This article discusses how to use Azure Active Directory B2C to sign in and sign up users in an Azure Web App using configuration file.
 
 author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 
-ms.topic: reference
-ms.date: 01/11/2024
+ms.topic: how-to
+ms.date: 02/19/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: "b2c-support"
@@ -142,7 +142,6 @@ From your server code, the provider-specific tokens are injected into the reques
 |X-MS-CLIENT-PRINCIPAL-IDP| The identity provider name, `aadb2c`.|
 |X-MS-TOKEN-AADB2C-ID-TOKEN| The ID token issued by Azure AD B2C|
 
-## Next steps
-
+## Related content
 * After successful authentication, you can show display name on the navigation bar. To view the claims that the Azure AD B2C token returns to your app, check out the [Work with user identities in Azure App Service authentication](../app-service/configure-authentication-user-identities.md).
 * Learn how to [Work with OAuth tokens in Azure App Service authentication](../app-service/configure-authentication-oauth-tokens.md).

articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md

@@ -1,13 +1,13 @@
 ---
-title: Configure authentication in a sample Angular SPA by using Azure Active Directory B2C
-description: Learn how to use Azure Active Directory B2C to sign in and sign up users in an Angular SPA.
+title: Configure authentication in a sample Angular SPA by using Azure AD B2C
+description: Learn how to configure authentication in an Angular SPA using Azure AD B2C. Securely sign in users and call a protected web API with MSAL Angular.
 
 author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/19/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: "b2c-support"
@@ -273,9 +273,9 @@ You can add and modify redirect URIs in your registered applications at any time
 * The reply URL must begin with the scheme `https`.
 * The reply URL is case-sensitive. Its case must match the case of the URL path of your running application. 
 
-## Next steps
+## Related content
 
 * [Learn more about the code sample](https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/)
 * [Enable authentication in your own Angular application](enable-authentication-angular-spa-app.md)
 * [Configure authentication options in your Angular application](enable-authentication-angular-spa-app-options.md)
-* [Enable authentication in your own web API](enable-authentication-web-api.md)
+* [Enable authentication in your own web API](enable-authentication-web-api.md)

articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md

@@ -1,13 +1,13 @@
 ---
-title: Configure authentication in a sample React SPA by using Azure Active Directory B2C
-description: Learn how to use Azure Active Directory B2C to sign in and sign up users in a React SPA.
+title: Configure authentication in a sample React SPA by using Azure AD B2C
+description: Learn how to use Azure AD B2C to sign in and sign up users in a React SPA. Securely call a protected web API with MSAL React.
 
 author: kengaderdus
 manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/11/2024
+ms.date: 02/19/2025
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: "b2c-support"