merging master

Author: MashaMSFT

.openpublishing.redirection.json

@@ -62,9 +62,6 @@
         href: active-directory-b2c-reference-tokens.md
       - name: Request access token
         href: active-directory-b2c-access-tokens.md
-      - name: Support multiple token issuers
-        href: multiple-token-endpoints.md
-        displayName: migrate, b2clogin, owin, jwt
   - name: User flow and policy
     items:
     - name: User flows
@@ -307,7 +304,12 @@
       - name: RelyingParty
         href: relyingparty.md
   - name: Use b2clogin.com
-    href: b2clogin.md
+    items:
+    - name: b2clogin.com overview
+      href: b2clogin.md
+    - name: Migrate web API to b2clogin.com
+      href: multiple-token-endpoints.md
+      displayName: migrate, b2clogin, owin, jwt
   - name: Automation
     items:
     - name: Export usage report

articles/active-directory-b2c/TOC.yml

@@ -15,7 +15,7 @@ ms.subservice: B2C
 ---
 # Request an access token in Azure Active Directory B2C
 
-An *access token* contains claims that you can use in Azure Active Directory (Azure AD) B2C to identify the granted permissions to your APIs. When calling a resource server, an access token must be present in the HTTP request. An access token is denoted as **access_token** in the responses from Azure AD B2C. 
+An *access token* contains claims that you can use in Azure Active Directory (Azure AD) B2C to identify the granted permissions to your APIs. When calling a resource server, an access token must be present in the HTTP request. An access token is denoted as **access_token** in the responses from Azure AD B2C.
 
 This article shows you how to request an access token for a web application and web API. For more information about tokens in Azure AD B2C, see the [overview of tokens in Azure Active Directory B2C](active-directory-b2c-reference-tokens.md).
 
@@ -63,13 +63,13 @@ In the following example, you replace these values:
 - `<application-ID>` - The application identifier of the web application that you registered to support the user flow.
 - `<redirect-uri>` - The **Redirect URI** that you entered when you registered the client application.
 
-```
+```HTTP
 GET https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
 client_id=<application-ID>
 &nonce=anyRandomValue
 &redirect_uri=https://jwt.ms
 &scope=https://tenant-name>.onmicrosoft.com/api/read
-&response_type=code 
+&response_type=code
 ```
 
 The response with the authorization code should be similar to this example:
@@ -80,9 +80,9 @@ https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
 
 After successfully receiving the authorization code, you can use it to request an access token:
 
-```
+```HTTP
 POST <tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=<policy-name> HTTP/1.1
-Host: https://<tenant-name>.b2clogin.com
+Host: <tenant-name>.b2clogin.com
 Content-Type: application/x-www-form-urlencoded
 
 grant_type=authorization_code
@@ -95,7 +95,7 @@ grant_type=authorization_code
 
 You should see something similar to the following response:
 
-```
+```JSON
 {
     "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrN...",
     "token_type": "Bearer",
@@ -109,7 +109,7 @@ You should see something similar to the following response:
 
 When using https://jwt.ms to examine the access token that was returned, you should see something similar to the following example:
 
-```
+```JSON
 {
   "typ": "JWT",
   "alg": "RS256",

articles/active-directory-b2c/active-directory-b2c-access-tokens.md

@@ -23,6 +23,7 @@ This article shows you how to enable sign-in for an ADFS user account by using [
 
 - Complete the steps in [Get started with custom policies in Azure Active Directory B2C](active-directory-b2c-get-started-custom.md).
 - Make sure that you have access to a certificate .pfx file with a private key. You can generate your own signed certificate and upload it to Azure AD B2C. Azure AD B2C uses this certificate to sign the SAML request sent to your SAML identity provider.
+- In order for Azure to accept the .pfx file password, the password must be encrypted with the TripleDES-SHA1 option in Windows Certificate Store Export utility as opposed to AES256-SHA256.
 
 ## Create a policy key
 

articles/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw.md

@@ -1,14 +1,14 @@
 ---
-title: Frequently asked questions for Azure Active Directory B2C
-description: Frequently asked questions (FAQ) about Azure Active Directory B2C.
+title: Frequently asked questions (FAQ) for Azure Active Directory B2C
+description: Answers to frequently asked questions about Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/08/2019
+ms.date: 08/08/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -33,17 +33,15 @@ Azure AD B2C can't be used to authenticate users for Microsoft Office 365. Azure
 
 In an Azure AD tenant, users that belong to the tenant sign-in with an email address of the form `<xyz>@<tenant domain>`. The `<tenant domain>` is one of the verified domains in the tenant or the initial `<...>.onmicrosoft.com` domain. This type of account is a work or school account.
 
-In an Azure AD B2C tenant, most apps want the user to sign-in with any arbitrary email address (for example, [email protected], [email protected], [email protected], or [email protected]). This type of account is a local account. We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types when configuring identity providers for Azure AD B2C in the Azure portal. In your Azure AD B2C tenant, click **Identity providers** and then select **Username** under Local accounts.
+In an Azure AD B2C tenant, most apps want the user to sign-in with any arbitrary email address (for example, [email protected], [email protected], [email protected], or [email protected]). This type of account is a local account. We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types when configuring identity providers for Azure AD B2C in the Azure portal. In your Azure AD B2C tenant, select **Identity providers**, select **Local account**, and then select **Username**.
 
 User accounts for applications must always be created through a sign-up user flow, sign-up or sign-in user flow, or by using the Azure AD Graph API. User accounts created in the Azure portal are only used for administering the tenant.
 
 ### Which social identity providers do you support now? Which ones do you plan to support in the future?
 
-We currently support Facebook, Google+, LinkedIn, Amazon, Twitter (preview), WeChat (preview), Weibo (preview), and QQ (Preview). We will add support for other popular social identity providers based on customer demand.
+We currently support several social identity providers including Amazon, Facebook, GitHub (preview), Google, LinkedIn, Microsoft Account (MSA), QQ (preview), Twitter, WeChat (preview), and Weibo (preview). We evaluate adding support for other popular social identity providers based on customer demand.
 
-Azure AD B2C has also added support for [custom policies](active-directory-b2c-overview-custom.md). These custom policies allow a developer to create their own policy with any identity provider that supports [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) or SAML.
-
-Get started with custom policies by checking out our [custom policy starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack).
+Azure AD B2C also supports [custom policies](active-directory-b2c-overview-custom.md). Custom policies allow you to create your own policy for any identity provider that supports [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) or SAML. Get started with custom policies by checking out our [custom policy starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack).
 
 ### Can I configure scopes to gather more information about consumers from various social identity providers?
 

articles/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.md

@@ -40,7 +40,7 @@ The **B2C** category in audit logs contains the following types of activities:
 > For user object CRUD activities, refer to the **Core Directory** category.
 
 ## Example activity
-The example below shows the data captured when a user signs in with an external identity provider:
+The example below shows the data captured when a user signs in with an external identity provider:  
     ![Example of Audit Log Activity Details page in Azure portal](./media/active-directory-b2c-reference-audit-logs/audit-logs-example.png)
 
 The activity details panel contains the following relevant information: