Merge pull request #252425 from MicrosoftDocs/alexbuckgit/docutune-autopr-20230921-144724-7554432-ignore-build

[BULK] DocuTune - Rebranding of Azure Active Directory to Microsoft Entra (part 1)

Author: JamesJBarnett

articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in-federation.md

@@ -51,15 +51,15 @@ Use the steps outlined in [Create the Facebook key](identity-provider-facebook.m
 To configure sign in with Facebook, you need to perform the following steps:
 
 - Declare more claims
-- Define more claims transformations to help with claims manipulations such as creating *AlternativeSecurityId*.
+- Define more claims transformations to help with claims manipulations such as creating `AlternativeSecurityId`.
 - Configure Facebook claims provider
 - Configure Microsoft Entra technical profiles to read and write the social account from and to the Microsoft Entra database.
 - Configure a self-asserted technical profile (for accepting additional input from user or updating user details) and its content definition. 
 
 
 ### Step 3.1 - Declare more claims 
 
-In the `ContosoCustomPolicy.XML` file, locate the *ClaimsSchema* section, and then declare more claims by using the following code:
+In the `ContosoCustomPolicy.XML` file, locate the `ClaimsSchema` section, and then declare more claims by using the following code:
 
 ```xml
     <!--<ClaimsSchema>-->
@@ -114,7 +114,7 @@ In the `ContosoCustomPolicy.XML` file, locate the *ClaimsSchema* section, and th
 
 ### Step 3.2 - Define claims transformations 
 
-In the `ContosoCustomPolicy.XML` file, locate the *ClaimsTransformations* element, and add claims transformations by using the following code: 
+In the `ContosoCustomPolicy.XML` file, locate the `ClaimsTransformations` element, and add claims transformations by using the following code: 
 
  ```xml
     <!--<ClaimsTransformations>-->
@@ -152,13 +152,13 @@ In the `ContosoCustomPolicy.XML` file, locate the *ClaimsTransformations* elemen
     <!--</ClaimsTransformations>-->
  ```
 
-We've defined three Claims Transformations, which we use to generate values for *alternativeSecurityId* and *userPrincipalName* claims. These ClaimsTransformations are invoked in the OAuth2 technical profile in [step 3.3](#step-33---configure-facebook-claims-provider).   
+We've defined three Claims Transformations, which we use to generate values for `alternativeSecurityId` and `userPrincipalName` claims. These ClaimsTransformations are invoked in the OAuth2 technical profile in [step 3.3](#step-33---configure-facebook-claims-provider).   
 
 ### Step 3.3 - Configure Facebook claims provider
 
 To enable users to sign in using a Facebook account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. You can define a Facebook account as a claims provider. 
 
-In the `ContosoCustomPolicy.XML` file, locate *ClaimsProviders* element, add a new claims provider by using the following code: 
+In the `ContosoCustomPolicy.XML` file, locate `ClaimsProviders` element, add a new claims provider by using the following code: 
 
 ```xml
     <!--<ClaimsProviders>-->
@@ -210,18 +210,18 @@ In the `ContosoCustomPolicy.XML` file, locate *ClaimsProviders* element, add a n
 ```
 
 Replace:
-- `facebook-app-id` with the value of Facebook *appID* you obtained in [step 1](#step-1---create-facebook-application). 
+- `facebook-app-id` with the value of Facebook `appID` you obtained in [step 1](#step-1---create-facebook-application). 
 - `facebook-policy-key` with the name of the Facebook policy key you obtained in [step 2](#step-2---create-facebook-policy-key).
 
-Notice the claims transformations we defined in [step 3.2](#step-32---define-claims-transformations) in the *OutputClaimsTransformations* collection.   
+Notice the claims transformations we defined in [step 3.2](#step-32---define-claims-transformations) in the `OutputClaimsTransformations` collection.   
 
 <a name='step-34---create-azure-ad-technical-profiles'></a>
 
 ### Step 3.4 - Create Microsoft Entra technical profiles
 
 Just like in sign-in with a local account, you need to configure the [Microsoft Entra Technical Profiles](active-directory-technical-profile.md), which you use to connect to Microsoft Entra storage, to store or read a user social account. 
 
-1. In the `ContosoCustomPolicy.XML` file, locate the *Microsoft Entra ID-UserUpdate* technical profile and then add a new technical profile by using the following code: 
+1. In the `ContosoCustomPolicy.XML` file, locate the `AAD-UserUpdate` technical profile and then add a new technical profile by using the following code: 
 
     ```xml
         <TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
@@ -257,11 +257,11 @@ Just like in sign-in with a local account, you need to configure the [Microsoft
 
         </TechnicalProfile>
     ```
-    We've added a new Microsoft Entra Technical Profile *AAD-UserWriteUsingAlternativeSecurityId* that writes a new social account into Microsoft Entra ID. 
+    We've added a new Microsoft Entra Technical Profile `AAD-UserWriteUsingAlternativeSecurityId` that writes a new social account into Microsoft Entra ID.
 
 1. Replace *B2C_1A_TokenSigningKeyContainer* with the token signing key you created in [Configure the signing](custom-policies-series-hello-world.md#step-1---configure-the-signing-and-encryption-keys).  
 
-1. In the `ContosoCustomPolicy.XML` file, add another Microsoft Entra technical profile after the *AAD-UserWriteUsingAlternativeSecurityId* Technical Profile by using the following code:   
+1. In the `ContosoCustomPolicy.XML` file, add another Microsoft Entra technical profile after the `AAD-UserWriteUsingAlternativeSecurityId` Technical Profile by using the following code:   
 
      ```xml
         <TechnicalProfile Id="AAD-UserReadUsingAlternativeSecurityId">
@@ -290,15 +290,15 @@ Just like in sign-in with a local account, you need to configure the [Microsoft
         </TechnicalProfile>
      ```
 
-    We've added a new Microsoft Entra Technical Profile *AAD-UserReadUsingAlternativeSecurityId* that reads a new social account from Microsoft Entra ID. It uses `alternativeSecurityId` as a unique identifier for the social account. 
+    We've added a new Microsoft Entra Technical Profile `AAD-UserReadUsingAlternativeSecurityId` that reads a new social account from Microsoft Entra ID. It uses `alternativeSecurityId` as a unique identifier for the social account. 
 
 1. Replace *B2C_1A_TokenSigningKeyContainer* with the token signing key you created in [Configure the signing](custom-policies-series-hello-world.md#step-1---configure-the-signing-and-encryption-keys).
 
 ### Step 3.5 - Configure content definition 
 
 After a user signs in, you can collect some information from them by using a self-asserted technical profile. So, you need to configure content definition for the self-asserted technical profile.  
 
-In the `ContosoCustomPolicy.XML` file, locate the *ContentDefinitions* element, and then add a new content definition in the `ContentDefinitions` collection by using the following code: 
+In the `ContosoCustomPolicy.XML` file, locate the `ContentDefinitions` element, and then add a new content definition in the `ContentDefinitions` collection by using the following code: 
 
 ```xml
     <ContentDefinition Id="socialAccountsignupContentDefinition">
@@ -316,7 +316,7 @@ We use this content definition as a metadata in a self-asserted technical profil
 
 The self-asserted technical profile you configure in this step is used to collect more information from the user or update similar information obtained from the social account. 
 
-In the `ContosoCustomPolicy.XML` file, locate the *ClaimsProviders* section, and then add a new claims provider by using the following code: 
+In the `ContosoCustomPolicy.XML` file, locate the `ClaimsProviders` section, and then add a new claims provider by using the following code: 
 
 ```xml
     <!--<ClaimsProviders>-->
@@ -374,9 +374,9 @@ In the `ContosoCustomPolicy.XML` file, locate the *ClaimsProviders* section, and
     <!--</ClaimsProviders>-->
 ```
 
-The claims provider we've added contains a self-asserted technical profile, *SelfAsserted-Social*. The self-asserted technical profile uses the *AAD-UserWriteUsingAlternativeSecurityId* Technical Profile as a validation technical profile. So, the *AAD-UserWriteUsingAlternativeSecurityId* Technical Profile executes when the user selects the **Continue** button (see screenshot in [step 7](#step-7---test-policy)).     
+The claims provider we've added contains a self-asserted technical profile, `SelfAsserted-Social`. The self-asserted technical profile uses the `AAD-UserWriteUsingAlternativeSecurityId` Technical Profile as a validation technical profile. So, the `AAD-UserWriteUsingAlternativeSecurityId` Technical Profile executes when the user selects the **Continue** button (see screenshot in [step 7](#step-7---test-policy)).     
 
-Also, notice that we've added the content definition, *socialAccountsignupContentDefinition*, that we configured in [step 3.5](#step-35---configure-content-definition) in the metadata section.  
+Also, notice that we've added the content definition, `socialAccountsignupContentDefinition`, that we configured in [step 3.5](#step-35---configure-content-definition) in the metadata section.  
 
 ## Step 4 - Update the User journey orchestration steps
 
@@ -438,21 +438,21 @@ In the orchestration, we've used make reference to technical profiles that enabl
 
 When the custom policy runs:
 
-- **Orchestration Step 1** - This step includes a *ClaimsProviderSelections* element, which lists the available sign-in options a user can choose from. In this case, we've only have one option, *FacebookExchange*, so when the policy runs, users are taken directly to Facebook.com in step 2 as shown by the `TargetClaimsExchangeId` attribute. 
+- **Orchestration Step 1** - This step includes a `ClaimsProviderSelections` element, which lists the available sign-in options a user can choose from. In this case, we've only have one option, `FacebookExchange`, so when the policy runs, users are taken directly to Facebook.com in step 2 as shown by the `TargetClaimsExchangeId` attribute. 
 
--  **Orchestration Step 2** - The *Facebook-OAUTH* technical profile executes, so the user is redirected to Facebook to sign in. 
+- **Orchestration Step 2** - The `Facebook-OAUTH` technical profile executes, so the user is redirected to Facebook to sign in. 
 
-- **Orchestration Step 3** - In step 3, the *AAD-UserReadUsingAlternativeSecurityId* technical profile executes to try to read the user social account from Microsoft Entra storage. If the social account is found, `objectId` is returned as an output claim.    
+- **Orchestration Step 3** - In step 3, the `AAD-UserReadUsingAlternativeSecurityId` technical profile executes to try to read the user social account from Microsoft Entra storage. If the social account is found, `objectId` is returned as an output claim.    
 
 - **Orchestration Step 4** - This step runs if the user doesn't already exist (`objectId` doesn't exist). It shows the form that collects more information from the user or updates similar information obtained from the social account.
 
--  **Orchestration Step 5** - This step runs if the user doesn't already exist (`objectId` doesn't exist), so the *AAD-UserWriteUsingAlternativeSecurityId* Technical Profile executes to write the social account into Microsoft Entra ID.  
+- **Orchestration Step 5** - This step runs if the user doesn't already exist (`objectId` doesn't exist), so the `AAD-UserWriteUsingAlternativeSecurityId` Technical Profile executes to write the social account into Microsoft Entra ID.  
 
 - **Orchestration Step 6** - Finally, step 6 assembles and returns the JWT token at the end of the policy’s execution.
 
 ## Step 5 - Update relying party output claims 
 
-In the `ContosoCustomPolicy.XML` file, locate the *RelyingParty* element, and then replace all the output claims collection with the following code:
+In the `ContosoCustomPolicy.XML` file, locate the `RelyingParty` element, and then replace all the output claims collection with the following code:
 
 ```xml
     <OutputClaim ClaimTypeReferenceId="displayName" />
@@ -514,7 +514,7 @@ Use the following steps to add a combined local and social account:
         <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localIdpAuthentication" AlwaysUseDefaultValue="true" />
     ```
 
-1. In the `UserJourneys` section, add a new user journey, *LocalAndSocialSignInAndSignUp* by using the following code: 
+1. In the `UserJourneys` section, add a new user journey, `LocalAndSocialSignInAndSignUp` by using the following code: 
 
     ```xml
         <!--<UserJourneys>-->
@@ -527,7 +527,7 @@ Use the following steps to add a combined local and social account:
         <!--</UserJourneys>-->
     ```
 
-1. In the user journey you've created, *LocalAndSocialSignInAndSignUp*, add orchestration steps by using the following code:
+1. In the user journey you've created, `LocalAndSocialSignInAndSignUp`, add orchestration steps by using the following code:
 
     ```xml
         <!--<UserJourneys>

articles/active-directory-b2c/custom-policies-series-store-user.md

@@ -109,12 +109,12 @@ You need to configure two [Microsoft Entra Technical Profile](active-directory-t
         </TechnicalProfile>
     ```
 
-    We've added a new Microsoft Entra technical profile, *AAD-UserWrite*. You need to take note of the following important parts of the technical profile: 
-    
+    We've added a new Microsoft Entra technical profile, `AAD-UserWrite`. You need to take note of the following important parts of the technical profile: 
+
     -  *Operation*: The operation specifies the action to be performed, in this case, *Write*. Learn more about other [operations in a Microsoft Entra technical provider](active-directory-technical-profile.md#azure-ad-technical-profile-operations). 
-    
+
     - *Persisted claims*: The *PersistedClaims* element contains all of the values that should be stored into Microsoft Entra storage.
-    
+
     - *InputClaims*: The *InputClaims* element contains a claim, which is used to look up an account in the directory, or create a new one. There must be exactly one input claim element in the input claims collection for all Microsoft Entra technical profiles. This technical profile uses the *email* claim, as the key identifier for the user account. Learn more about [other key identifiers you can use uniquely identify a user account](active-directory-technical-profile.md#inputclaims).
 
 
@@ -276,7 +276,7 @@ After the policy finishes execution, and you receive your ID token, check that t
     :::image type="content" source="media/custom-policies-series-store-user/screenshot-of-create-users-custom-policy.png" alt-text="A screenshot of creating a user account in Azure AD.":::   
 
 
-In our *Microsoft Entra ID-UserWrite* Microsoft Entra Technical Profile, we specify that if the user already exists, we raise an error message.
+In our `AAD-UserWrite` Microsoft Entra Technical Profile, we specify that if the user already exists, we raise an error message.
 
 Test your custom policy again by using the same **Email Address**. Instead of the policy executing to completion to issue an ID token, you should see an error message similar to the screenshot below. 
 

articles/active-directory-b2c/external-identities-videos.md

@@ -35,6 +35,6 @@ Learn how to perform various use cases in Azure AD B2C.
 
 | Video title | Video |Video title|Video|
 |:------|:------|:------|:------|
-|[Microsoft Entra ID: Monitoring and reporting Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=1) 6:57|[:::image type="icon" source="./media/external-identities-videos/monitoring-reporting.png" border="false":::](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=2)|[Azure AD B2C user migration using Microsoft Graph API](https://www.youtube.com/watch?v=9BRXBtkBzL4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=5) 7:09| [:::image type="icon" source="./media/external-identities-videos/user-migration-msgraph-api.png" border="false":::](https://www.youtube.com/watch?v=9BRXBtkBzL4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6)|
+|[Monitoring and reporting Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=1) 6:57|[:::image type="icon" source="./media/external-identities-videos/monitoring-reporting.png" border="false":::](https://www.youtube.com/watch?v=Mu9GQy-CbXI&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=2)|[Azure AD B2C user migration using Microsoft Graph API](https://www.youtube.com/watch?v=9BRXBtkBzL4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=5) 7:09| [:::image type="icon" source="./media/external-identities-videos/user-migration-msgraph-api.png" border="false":::](https://www.youtube.com/watch?v=9BRXBtkBzL4&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=6)|
 | [Azure AD B2C user migration strategies](https://www.youtube.com/watch?v=lCWR6PGUgz0&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=2) 8:22| [:::image type="icon" source="./media/external-identities-videos/user-migration-stratagies.png" border="false":::](https://www.youtube.com/watch?v=lCWR6PGUgz0&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=3)| [How to localize or customize language using Azure AD B2C](https://www.youtube.com/watch?v=yqrX5_tA7Ms&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) 20:41| [:::image type="icon" source="./media/external-identities-videos/language-localization.png" border="false":::](https://www.youtube.com/watch?v=yqrX5_tA7Ms&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) | 
 |[Configure monitoring: Azure AD B2C using Azure Monitor](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) 17:23 | [:::image type="icon" source="./media/external-identities-videos/configure-monitoring.png" border="false":::](https://www.youtube.com/watch?v=tF2JS6TGc3g&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=15) | [Configuring custom domains in Azure AD B2C using Azure Front Door](https://www.youtube.com/watch?v=mVNB59VK-DQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=13) 19:45| [:::image type="icon" source="./media/external-identities-videos/configure-custom-domains.png" border="false":::](https://www.youtube.com/watch?v=mVNB59VK-DQ&list=PL3ZTgFEc7LyuJ8YRSGXBUVItCPnQz3YX0&index=14) |

articles/active-directory-b2c/social-transformations.md

@@ -45,7 +45,7 @@ Adds an `AlternativeSecurityId` to an `alternativeSecurityIdCollection` claim. C
 
 The following example links a new social identity with an existing account. To link a new social identity:
 
-1. In the **Microsoft Entra ID-UserReadUsingAlternativeSecurityId** and **Microsoft Entra ID-UserReadUsingObjectId** technical profiles, output the user's **alternativeSecurityIds** claim.
+1. In the `AAD-UserReadUsingAlternativeSecurityId` and `AAD-UserReadUsingObjectId` technical profiles, output the user's `alternativeSecurityIds` claim.
 1. Ask the user to sign in with one of the identity providers that aren't associated with this user.
 1. Using the **CreateAlternativeSecurityId** claims transformation, create a new **alternativeSecurityId** claim type with a name of `AlternativeSecurityId2`
 1. Call the **AddItemToAlternativeSecurityIdCollection** claims transformation to add the **AlternativeSecurityId2** claim to the existing **AlternativeSecurityIds** claim.
@@ -190,7 +190,7 @@ Removes an **AlternativeSecurityId** from an **alternativeSecurityIdCollection**
 
 The following example unlinks one of the social identities with an existing account. To unlink a social identity:
 
-1. In the **AAD-UserReadUsingAlternativeSecurityId** and **AAD-UserReadUsingObjectId** technical profiles, output the user's **alternativeSecurityIds** claim.
+1. In the `AAD-UserReadUsingAlternativeSecurityId` and `AAD-UserReadUsingObjectId` technical profiles, output the user's `alternativeSecurityIds` claim.
 2. Ask the user to select which social account to remove from the list identity providers that are associated with this user.
 3. Call a claims transformation technical profile that calls the **RemoveAlternativeSecurityIdByIdentityProvider** claims transformation, that removed the selected social identity, using identity provider name.
 4. Persist the **alternativeSecurityIds** claim to the user account.