Merge pull request #72364 from MicrosoftDocs/master

4/08 AM Publish

Author: huypub

articles/active-directory/b2b/one-time-passcode.md

@@ -7,13 +7,13 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 1/25/2019
+ms.date: 04/08/2019
 
 ms.author: mimart
 author: msmimart
 manager: mtillman
 ms.reviewer: mal
-ms.custom: "it-pro, seo-update-azuread-jan"
+ms.custom: "it-pro, seo-update-azuread-jan, seoapril2019"
 ms.collection: M365-identity-device-management
 ---
 
@@ -24,7 +24,7 @@ ms.collection: M365-identity-device-management
 | Email one-time passcode is a public preview feature of Azure Active Directory. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).|
 |     |
 
-The Email one-time passcode feature authenticates B2B guest users when they can't be authenticated through other means like Azure AD, a Microsoft account (MSA), or Google federation. With one-time passcode authentication, there's no need to create a Microsoft account. When the guest user redeems an invitation or accesses a shared resource, they can request a temporary code, which is sent to their email address. Then they enter this code to continue signing in.
+This article describes how to enable Email one-time passcode authentication for B2B guest users. The Email one-time passcode feature authenticates B2B guest users when they can't be authenticated through other means like Azure AD, a Microsoft account (MSA), or Google federation. With one-time passcode authentication, there's no need to create a Microsoft account. When the guest user redeems an invitation or accesses a shared resource, they can request a temporary code, which is sent to their email address. Then they enter this code to continue signing in.
 
 This feature is currently available for preview (see [Opting in to the preview](#opting-in-to-the-preview) below). After preview, this feature will be turned on by default for all tenants.
 

articles/active-directory/b2b/user-properties.md

@@ -1,24 +1,24 @@
 ---
-title: Properties of a B2B collaboration user - Azure Active Directory | Microsoft Docs
-description: Azure Active Directory B2B collaboration user properties are configurable
+title: Properties of a B2B guest user - Azure Active Directory | Microsoft Docs
+description: Azure Active Directory B2B guest user properties and states before and after invitation redemption
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: conceptual
-ms.date: 02/12/2019
+ms.date: 04/08/2019
 
 ms.author: mimart
 author: msmimart
 manager: daveba
 ms.reviewer: sasubram
-ms.custom: "it-pro, seo-update-azuread-jan"
+ms.custom: "it-pro, seo-update-azuread-jan, seoapril2019"
 ms.collection: M365-identity-device-management
 ---
 
 # Properties of an Azure Active Directory B2B collaboration user
 
-An Azure Active Directory (Azure AD) business-to-business (B2B) collaboration user is a user with UserType = Guest. This guest user typically is from a partner organization and has limited privileges in the inviting directory, by default.
+This article describes the properties and states of the B2B guest user object in Azure Active Directory (Azure AD) before and after invitation redemption. An Azure AD business-to-business (B2B) collaboration user is a user with UserType = Guest. This guest user typically is from a partner organization and has limited privileges in the inviting directory, by default.
 
 Depending on the inviting organization's needs, an Azure AD B2B collaboration user can be in one of the following account states:
 

articles/active-directory/develop/howto-app-gallery-listing.md

@@ -14,16 +14,18 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/15/2019
+ms.date: 04/08/2019
 ms.author: celested
 ms.reviewer: elisol, bryanla
-ms.custom: aaddev
+ms.custom: "aaddev, seoapril2019"
 
 ms.collection: M365-identity-device-management
 ---
 
 # How to: List your application in the Azure Active Directory application gallery
 
+This article shows how to list an application in the Azure AD application gallery, implement single sign-on (SSO), and manage the listing.
+
 ## What is the Azure AD application gallery?
 
 - Customers find the best possible single sign-on experience.

articles/active-directory/develop/howto-create-service-principal-portal.md

@@ -12,15 +12,15 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 10/24/2018
+ms.date: 04/08/2019
 ms.author: celested
 ms.reviewer: tomfitz
-
+ms.custom: seoapril2019
 ms.collection: M365-identity-device-management
 ---
 # How to: Use the portal to create an Azure AD application and service principal that can access resources
 
-When you have code that needs to access or modify resources, you can create an identity for the app. This identity is known as a service principal. You can then assign the required permissions to the service principal. This article shows you how to use the portal to create the service principal. It focuses on a single-tenant application where the application is intended to run within only one organization. You typically use single-tenant applications for line-of-business applications that run within your organization.
+This article shows you how to create a new Azure Active Directory application and service principal that can be used with the role-based access control. When you have code that needs to access or modify resources, you can create an identity for the app. This identity is known as a service principal. You can then assign the required permissions to the service principal. This article shows you how to use the portal to create the service principal. It focuses on a single-tenant application where the application is intended to run within only one organization. You typically use single-tenant applications for line-of-business applications that run within your organization.
 
 > [!IMPORTANT]
 > Instead of creating a service principal, consider using managed identities for Azure resources for your application identity. If your code runs on a service that supports managed identities and accesses resources that support Azure Active Directory (Azure AD) authentication, managed identities are a better option for you. To learn more about managed identities for Azure resources, including which services currently support it, see [What is managed identities for Azure resources?](../managed-identities-azure-resources/overview.md).

articles/active-directory/saas-apps/agiloft-tutorial.md

@@ -163,13 +163,13 @@ To configure Azure AD single sign-on with Agiloft, perform the following steps:
 
 	![Agiloft Configuration](./media/agiloft-tutorial/setup4.png)
 
-	a. In **IdP Entity Id / Issuer** textbox, paste the value of **Azure Ad Identifier**, which you have copied from Azure portal.
+	a. In **IdP Entity Id / Issuer** textbox, paste the value of **Azure Ad Identifier**, which you have copied from Azure portal.
 
-	b. In **IdP Login URL** textbox, paste the value of **Login URL**, which you have copied from Azure portal.
+	b. In **IdP Login URL** textbox, paste the value of **Login URL**, which you have copied from Azure portal.
 
-	c. In **IdP Logout URL** textbox, paste the value of **Logout URL**, which you have copied from Azure portal.
+	c. In **IdP Logout URL** textbox, paste the value of **Logout URL**, which you have copied from Azure portal.
 
-	d. Open your **base-64 encoded certificate** in notepad downloaded from Azure portal, copy the content of it into your clipboard, and then paste it to the **IdP Provided X.509 certificate contents** textbox.
+	d. Open your **base-64 encoded certificate** in notepad downloaded from Azure portal, copy the content of it into your clipboard, and then paste it to the **IdP Provided X.509 certificate contents** textbox.
 
 	e. Click **Finish**.
 

articles/active-directory/saas-apps/appraisd-tutorial.md

@@ -158,7 +158,7 @@ To configure Azure AD single sign-on with Appraisd, perform the following steps:
 
 1. In a different web browser window, sign in to Appraisd as a Security Administrator.
 
-2. On the top right of the page, click on **Settings** icon, then navigate to **Configuration**.
+2. On the top right of the page, click on **Settings** icon, then navigate to **Configuration**.
 
 	![image](./media/appraisd-tutorial/tutorial_appraisd_sett.png)
 
@@ -170,9 +170,9 @@ To configure Azure AD single sign-on with Appraisd, perform the following steps:
 
 	![image](./media/appraisd-tutorial/tutorial_appraisd_saml.png)
 
-	a. Copy the **Default Relay State** value and paste it in **Relay State** textbox in **Basic SAML Configuration** on Azure portal.
+	a. Copy the **Default Relay State** value and paste it in **Relay State** textbox in **Basic SAML Configuration** on Azure portal.
 
-	b. Copy the **Service-initiated login URL** value and paste it in **Sign-on URL** textbox in **Basic SAML Configuration** on Azure portal.
+	b. Copy the **Service-initiated login URL** value and paste it in **Sign-on URL** textbox in **Basic SAML Configuration** on Azure portal.
 
 5. Scroll down the same page under **Identifying users**, perform the following steps:
 
@@ -182,7 +182,7 @@ To configure Azure AD single sign-on with Appraisd, perform the following steps:
 
 	b. In the **Identity Provider Issuer URL** textbox, paste the value of **Azure Ad Identifier**, which you have copied from the Azure portal and click **Save**.
 
-	c. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its content, and then paste it into the **X.509 Certificate** box and click **Save**.
+	c. In Notepad, open the base-64 encoded certificate that you downloaded from the Azure portal, copy its content, and then paste it into the **X.509 Certificate** box and click **Save**.
 
 ### Create an Azure AD test user
 
@@ -243,11 +243,11 @@ To enable Azure AD users sign in to Appraisd, they must be provisioned into Appr
 
 1. Sign in to Appraisd as a Security Administrator.
 
-2. On the top right of the page, click on **Settings** icon, then navigate to **Administration centre**.
+2. On the top right of the page, click on **Settings** icon, then navigate to **Administration centre**.
 
 	![image](./media/appraisd-tutorial/tutorial_appraisd_admin.png)
 
-3. In the toolbar at the top of the page, click **People**, then navigate to **Add a new user**.
+3. In the toolbar at the top of the page, click **People**, then navigate to **Add a new user**.
 
 	![image](./media/appraisd-tutorial/tutorial_appraisd_user.png)
 

articles/active-directory/saas-apps/cisco-spark-tutorial.md

@@ -112,7 +112,7 @@ To configure Azure AD single sign-on with Cisco Webex, perform the following ste
 	> [!NOTE]
 	> This Identifier value is not real. Update this value with the actual Identifier. If you have Service Provider Metadata, upload it in the **Basic SAML Configuration** section then the **Identifier (Entity ID)** value gets auto populated automatically.
 
-5. Cisco Webex application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. Click on **Edit** icon to add the attributes.
+5. Cisco Webex application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. Click on **Edit** icon to add the attributes.
 
 	![image](common/edit-attribute.png)
 

articles/active-directory/saas-apps/hackerone-tutorial.md

@@ -143,9 +143,9 @@ To configure Azure AD single sign-on with HackerOne, perform the following steps
 
     a. In the **Email Domain** textbox, type a registered domain.
 
-    b. In  **Single Sign On URL** textboxes, paste the value of **Login URL** which you have copied from Azure portal.
+    b. In  **Single Sign On URL** textboxes, paste the value of **Login URL** which you have copied from Azure portal.
 
-	c. Open your downloaded **Certificate file** from Azure portal into Notepad, copy the content of it into your clipboard, and then paste it to the **X509 Certificate**  textbox.
+	c. Open your downloaded **Certificate file** from Azure portal into Notepad, copy the content of it into your clipboard, and then paste it to the **X509 Certificate**  textbox.
 
     d. Click **Save**.
 

articles/active-directory/saas-apps/helpscout-tutorial.md

@@ -107,7 +107,7 @@ To configure Azure AD single sign-on with Help Scout, perform the following step
 	b. **Reply URL** is the **Post-back URL (Assertion Consumer Service URL)** from Help Scout, starts with `https://` 
 
 	> [!NOTE]
-	> The values in these URLs are for demonstration only. You need to update these values from actual Reply URL and Identifier. You get these values from the **Single Sign-On** tab under Authentication section, which is explained later in the tutorial.
+	> The values in these URLs are for demonstration only. You need to update these values from actual Reply URL and Identifier. You get these values from the **Single Sign-On** tab under Authentication section, which is explained later in the tutorial.
 
 5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
 
@@ -153,7 +153,7 @@ To configure Azure AD single sign-on with Help Scout, perform the following step
 
 	![Configure Single Sign-On](./media/helpscout-tutorial/settings4.png)
 
-	a. In **Single Sign-On URL** textbox, paste the value of **Login URL**, which you have copied from Azure portal.
+	a. In **Single Sign-On URL** textbox, paste the value of **Login URL**, which you have copied from Azure portal.
 
 	b. Click **Upload Certificate** to upload the **Certificate(Base64)** downloaded from Azure portal.
 

articles/active-directory/saas-apps/mobileiron-tutorial.md

@@ -97,7 +97,7 @@ To configure Azure AD single sign-on with MobileIron, perform the following step
 
 	![Edit Basic SAML Configuration](common/edit-urls.png)
 
-4. On the **Basic SAML Configuration** section, perform the following steps if you wish to configure the application in **IDP** initiated mode:
+4. On the **Basic SAML Configuration** section, perform the following steps if you wish to configure the application in **IDP** initiated mode:
 
     ![MobileIron Domain and URLs single sign-on information](common/idp-intiated.png)