Merge branch 'release-ahds-rn' of https://github.com/MicrosoftDocs/azure-docs-pr into release-ahds-rn

Author: shellyhaverkamp

.openpublishing.redirection.json

@@ -10640,11 +10640,6 @@
             "redirect_url": "/azure/orbital/overview",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/load-balancer/cross-region-overview.md",
-            "redirect_url": "/azure/reliability/reliability-load-balancer",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/load-balancer/load-balancer-standard-availability-zones.md",
             "redirect_url": "/azure/reliability/reliability-load-balancer",

articles/active-directory-b2c/custom-domain.md

@@ -1,12 +1,12 @@
 ---
-title: Enable Azure AD B2C custom domains
+title: Enable custom domains in Azure Active Directory B2C
 titleSuffix: Azure AD B2C
-description: Learn how to enable custom domains in your redirect URLs for Azure Active Directory B2C.
+description: Learn how to enable custom domains in your redirect URLs for Azure Active Directory B2C, so that my users have a seamless experience. 
 author: kengaderdus
 manager: CelesteDG
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 01/26/2024
+ms.date: 02/14/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -15,7 +15,7 @@ zone_pivot_groups: b2c-policy-type
 #Customer intent: As a developer, I want to use my own domain name for the sign-in and sign-up experience, so that my users have a seamless experience.
 ---
 
-# Enable custom domains for Azure Active Directory B2C
+# Enable custom domains in Azure Active Directory B2C
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
@@ -52,8 +52,12 @@ When using custom domains, consider the following:
 
 - You can set up multiple custom domains. For the maximum number of supported custom domains, see [Microsoft Entra service limits and restrictions](/entra/identity/users/directory-service-limits-restrictions) for Azure AD B2C and [Azure subscription and service limits, quotas, and constraints](/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-front-door-classic-limits) for Azure Front Door.
 - Azure Front Door is a separate Azure service, so extra charges will be incurred. For more information, see [Front Door pricing](https://azure.microsoft.com/pricing/details/frontdoor).
-- After you configure custom domains, users will still be able to access the Azure AD B2C default domain name *<tenant-name>.b2clogin.com* (unless you're using a custom policy and you [block access](#optional-block-access-to-the-default-domain-name).
-- If you have multiple applications, migrate them all to the custom domain because the browser stores the Azure AD B2C session under the domain name currently being used.
+- If you've multiple applications, migrate all oft them to the custom domain because the browser stores the Azure AD B2C session under the domain name currently being used.
+- After you configure custom domains, users will still be able to access the Azure AD B2C default domain name *<tenant-name>.b2clogin.com*. You need to block access to the default domain so that attackers can't use it to access your apps or run distributed denial-of-service (DDoS) attacks. [Submit a support ticket](find-help-open-support-ticket.md) to request for the  blocking of access to the default domain.
+
+> [!WARNING]
+> Don't request blocking of the default domain until your custom domain works properly.
+
 
 ## Prerequisites
 

articles/active-directory-b2c/custom-policies-series-validate-user-input.md

@@ -49,7 +49,7 @@ Azure Active Directory B2C (Azure AD B2C) custom policy not only allows you to m
 
 ## Step 1 - Validate user input by limiting user input options 
 
-If you know all the possible values that a user can enter for a given input, you can provide a finite set of values that a user must select from. You can use *DropdownSinglSelect*, *CheckboxMultiSelect*, and *RadioSingleSelect* [UserInputType](claimsschema.md#userinputtype) for this purpose. In this article, you'll use a *RadioSingleSelect* input type:
+If you know all the possible values that a user can enter for a given input, you can provide a finite set of values that a user must select from. You can use *DropdownSingleSelect*, *CheckboxMultiSelect*, and *RadioSingleSelect* [UserInputType](claimsschema.md#userinputtype) for this purpose. In this article, you'll use a *RadioSingleSelect* input type:
 
 1. In VS Code, open the file `ContosoCustomPolicy.XML`. 
 

articles/active-directory-b2c/find-help-open-support-ticket.md

@@ -41,7 +41,7 @@ If you're unable to find answers by using self-help resources, you can open an o
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
+1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Microsoft Entra tenant from the **Directories + subscriptions** menu. Currently, you can't submit support cases directly from your Azure AD B2C tenant.
 
 1. In the Azure portal, search for and select **Microsoft Entra ID**.
 

articles/active-directory-b2c/manage-custom-policies-powershell.md

@@ -1,26 +1,26 @@
 ---
-title: Manage custom policies with PowerShell
+title: Manage custom policies with Microsoft Graph PowerShell
 titleSuffix: Azure AD B2C
-description: Use the Azure Active Directory (Azure AD) PowerShell cmdlet for programmatic management of your Azure AD B2C custom policies. Create, read, update, and delete custom policies with PowerShell.
+description: Use the Microsoft Graph PowerShell cmdlets for programmatic management of your Azure AD B2C custom policies. Create, read, update, and delete custom policies with PowerShell.
 author: kengaderdus
 manager: CelesteDG
 
 ms.service: active-directory
 
-ms.custom: devx-track-azurepowershell, has-azure-ad-ps-ref
+ms.custom: devx-track-azurepowershell, has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 ms.topic: how-to
 ms.date: 01/11/2024
 ms.author: kengaderdus
 ms.subservice: B2C
 
 
-#Customer intent: As an Azure AD B2C administrator, I want to manage custom policies using Azure PowerShell, so that I can review, update, and delete policies in my Azure AD B2C tenant.
+#Customer intent: As an Azure AD B2C administrator, I want to manage custom policies using Microsoft Graph PowerShell, so that I can review, update, and delete policies in my Azure AD B2C tenant.
 
 ---
 
-# Manage Azure AD B2C custom policies with Azure PowerShell
+# Manage Azure AD B2C custom policies with Microsoft Graph PowerShell
 
-Azure PowerShell provides several cmdlets for command line- and script-based custom policy management in your Azure AD B2C tenant. Learn how to use the Azure AD PowerShell module to:
+Microsoft Graph PowerShell provides several cmdlets for command line- and script-based custom policy management in your Azure AD B2C tenant. Learn how to use the Azure AD PowerShell module to:
 
 * List the custom policies in an Azure AD B2C tenant
 * Download a policy from a tenant
@@ -32,41 +32,42 @@ Azure PowerShell provides several cmdlets for command line- and script-based cus
 
 * [Azure AD B2C tenant](tutorial-create-tenant.md), and credentials for a user in the directory with the [B2C IEF Policy Administrator](../active-directory/roles/permissions-reference.md#b2c-ief-policy-administrator) role
 * [Custom policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy) uploaded to your tenant
-* [Azure AD PowerShell for Graph **preview module**](/powershell/azure/active-directory/install-adv2)
+* [Microsoft Graph PowerShell SDK beta module](/powershell/microsoftgraph/installation#installation)
 
 ## Connect PowerShell session to B2C tenant
 
-To work with custom policies in your Azure AD B2C tenant, you first need to connect your PowerShell session to the tenant by using the [Connect-AzureAD][Connect-AzureAD] command.
+To work with custom policies in your Azure AD B2C tenant, you first need to connect your PowerShell session to the tenant by using the [Connect-MgGraph][Connect-MgGraph] command.
 
-Execute the following command, substituting `{b2c-tenant-name}` with the name of your Azure AD B2C tenant. Sign in with an account that's assigned the [B2C IEF Policy Administrator](../active-directory/roles/permissions-reference.md#b2c-ief-policy-administrator) role in the directory.
+Execute the following command. Sign in with an account that's assigned the [B2C IEF Policy Administrator](/entra/identity/role-based-access-control/permissions-reference#b2c-ief-policy-administrator) role in the directory.
 
 ```PowerShell
-Connect-AzureAD -Tenant "{b2c-tenant-name}.onmicrosoft.com"
+Connect-MgGraph -TenantId "{b2c-tenant-name}.onmicrosoft.com" -Scopes "Policy.ReadWrite.TrustFramework"
 ```
 
 Example command output showing a successful sign-in:
 
-```Console
-PS C:\> Connect-AzureAD -Tenant "contosob2c.onmicrosoft.com"
+```output
+Welcome to Microsoft Graph!
 
-Account               Environment TenantId                             TenantDomain                 AccountType
--------               ----------- --------                             ------------                 -----------
-[email protected] AzureCloud  00000000-0000-0000-0000-000000000000 contosob2c.onmicrosoft.com   User
+Connected via delegated access using 64636d5d-8eb5-42c9-b9eb-f53754c5571f
+Readme: https://aka.ms/graph/sdk/powershell
+SDK Docs: https://aka.ms/graph/sdk/powershell/docs
+API Docs: https://aka.ms/graph/docs
+
+NOTE: You can use the -NoWelcome parameter to suppress this message.
 ```
 
 ## List all custom policies in the tenant
 
-Discovering custom policies allows an Azure AD B2C administrator to review, manage, and add business logic to their operations. Use the [Get-AzureADMSTrustFrameworkPolicy][Get-AzureADMSTrustFrameworkPolicy] command to return a list of the IDs of the custom policies in an Azure AD B2C tenant.
+Discovering custom policies allows an Azure AD B2C administrator to review, manage, and add business logic to their operations. Use the [Get-MgBetaTrustFrameworkPolicy][Get-MgBetaTrustFrameworkPolicy] command to return a list of the IDs of the custom policies in an Azure AD B2C tenant.
 
 ```PowerShell
-Get-AzureADMSTrustFrameworkPolicy
+Get-MgBetaTrustFrameworkPolicy
 ```
 
 Example command output:
 
-```Console
-PS C:\> Get-AzureADMSTrustFrameworkPolicy
-
+```output
 Id
 --
 B2C_1A_TrustFrameworkBase
@@ -78,16 +79,15 @@ B2C_1A_PasswordReset
 
 ## Download a policy
 
-After reviewing the list of policy IDs, you can target a specific policy with [Get-AzureADMSTrustFrameworkPolicy][Get-AzureADMSTrustFrameworkPolicy] to download its content.
+After reviewing the list of policy IDs, you can target a specific policy with [Get-MgBetaTrustFrameworkPolicy][Get-MgBetaTrustFrameworkPolicy] to download its content.
 
 ```PowerShell
-Get-AzureADMSTrustFrameworkPolicy [-Id <policyId>]
+Get-MgBetaTrustFrameworkPolicy [-TrustFrameworkPolicyId <policyId>]
 ```
 
 In this example, the policy with ID *B2C_1A_signup_signin* is downloaded:
 
-```Console
-PS C:\> Get-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin
+```output
 <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="contosob2c.onmicrosoft.com" PolicyId="B2C_1A_signup_signin" PublicPolicyUri="http://contosob2c.onmicrosoft.com/B2C_1A_signup_signin" TenantObjectId="00000000-0000-0000-0000-000000000000">
   <BasePolicy>
     <TenantId>contosob2c.onmicrosoft.com</TenantId>
@@ -113,94 +113,72 @@ PS C:\> Get-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin
 </TrustFrameworkPolicy>
 ```
 
-To edit the policy content locally, pipe the command output to a file with the `-OutputFilePath` argument, and then open the file in your favorite editor.
-
-Example command sending output to a file:
-
-```PowerShell
-# Download and send policy output to a file
-Get-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -OutputFilePath C:\RPPolicy.xml
-```
+To edit the policy content locally, pipe the command output to a file, and then open the file in your favorite editor.
 
 ## Update an existing policy
 
-After editing a policy file you've created or downloaded, you can publish the updated policy to Azure AD B2C by using the [Set-AzureADMSTrustFrameworkPolicy][Set-AzureADMSTrustFrameworkPolicy] command.
+After editing a policy file you've created or downloaded, you can publish the updated policy to Azure AD B2C by using the [Update-MgBetaTrustFrameworkPolicy][Update-MgBetaTrustFrameworkPolicy] command.
 
-If you issue the `Set-AzureADMSTrustFrameworkPolicy` command with the ID of a policy that already exists in your Azure AD B2C tenant, the content of that policy is overwritten.
+If you issue the `Update-MgBetaTrustFrameworkPolicy` command with the ID of a policy that already exists in your Azure AD B2C tenant, the content of that policy is overwritten.
 
 ```PowerShell
-Set-AzureADMSTrustFrameworkPolicy [-Id <policyId>] -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]
+Update-MgBetaTrustFrameworkPolicy -TrustFrameworkPolicyId <policyId> -BodyParameter @{trustFrameworkPolicy = "<policy file path>"}
 ```
 
 Example command:
 
 ```PowerShell
 # Update an existing policy from file
-Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -InputFilePath C:\B2C_1A_signup_signin.xml
+Update-MgBetaTrustFrameworkPolicy -TrustFrameworkPolicyId B2C_1A_signup_signin -BodyParameter @{trustFrameworkPolicy = C:\B2C_1A_signup_signin.xml}
 ```
 
-For additional examples, see the [Set-AzureADMSTrustFrameworkPolicy][Set-AzureADMSTrustFrameworkPolicy] command reference.
-
 ## Upload a new policy
 
 When you make a change to a custom policy that's running in production, you might want to publish multiple versions of the policy for fallback or A/B testing scenarios. Or, you might want to make a copy of an existing policy, modify it with a few small changes, then upload it as a new policy for use by a different application.
 
-Use the [New-AzureADMSTrustFrameworkPolicy][New-AzureADMSTrustFrameworkPolicy] command to upload a new policy:
+Use the [New-MgBetaTrustFrameworkPolicy][New-MgBetaTrustFrameworkPolicy] command to upload a new policy:
 
 ```PowerShell
-New-AzureADMSTrustFrameworkPolicy -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]
+New-MgBetaTrustFrameworkPolicy -BodyParameter @{trustFrameworkPolicy = "<policy file path>"}
 ```
 
 Example command:
 
 ```PowerShell
 # Add new policy from file
-New-AzureADMSTrustFrameworkPolicy -InputFilePath C:\SignUpOrSignInv2.xml
+New-MgBetaTrustFrameworkPolicy -BodyParameter @{trustFrameworkPolicy = C:\B2C_1A_signup_signin.xml }
 ```
 
 ## Delete a custom policy
 
 To maintain a clean operations life cycle, we recommend that you periodically remove unused custom policies. For example, you might want to remove old policy versions after performing a migration to a new set of policies and verifying the new policies' functionality. Additionally, if you attempt to publish a set of custom policies and receive an error, it might make sense to remove the policies that were created as part of the failed release.
 
-Use the [Remove-AzureADMSTrustFrameworkPolicy][Remove-AzureADMSTrustFrameworkPolicy] command to delete a policy from your tenant.
+Use the [Remove-MgBetaTrustFrameworkPolicy][Remove-MgBetaTrustFrameworkPolicy] command to delete a policy from your tenant.
 
 ```PowerShell
-Remove-AzureADMSTrustFrameworkPolicy -Id <policyId>
+Remove-MgBetaTrustFrameworkPolicy -TrustFrameworkPolicyId <policyId>
 ```
 
 Example command:
 
 ```PowerShell
 # Delete an existing policy
-Remove-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin
+Remove-MgBetaTrustFrameworkPolicy -TrustFrameworkPolicyId B2C_1A_signup_signin
 ```
 
 ## Troubleshoot policy upload
 
 When you try to publish a new custom policy or update an existing policy, improper XML formatting and errors in the policy file inheritance chain can cause validation failures.
 
-For example, here's an attempt at updating a policy with content that contains malformed XML (output is truncated for brevity):
-
-```Console
-PS C:\> Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -InputFilePath C:\B2C_1A_signup_signin.xml
-Set-AzureADMSTrustFrameworkPolicy : Error occurred while executing PutTrustFrameworkPolicy
-Code: AADB2C
-Message: Validation failed: 1 validation error(s) found in policy "B2C_1A_SIGNUP_SIGNIN" of tenant "contosob2c.onmicrosoft.com".Schema validation error found at line
-14 col 55 in policy "B2C_1A_SIGNUP_SIGNIN" of tenant "contosob2c.onmicrosoft.com": The element 'OutputClaims' in namespace
-'http://schemas.microsoft.com/online/cpim/schemas/2013/06' cannot contain text. List of possible elements expected: 'OutputClaim' in namespace
-'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.
-...
-```
-
 For information about troubleshooting custom policies, see [Troubleshoot Azure AD B2C custom policies and Identity Experience Framework](./troubleshoot.md).
 
 ## Next steps
 
 For information about using PowerShell to deploy custom policies as part of a continuous integration/continuous delivery (CI/CD) pipeline, see [Deploy custom policies from an Azure DevOps pipeline](deploy-custom-policies-devops.md).
 
 <!-- LINKS - External -->
-[Connect-AzureAD]: /powershell/module/azuread/get-azureadmstrustframeworkpolicy
-[Get-AzureADMSTrustFrameworkPolicy]: /powershell/module/azuread/get-azureadmstrustframeworkpolicy
-[New-AzureADMSTrustFrameworkPolicy]: /powershell/module/azuread/new-azureadmstrustframeworkpolicy
-[Remove-AzureADMSTrustFrameworkPolicy]: /powershell/module/azuread/remove-azureadmstrustframeworkpolicy
-[Set-AzureADMSTrustFrameworkPolicy]: /powershell/module/azuread/set-azureadmstrustframeworkpolicy
+[Connect-MgGraph]: /powershell/microsoftgraph/authentication-commands#using-connect-mggraph
+[Get-MgBetaTrustFrameworkPolicy]: /powershell/module/microsoft.graph.beta.identity.signins/get-mgbetatrustframeworkpolicy?view
+[New-MgBetaTrustFrameworkPolicy]: /powershell/module/microsoft.graph.beta.identity.signins/new-mgbetatrustframeworkpolicy
+[Remove-MgBetaTrustFrameworkPolicy]: /powershell/module/microsoft.graph.beta.identity.signins/remove-mgbetatrustframeworkpolicy
+[Update-MgBetaTrustFrameworkPolicy]: /powershell/module/microsoft.graph.beta.identity.signins/update-mgbetatrustframeworkpolicy

articles/active-directory-b2c/media/b2c-global-identity-region-based-design/merge-link-account.png

@@ -25,6 +25,9 @@ With single sign-on, users sign in once with a single account and get access to
 
 When the user initially signs in to an application, Azure AD B2C persists a cookie-based session. Upon subsequent authentication requests, Azure AD B2C reads and validates the cookie-based session, and issues an access token without prompting the user to sign in again. If the cookie-based session expires or becomes invalid, the user is prompted to sign-in again.  
 
+>[!NOTE]
+>If the user uses a browser that blocks third-party cookies, there are limitations with SSO due to limited access to the cookie-based session.  The most user-visible impact is that there are more interactions required for sign-in. Additionally, the front channel sign-out doesn't immediately clear authentication state from federated applications. Check our recommended ways about [how to handle third-party cookie blocking in browsers](/entra/identity-platform/reference-third-party-cookies-spas). 
+
 ## Prerequisites
 
 [!INCLUDE [active-directory-b2c-customization-prerequisites](../../includes/active-directory-b2c-customization-prerequisites.md)]