Merge branch 'main' into passwordless-work

Author: vmagelo

.openpublishing.publish.config.json

@@ -934,7 +934,7 @@
     ".openpublishing.redirection.active-directory.json",
     ".openpublishing.redirection.api-management.json",
     ".openpublishing.redirection.azure-attestation.json",
-    ".openpublishing.redirection.azure-blob.json",
+    ".openpublishing.redirection.storage.json",
     "articles/data-factory/.openpublishing.redirection.data-factory.json",
     ".openpublishing.redirection.defender-for-cloud.json",
     ".openpublishing.redirection.defender-for-iot.json",

.openpublishing.redirection.azure-blob.json

@@ -654,6 +654,11 @@
             "redirect_url": "/azure/defender-for-iot/device-builders/tutorial-standalone-agent-binary-installation",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/how-to-connect-sensor-by-proxy.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/connect-sensors",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/references-defender-for-iot-glossary.md",
             "redirect_url": "/azure/defender-for-iot/organizations/overview",

.openpublishing.redirection.defender-for-iot.json

@@ -2,11 +2,11 @@
 title: Add an identity provider - Azure Active Directory B2C  
 description: Learn how to add an identity provider to your Active Directory B2C tenant.
 services: active-directory-b2c
-author: kengaderdus
+author: garrodonnell
 manager: CelesteDG
 
-ms.author: kengaderdus
-ms.date: 04/08/2022
+ms.author: godonnell
+ms.date: 01/19/2022
 ms.custom: mvc
 ms.topic: how-to
 ms.service: active-directory
@@ -19,9 +19,9 @@ You can configure Azure AD B2C to allow users to sign in to your application wit
 
 With external identity provider federation, you can offer your consumers the ability to sign in with their existing social or enterprise accounts, without having to create a new account just for your application.
 
-On the sign-up or sign-in page, Azure AD B2C presents a list of external identity providers the user can choose for sign-in. Once they select one of the external identity providers, they're taken (redirected) to the selected provider's website to complete the sign in process. After the user successfully signs in, they're returned to Azure AD B2C for authentication of the account in your application.
+On the sign-up or sign-in page, Azure AD B2C presents a list of external identity providers the user can choose for sign-in. Once they select one of the external identity providers, they're taken (redirected) to the selected provider's website to complete the sign-in process. After the user successfully signs in, they're returned to Azure AD B2C for authentication of the account in your application.
 
-![Mobile sign-in example with a social account (Facebook)](media/add-identity-provider/external-idp.png)
+![Diagram showing mobile sign-in example with a social account (Facebook).](media/add-identity-provider/external-idp.png)
 
 You can add identity providers that are supported by Azure Active Directory B2C (Azure AD B2C) to your [user flows](user-flow-overview.md) using the Azure portal. You can also add identity providers to your [custom policies](user-flow-overview.md).
 

.openpublishing.redirection.json

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 11/03/2022
+ms.date: 01/18/2022
 ms.author: godonnell
 ms.subservice: B2C
 
@@ -28,7 +28,7 @@ Email sign-up is enabled by default in your local account identity provider sett
 - **Sign-up**: users are prompted for an email address, which is verified at sign-up (optional) and becomes their login ID. The user then enters any other information requested on the sign-up page, for example, display name, given name, and surname. Then they select **Continue** to create an account.
 - **Password reset**: Users enter and verify their email, after which the user can reset the password
 
-![Email sign-up or sign-in experience](./media/sign-in-options/local-account-email-experience.png)
+![Series of screenshots showing email sign-up or sign-in experience.](./media/sign-in-options/local-account-email-experience.png)
 
 Learn how to configure email sign-in in your local account identity provider.
 ## Username sign-in
@@ -39,7 +39,7 @@ Your local account identity provider includes a Username option that lets users
 - **Sign-up**: Users will be prompted for a username, which will become their login ID. Users will also be prompted for an email address, which will be verified at sign-up. The email address will be used during a password reset flow. The user enters any other information requested on the sign-up page, for example, Display Name, Given Name, and Surname. The user then selects Continue to create the account.
 - **Password reset**: Users must enter their username and the associated email address. The email address must be verified, after which, the user can reset the password.
 
-![Username sign-up or sign-in experience](./media/sign-in-options/local-account-username-experience.png)
+![Series of screenshots showing sign-up or sign-in experience.](./media/sign-in-options/local-account-username-experience.png)
 
 ## Phone sign-in
 
@@ -53,7 +53,7 @@ Phone sign-in is a passwordless option in your local account identity provider s
     1. Next, the user is asked to provide a **recovery email**. The user enters their email address, and then selects *Send verification code*. A code is sent to the user's email inbox, which they can retrieve and enter in the Verification code box. Then the user selects Verify code.
     1. Once the code is verified, the user selects *Create* to create their account.
 
-![Phone sign-up or sign-in experience](./media/sign-in-options/local-account-phone-experience.png)
+![Series of screenshots showing phone sign-up or sign-in experience.](./media/sign-in-options/local-account-phone-experience.png)
 
 ### Pricing for phone sign-in
 
@@ -66,22 +66,35 @@ One-time passwords are sent to your users by using SMS text messages. Depending
 
 When you enable phone sign-up and sign-in for your user flows, it's also a good idea to enable the recovery email feature. With this feature, a user can provide an email address that can be used to recover their account when they don't have their phone. This email address is used for account recovery only. It can't be used for signing in.
 
-- When the recovery email prompt is **On**, a user signing up for the first time is prompted to verify a backup email. A user who hasn't provided a recovery email before is asked to verify a backup email during next sign in.
+- When the recovery email prompt is **On**, a user signing up for the first time is prompted to verify a backup email. A user who hasn't provided a recovery email before is asked to verify a backup email during next sign-in.
 
 - When recovery email is **Off**, a user signing up or signing in isn't shown the recovery email prompt.
 
 The following screenshots demonstrate the phone recovery flow:
 
-![Phone recovery user flow](./media/sign-in-options/local-account-change-phone-flow.png)
+![Diagram showing phone recovery user flow.](./media/sign-in-options/local-account-change-phone-flow.png)
 
 
 ## Phone or email sign-in
 
 You can choose to combine the [phone sign-in](#phone-sign-in), and the [email sign-in](#email-sign-in) in your local account identity provider settings. In the sign-up or sign-in page, user can type a phone number, or email address. Based on the user input, Azure AD B2C takes the user to the corresponding flow.
 
-![Phone or email sign-up or sign-in experience](./media/sign-in-options/local-account-phone-and-email-experience.png)
+![Series of screenshots showing phone or email sign-up or sign-in experience.](./media/sign-in-options/local-account-phone-and-email-experience.png)
+
+
+## Federated sign-in
+
+You can configure Azure AD B2C to allow users to sign in to your application with credentials from external social or enterprise identity providers (IdPs). Azure AD B2C supports many [external identity providers](add-identity-provider.md) and any identity provider that supports OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML protocols. 
+
+With external identity provider federation, you can offer your consumers the ability to sign in with their existing social or enterprise accounts, without having to create a new account just for your application.
+
+On the sign-up or sign-in page, Azure AD B2C presents a list of external identity providers the user can choose for sign-in. Once they select one of the external identity providers, they're redirected to the selected provider's website to complete the sign-in process. After the user successfully signs in, they're returned to Azure AD B2C for authentication of the account in your application.
+
+![Diagram showing mobile sign-in example with a social account (Facebook).](media/add-identity-provider/external-idp.png)
+
+You can add identity providers that are supported by Azure Active Directory B2C (Azure AD B2C) to your [user flows](user-flow-overview.md) using the Azure portal. You can also add identity providers to your [custom policies](user-flow-overview.md).
 
 ## Next steps
 
 - Find out more about the built-in policies provided by [User flows in Azure Active Directory B2C](user-flow-overview.md).
-- [Configure your local account identity provider](identity-provider-local.md).
+- [Configure your local account identity provider](identity-provider-local.md).

articles/active-directory-b2c/add-identity-provider.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/3/2022
+ms.date: 01/20/2023
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -26,7 +26,7 @@ In this article, you learn how to:
 > * Switch to the directory containing your Azure AD B2C tenant
 > * Add the Azure AD B2C resource as a **Favorite** in the Azure portal
 
-Before you create you Azure AD B2C, you need to take the following considerations into account: 
+Before you create your Azure AD B2C tenant, you need to take the following considerations into account: 
 
 - You can create up to **20** tenants per subscription. This limit help protect against threats to your resources, such as denial-of-service attacks, and is enforced in both the Azure portal and the underlying tenant creation API. If you want to increase this limit, please contact [Microsoft Support](find-help-open-support-ticket.md). 
 

articles/active-directory-b2c/sign-in-options.md

@@ -59,7 +59,7 @@ Before you get started with Application Proxy Complex application scenario apps,
 To configure (and update) Application Segments for a complex app using the API, you first [create a wildcard application](application-proxy-wildcard.md#create-a-wildcard-application), and then update the application's onPremisesPublishing property to configure the application segments and respective CORS settings.
 
 > [!NOTE]
-> One application segment is supported in preview. Support for multiple application segment to be announced soon.
+> 2 application segment per complex application are supported for [Microsoft Azure AD premium subscription](https://azure.microsoft.com/pricing/details/active-directory). Licence requirement for more than 2 application segments per complex application to be announced soon.
 
 If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
 ## Example