Merge pull request #253181 from MicrosoftDocs/main

9/28/2023 AM Publish

Author: Taojunshen

.openpublishing.redirection.json

@@ -24543,22 +24543,22 @@
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/single-page-app-tutorial-01-register-app.md",
-            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-register-app.md",
+            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-register-app",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/single-page-app-tutorial-02-prepare-spa.md",
-            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-prepare-spa.md",
+            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-prepare-spa",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/single-page-app-tutorial-03-sign-in-users.md",
-            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-sign-in-users.md",
+            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-sign-in-users",
             "redirect_document_id": false
         },
         {
             "source_path_from_root": "/articles/active-directory/develop/single-page-app-tutorial-04-call-api.md",
-            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-call-api.md",
+            "redirect_url": "/azure/active-directory/develop/tutorial-single-page-app-react-call-api",
             "redirect_document_id": false
         }
     ]

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

@@ -24,7 +24,7 @@ ms.reviewer: chmutali
 This article explains how the integration works and how you can customize the provisioning behavior for different HR scenarios. 
 
 ## Establishing connectivity 
-Microsoft Entra provisioning service uses basic authentication to connect to Employee Central OData API endpoints. When setting up the SuccessFactors provisioning app, use the *Tenant URL* parameter in the *Admin Credentials* section to configure the [API data center URL](https://apps.support.sap.com/sap/support/knowledge/en/2215682). 
+Microsoft Entra provisioning service uses basic authentication to connect to Employee Central OData API endpoints. When setting up the SuccessFactors provisioning app, use the *Tenant URL* parameter in the *Admin Credentials* section to configure the [API data center URL](https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/d599f15995d348a1b45ba5603e2aba9b/af2b8d5437494b12be88fe374eba75b6.html). 
 
 To further secure the connectivity between Microsoft Entra provisioning service and SuccessFactors, add the Microsoft Entra IP ranges in the SuccessFactors IP allowlist:
 

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: authentication
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 09/27/2023
+ms.date: 09/28/2023
 
 ms.author: justinha
 author: mjsantani
@@ -134,7 +134,7 @@ Here are a few sample JSONs you can use to get started!
 
 - Include all users 
 
-  If you want to include ALL users in your tenant, [download this JSON](https://download.microsoft.com/download/1/4/E/14E6151E-C40A-42FB-9F66-D8D374D13B40/All%20Users%20Enabled.json) and paste it in Graph Explorer and run `PATCH` on the endpoint. 
+  If you want to include ALL users in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste it in Graph Explorer and run `PATCH` on the endpoint. 
 
   ```json
   {
@@ -158,7 +158,7 @@ Here are a few sample JSONs you can use to get started!
 
 - Include specific users or groups of users
 
-  If you want to include certain users or groups in your tenant, [download this JSON](https://download.microsoft.com/download/1/4/E/14E6151E-C40A-42FB-9F66-D8D374D13B40/Multiple%20Includes.json) and update it with the relevant GUIDs of your users and groups. Then paste the JSON in Graph Explorer and run `PATCH` on the endpoint. 
+  If you want to include certain users or groups in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste the JSON in Graph Explorer and run `PATCH` on the endpoint. 
 
   ```json
   {
@@ -182,11 +182,12 @@ Here are a few sample JSONs you can use to get started!
             ]
         }
     }
+  }  
   ```
 
-- Include and exclude specific users/groups of users
+- Include and exclude specific users or groups
 
-  If you want to include AND exclude certain users/groups of users in your tenant, [download this JSON](https://download.microsoft.com/download/1/4/E/14E6151E-C40A-42FB-9F66-D8D374D13B40/Multiple%20Includes%20and%20Excludes.json) and paste it in Graph Explorer and run `PATCH` on the endpoint. Enter the correct GUIDs for your users and groups.
+  If you want to include AND exclude certain users or groups in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste it in Graph Explorer and run `PATCH` on the endpoint. 
 
   ```json
   {
@@ -286,13 +287,13 @@ No. The snooze duration for the prompt is a tenant-wide setting and applies to a
 
 The feature aims to empower admins to get users set up with MFA using the Authenticator app and not passwordless phone sign-in.  
 
-**Will a user who has a 3rd party authenticator app setup see the nudge?** 
+**Will a user who signs in with a 3rd party authenticator app see the nudge?** 
 
-If this user doesn’t have the Authenticator app set up for push notifications and is enabled for it by policy, yes, the user will see the nudge. 
+Yes. If a user is enabled for the registration campaign and doesn't have Microsoft Authenticator set up for push notifications, the user is nudged to set up Authenticator. 
 
-**Will a user who has the Authenticator app setup only for TOTP codes see the nudge?** 
+**Will a user who has Authenticator set up only for TOTP codes see the nudge?**
 
-Yes. If the Authenticator app is not set up for push notifications and the user is enabled for it by policy, yes, the user will see the nudge.
+Yes. If a user is enabled for the registration campaign and Authenticator app isn't set up for push notifications, the user is nudged to set up push notification with Authenticator.
 
 **If a user just went through MFA registration, are they nudged in the same sign-in session?** 
 
@@ -316,9 +317,9 @@ Yes. If they have been scoped for the nudge using the policy.
 
 **What if the user closes the browser?** 
 
-It's the same as snoozing. If setup is required for a user after they snoozed three times, the user will get prompted the next time they sign in.
+It's the same as snoozing. If setup is required for a user after they snoozed three times, the user is prompted the next time they sign in.
 
-**Why don’t some users see a nudge when there is a Conditional Access policy for "Register security information"?**
+**Why don't some users see a nudge when there is a Conditional Access policy for "Register security information"?**
 
 A nudge won't appear if a user is in scope for a Conditional Access policy that blocks access to the **Register security information** page.
 

articles/active-directory/external-identities/customers/how-to-customize-branding-customers.md

@@ -57,7 +57,7 @@ The following image displays the neutral default branding of the customer tenant
 
 Before you customize any settings, the neutral default branding will appear in your sign-in and sign-up pages. You can customize this default experience with a custom background image or color, favicon, layout, header, and footer. You can also upload a [custom CSS](/azure/active-directory/fundamentals/reference-company-branding-css-template). 
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the customer tenant you created earlier.
 1. Browse to **Company Branding** > **Default sign-in** > **Edit**.
 
@@ -174,7 +174,7 @@ Your customer tenant name replaces the Microsoft banner logo in the neutral defa
 
 :::image type="content" source="media/how-to-customize-branding-customers/tenant-name.png" alt-text="Screenshot of the tenant name." lightbox="media/how-to-customize-branding-customers/tenant-name.png":::
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the customer tenant you created earlier.
 1. In the search bar, type and select **Properties**.
 1. Edit the **Name** field. 
@@ -187,7 +187,7 @@ Your customer tenant name replaces the Microsoft banner logo in the neutral defa
 
 When no longer needed, you can remove the sign-in customization from your customer tenant via the Azure portal.  
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the customer tenant you created earlier.
 1. Browse to **Company branding** > **Default sign-in experience** > **Edit**.
 1. Remove the elements you no longer need.

articles/active-directory/external-identities/customers/how-to-customize-languages-customers.md

@@ -27,7 +27,7 @@ You can create a personalized sign-in experience for users who sign in using a s
 
 ## Add browser language under Company branding
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the customer tenant you created earlier.
 1. Browse to **Company branding** > **Browser language customizations** > **Add browser language**. 
 
@@ -86,7 +86,7 @@ The following languages are supported in the customer tenant:
 
 Language customization in the customer tenant allows your user flow to accommodate different languages to suit your customer's needs.  You can use languages to modify the strings displayed to your customers as part of the attribute collection process during sign-up.
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).  
 2. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to the customer tenant you created earlier.
 3. Browse to **Identity** > **External Identities** > **User flows**.
 5. Select the user flow that you want to enable for translations.

articles/active-directory/external-identities/customers/how-to-register-ciam-app.md

@@ -40,7 +40,7 @@ External ID for customers supports authentication for Single-page apps (SPAs).
 
 The following steps show you how to register your SPA in the Microsoft Entra admin center:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).
 
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 
@@ -82,7 +82,7 @@ External ID for customers supports authentication for web apps.
 
 The following steps show you how to register your web app in the Microsoft Entra admin center:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer). 
 
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 
@@ -137,7 +137,7 @@ If your web app needs to call an API, you must grant your web app API permission
 
 The following steps show you how to register your app in the Microsoft Entra admin center:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer). 
 
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 

articles/active-directory/external-identities/customers/includes/configure-user-flow/create-sign-in-sign-out-user-flow.md

@@ -8,7 +8,7 @@ ms.author: kengaderdus
 ---
 Follow these steps to create a user flow a customer can use to sign in or sign up for an application.
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [External ID User Flow Administrator](/azure/active-directory/roles/permissions-reference#external-id-user-flow-administrator).  
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="../../media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 1. Browse to **Identity** > **External Identities** > **User flows**.
 1. Select **+ New user flow**.

articles/active-directory/external-identities/customers/includes/register-app/add-client-app-certificate.md

@@ -9,7 +9,7 @@ ms.author: kengaderdus
 
 To use your client app certificate, you need to associate the app you registered in the Microsoft Entra admin center with the certificate:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator). 
 
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="../../media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 

articles/active-directory/external-identities/customers/includes/register-app/register-api-app.md

@@ -7,7 +7,7 @@ ms.date: 03/30/2023
 ms.author: kengaderdus
 ---
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).
 
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="../../media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 

articles/active-directory/external-identities/customers/includes/register-app/register-client-app-common.md

@@ -12,7 +12,7 @@ To enable your application to sign in users with Microsoft Entra, Microsoft Entr
 
 The following steps show you how to register your app in the Microsoft Entra admin center:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). 
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).
 1. If you have access to multiple tenants, use the **Directories + subscriptions** filter :::image type="icon" source="../../media/common/portal-directory-subscription-filter.png" border="false"::: in the top menu to switch to your customer tenant. 
 1. Browse to **Identity** >**Applications** > **App registrations**.
 1. Select **+ New registration**.