Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into asc-melvyn-secureScoreEnhanced

Author: memildin

.openpublishing.redirection.json

@@ -163,6 +163,9 @@
         href: active-directory-b2c-reference-kmsi-custom.md
       - name: Password change
         href: active-directory-b2c-reference-password-change-custom.md
+      - name: Phone sign-up & sign-in
+        href: phone-authentication.md
+        displayName: otp, passwordless, phone number
     - name: UX customization
       items:
       - name: Configure user input
@@ -262,6 +265,8 @@
             href: integer-transformations.md
           - name: JSON
             href: json-transformations.md
+          - name: Phone number
+            href: phone-number-claims-transformations.md
           - name: External accounts
             href: social-transformations.md
           - name: StringCollection
@@ -285,6 +290,9 @@
           items:
           - name: About technical profiles
             href: technical-profiles-overview.md
+          - name: Azure Multi-Factor Authentication
+            href: multi-factor-auth-technical-profile.md
+            displayName: mfa
           - name: Claim resolvers
             href: claim-resolver-overview.md
           - name: Azure Active Directory

articles/active-directory-b2c/TOC.yml

@@ -1,7 +1,7 @@
 ---
 title: Track user behavior with Application Insights
 titleSuffix: Azure AD B2C
-description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies (preview).
+description: Learn how to enable event logs in Application Insights from Azure AD B2C user journeys by using custom policies.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
@@ -29,7 +29,7 @@ When you use Azure Active Directory B2C (Azure AD B2C) together with Azure Appli
 
 The Identity Experience Framework in Azure AD B2C includes the provider `Handler="Web.TPEngine.Providers.AzureApplicationInsightsProvider, Web.TPEngine, Version=1.0.0.0`. It sends event data directly to Application Insights by using the instrumentation key provided to Azure AD B2C.
 
-A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step`, or as a `validation technical profile` in a custom user journey.
+A technical profile uses this provider to define an event from Azure AD B2C. The profile specifies the name of the event, the claims that are recorded, and the instrumentation key. To post an event, the technical profile is then added as an `orchestration step` in a custom user journey.
 
 Application Insights can unify the events by using a correlation ID to record a user session. Application Insights makes the event and session available within seconds and presents many visualization, export, and analytical tools.
 

articles/active-directory-b2c/active-directory-b2c-custom-guide-eventlogger-appins.md

@@ -26,9 +26,6 @@ For B2C tenants, there are two primary modes of communicating with the Graph API
 
 In this article, you learn how to perform the automated use case. You'll build a .NET 4.5 `B2CGraphClient` that performs user create, read, update, and delete (CRUD) operations. The client will have a Windows command-line interface (CLI) that allows you to invoke various methods. However, the code is written to behave in a non-interactive, automated fashion.
 
->[!IMPORTANT]
-> You **must** use the [Azure AD Graph API](../active-directory/develop/active-directory-graph-api-quickstart.md) to manage users in an Azure AD B2C directory. The Azure AD Graph API is different from the Microsoft Graph API. Learn more in this MSDN blog post: [Microsoft Graph or Azure AD Graph](https://blogs.msdn.microsoft.com/aadgraphteam/2016/07/08/microsoft-graph-or-azure-ad-graph/).
-
 ## Prerequisites
 
 Before you can create applications or users, you need an Azure AD B2C tenant. If you don't already have one, [Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md).

articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md

@@ -73,9 +73,9 @@ Azure AD B2C provides functionality to allow users to update their profiles. The
 
 Click **Call API** to make a request to the protected resource.
 
-    ![Call API](media/active-directory-b2c-quickstarts-desktop-app/call-api-wpf.png)
+![Call API](media/active-directory-b2c-quickstarts-desktop-app/call-api-wpf.png)
 
-    The application includes the Azure AD access token in the request to the protected web API resource. The web API sends back the display name contained in the access token.
+The application includes the Azure AD access token in the request to the protected web API resource. The web API sends back the display name contained in the access token.
 
 You've successfully used your Azure AD B2C user account to make an authorized call an Azure AD B2C protected web API.
 

articles/active-directory-b2c/active-directory-b2c-quickstarts-desktop-app.md

@@ -271,6 +271,7 @@ GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
 | {tenant} | Yes | Name of your Azure AD B2C tenant |
 | {policy} | Yes | The user flow that you want to use to sign the user out of your application. |
 | id_token_hint| No | A previously issued ID token to pass to the logout endpoint as a hint about the end user's current authenticated session with the client. The `id_token_hint` ensures that the `post_logout_redirect_uri` is a registered reply URL in your Azure AD B2C application settings. |
+| client_id | No* | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application.<br><br>\**This is required when using `Application` isolation SSO configuration and _Require ID Token_ in logout request is set to `No`.* |
 | post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you should not register this URL as a reply URL in your Azure AD B2C application settings. |
 | state | No | If a `state` parameter is included in the request, the same value should appear in the response. The application should verify that the `state` values in the request and response are identical. |
 

articles/active-directory-b2c/active-directory-b2c-reference-oidc.md

@@ -61,7 +61,7 @@ If you don't yet have a SAML service provider and an associated metadata endpoin
 To build a trust relationship between your service provider and Azure AD B2C, you need to provide X509 certificates and their private keys.
 
 * **Service provider certificates**
-  * Certificate with a private key stored in your Web App. This certificate is used to by your service provider to sign the SAML request sent to Azure AD B2C. Azure AD B2C reads the public key from the service provider metadata to validate the signature.
+  * Certificate with a private key stored in your Web App. This certificate is used by your service provider to sign the SAML request sent to Azure AD B2C. Azure AD B2C reads the public key from the service provider metadata to validate the signature.
   * (Optional) Certificate with a private key stored in your Web App. Azure AD B2C reads the public key from the service provider metadata to encrypt the SAML assertion. The service provider then uses the private key to decrypt the assertion.
 * **Azure AD B2C certificates**
   * Certificate with a private key in Azure AD B2C. This certificate is used by Azure AD B2C to sign the SAML response sent to your service provider. Your service provider reads the Azure AD B2C metadata public key to validate the signature of the SAML response.
@@ -96,7 +96,7 @@ If you don't already have a certificate, you can use a self-signed certificate f
 Next, upload the SAML assertion and response signing certificate to Azure AD B2C.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and browse to your Azure AD B2C tenant.
-1. Select **Settings** > **Identity Experience Framework** > **Policy Keys**.
+1. Under **Policies**, select **Identity Experience Framework** and then **Policy keys**.
 1. Select **Add**, and then select **Options** > **Upload**.
 1. Enter a **Name**, for example *SamlIdpCert*. The prefix *B2C_1A_* is automatically added to the name of your key.
 1. Upload your certificate using the upload file control.
@@ -160,7 +160,7 @@ Now that your tenant can issue SAML assertions, you need to create the SAML rely
 
 1. Open the *SignUpOrSigninSAML.xml* file in your preferred editor.
 
-1. Change the `PolicyId` and `PublicPolicyUri` of the policy to _B2C_1A_signup_signin_saml_ and _http://tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml_ as seen below.
+1. Change the `PolicyId` and `PublicPolicyUri` of the policy to _B2C_1A_signup_signin_saml_ and `http://tenant-name.onmicrosoft.com/B2C_1A_signup_signin_saml` as seen below.
 
     ```XML
     <TrustFrameworkPolicy
@@ -318,7 +318,7 @@ For this tutorial, in which you use the SAML test application, set the `url` pro
 
 #### LogoutUrl (Optional)
 
-This optional property represents the `Logout` URL (`SingleLogoutService` URL in the relying party metadata), and the `BindingType` for this is assumed to be `HttpDirect`.
+This optional property represents the `Logout` URL (`SingleLogoutService` URL in the relying party metadata), and the `BindingType` for this is assumed to be `Http-Redirect`.
 
 For this tutorial which uses the SAML test application, leave `logoutUrl` set to `https://samltestapp2.azurewebsites.net/logout`:
 
@@ -374,4 +374,4 @@ The following SAML relying party (RP) scenarios are supported via your own metad
 You can find more information about the [SAML protocol on the OASIS website](https://www.oasis-open.org/).
 
 <!-- LINKS - External -->
-[samltest]: https://aka.ms/samltestapp
+[samltest]: https://aka.ms/samltestapp