Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-b2c/force-password-reset.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/16/2021
+ms.date: 01/24/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -19,8 +19,6 @@ zone_pivot_groups: b2c-policy-type
 
 [!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
 
-::: zone pivot="b2c-user-flow"
-
 ## Overview
 
 As an administrator, you can [reset a user's password](manage-users-portal.md#reset-a-users-password) if the user forgets their password. Or you would like to force them to reset the password. In this article, you'll learn how to force a password reset in these scenarios.
@@ -31,13 +29,6 @@ When an administrator resets a user's password via the Azure portal, the value o
 
 The password reset flow is applicable to local accounts in Azure AD B2C that use an [email address](sign-in-options.md#email-sign-in) or [username](sign-in-options.md#username-sign-in) with a password for sign-in.
 
-::: zone-end
-
-::: zone pivot="b2c-custom-policy"
-
-This feature is currently only available for User Flows. For setup steps, choose **User Flow** above. For custom policies, use the force password reset first logon [GitHub sample](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon) with prerequisites below.
-
-::: zone-end
 
 ## Prerequisites
 
@@ -75,6 +66,36 @@ To enable the **Forced password reset** setting in a sign-up or sign-in user flo
 1. Sign in with the user account for which you reset the password.
 1. You now must change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you.
 
+::: zone-end
+
+::: zone pivot="b2c-custom-policy"
+
+## Configure your custom policy
+
+Get the example of the force password reset policy on [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset). In each file, replace the string `yourtenant` with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is *contosob2c*, all instances of `yourtenant.onmicrosoft.com` become `contosob2c.onmicrosoft.com`.
+
+## Upload and test the policy
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directories + subscriptions** icon in the portal toolbar.
+1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
+1. Select **Identity Experience Framework**.
+1. In **Custom Policies**, select **Upload Policy**.
+1. Select the *TrustFrameworkExtensionsCustomForcePasswordReset.xml* file.
+1. Select **Upload**.
+1. Repeat steps 6 through 8 for the relying party file *TrustFrameworkExtensionsCustomForcePasswordReset.xml*.
+
+## Run the policy
+
+1. Open the policy that you uploaded *B2C_1A_TrustFrameworkExtensions_custom_ForcePasswordReset*.
+1. For **Application**, select the application that you registered earlier. To see the token, the **Reply URL** should show `https://jwt.ms`.
+1. Select **Run now**. 
+1. Sign in with the user account for which you reset the password.
+1. You now must change the password for the user. Change the password and select **Continue**. The token is returned to `https://jwt.ms` and should be displayed to you.
+
+::: zone-end
+
 ## Force password reset on next login
 
 To force reset the password on next login, update the account password profile using MS Graph [Update user](/graph/api/user-update) operation. The following example updates the password profile [forceChangePasswordNextSignIn](user-profile-attributes.md#password-profile-property) attribute to `true`, which forces the user to reset the password on next login.
@@ -123,8 +144,6 @@ Once a password expiration policy has been set, you must also configure force pa
 
 The password expiry duration default value is **90** days. The value is configurable by using the [Set-MsolPasswordPolicy](/powershell/module/msonline/set-msolpasswordpolicy) cmdlet from the Azure Active Directory Module for Windows PowerShell. This command updates the tenant, so that all users' passwords expire after number of days you configure.
 
-::: zone-end
-
 ## Next steps
 
 Set up a [self-service password reset](add-password-reset-policy.md).

articles/active-directory-b2c/oauth2-error-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 05/26/2021
+ms.date: 01/25/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -41,7 +41,7 @@ https://jwt.ms/#error=access_denied&error_description=AAD_Custom_1234%3a+My+cust
 
 ## Protocol
 
-The **Name** attribute of the **Protocol** element needs to be set to `None`. Set the **OutputTokenFormat** element to `OAuth2Error`.
+The **Name** attribute of the **Protocol** element needs to be set to `OAuth2`. Set the **OutputTokenFormat** element to `OAuth2Error`.
 
 The following example shows a technical profile for `ReturnOAuth2Error`:
 
@@ -53,7 +53,7 @@ The following example shows a technical profile for `ReturnOAuth2Error`:
     <TechnicalProfiles>
       <TechnicalProfile Id="ReturnOAuth2Error">
         <DisplayName>Return OAuth2 error</DisplayName>
-        <Protocol Name="None" />
+        <Protocol Name="OAuth2" />
         <OutputTokenFormat>OAuth2Error</OutputTokenFormat>
         <CryptographicKeys>
           <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
@@ -121,4 +121,4 @@ In the following example:
 
 ## Next steps
 
-Learn about [UserJourneys](userjourneys.md)
+Learn about [UserJourneys](userjourneys.md)

articles/active-directory/develop/desktop-app-quickstart.md

@@ -24,7 +24,7 @@ zone_pivot_groups: desktop-app-quickstart
 ::: zone-end
 
 ::: zone pivot="devlang-windows-desktop"
-[!INCLUDE [Windows Desktop .NET](./includes/desktop-app/quickstart-windows-desktop.md)]
+[!INCLUDE [Windows Presentation Foundation](./includes/desktop-app/quickstart-windows-desktop.md)]
 ::: zone-end
 
 ::: zone pivot="devlang-nodejs-electron"

articles/active-directory/develop/includes/desktop-app/quickstart-windows-desktop.md

@@ -11,11 +11,11 @@ ms.workload: identity
 ms.date: 01/14/2022
 ms.author: jmprieur
 ms.custom: aaddev, identityplatformtop40, mode-api
-#Customer intent: As an application developer, I want to learn how my Windows desktop .NET application can get an access token and call an API that's protected by the Microsoft identity platform.
+#Customer intent: As an application developer, I want to learn how my Windows Presentation Foundation (WPF) application can get an access token and call an API that's protected by the Microsoft identity platform.
 ---
 
 
-In this quickstart, you download and run a code sample that demonstrates how a Windows desktop .NET (WPF) application can sign in users and get an access token to call the Microsoft Graph API. 
+In this quickstart, you download and run a code sample that demonstrates how a Windows Presentation Foundation (WPF) application can sign in users and get an access token to call the Microsoft Graph API. 
 
 See [How the sample works](#how-the-sample-works) for an illustration.
 

articles/active-directory/develop/scenario-daemon-app-configuration.md

@@ -84,8 +84,10 @@ CLIENT_ID=Enter_the_Application_Id_Here
 CLIENT_SECRET=Enter_the_Client_Secret_Here
 
 # Endpoints
-AAD_ENDPOINT=Enter_the_Cloud_Instance_Id_Here
-GRAPH_ENDPOINT=Enter_the_Graph_Endpoint_Here
+// the AAD endpoint is the authority endpoint for token issuance
+AAD_ENDPOINT=Enter_the_Cloud_Instance_Id_Here // https://login.microsoftonline.com/
+// the graph endpoint is the application ID URI of Microsoft graph
+GRAPH_ENDPOINT=Enter_the_Graph_Endpoint_Here // https://graph.microsoft.com/
 ```
 
 # [Python](#tab/python)

articles/active-directory/hybrid/how-to-connect-install-prerequisites.md

@@ -59,6 +59,7 @@ To read more about securing your Active Directory environment, see [Best practic
 #### Installation prerequisites
 
 - Azure AD Connect must be installed on a domain-joined Windows Server 2016 or later. 
+- The minimum .Net Framework version required is 4.6.2, and newer versions of .Net are also supported.
 - Azure AD Connect can't be installed on Small Business Server or Windows Server Essentials before 2019 (Windows Server Essentials 2019 is supported). The server must be using Windows Server standard or better. 
 - The Azure AD Connect server must have a full GUI installed. Installing Azure AD Connect on Windows Server Core isn't supported. 
 - The Azure AD Connect server must not have PowerShell Transcription Group Policy enabled if you use the Azure AD Connect wizard to manage Active Directory Federation Services (AD FS) configuration. You can enable PowerShell transcription if you use the Azure AD Connect wizard to manage sync configuration.