Merge pull request #98525 from MicrosoftDocs/master

12/10 AM Publish

Author: huypub

articles/active-directory/cloud-provisioning/how-to-configure.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/02/2019
+ms.date: 12/05/2019
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -27,8 +27,7 @@ To configure provisioning, use the following steps:
 
 4.  Click on **New configuration**.
 5.  On the configuration screen, the on-premises domain is pre-populated
-6. Enter a **Notification email**. This email will be notified 
-7. when provisioning is not healthy.  
+6. Enter a **Notification email**. This email will be notified when provisioning is not healthy.  
 8. Move the selector to **Enable** and click **Save**.
 ![](media/tutorial-single-forest/configure2.png)
 

articles/active-directory/cloud-provisioning/how-to-prerequisites.md

@@ -7,7 +7,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/02/2019
+ms.date: 12/06/2019
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -43,7 +43,7 @@ The rest of the document will provide step-by-step instructions for these prereq
      | --- | --- |
      | **80** | Downloads the certificate revocation lists (CRLs) while validating the SSL certificate |
      | **443** | Handles all outbound communication with the service |
-     | **8080** (optional) | Agents report their status every ten minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure AD portal. Port 8080 is _not_ used for user sign-ins. |
+     | **8080** (optional) | Agents report their status every ten minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure AD portal. |
      
      If your firewall enforces rules according to the originating users, open these ports for traffic from Windows services that run as a network service.
    - If your firewall or proxy allows you to specify safe suffixes, then add connections to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.

articles/active-directory/cloud-provisioning/reference-cloud-provisioning-faq.md

@@ -36,7 +36,7 @@ Yes. Cloud provisioning can be used to sync from multiple Active Directory fores
 
 **Q: How is the agent updated?**
 
-The agents are auto upgraded by Microsoft. This reduces the burden off IT to test and validate new agent versions. 
+The agents are auto upgraded by Microsoft. For the IT team, this reduces the burden of having to test and validate new agent versions. 
 
 **Q: Can I disable auto upgrade?**
 

articles/active-directory/develop/about-microsoft-identity-platform.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: overview
 ms.workload: identity
-ms.date: 06/03/2019
+ms.date: 12/09/2019
 ms.author: ryanwi
 ms.reviewer: agirling, saeeda, benv
 ms.custom: aaddev
@@ -23,13 +23,13 @@ Microsoft identity platform is an evolution of the Azure Active Directory (Azure
 
 Up until now, most developers have worked with the Azure AD v1.0 platform to authenticate work and school accounts (provisioned by Azure AD) by requesting tokens from the Azure AD v1.0 endpoint, using Azure AD Authentication Library (ADAL), Azure portal for application registration and configuration, and Azure AD Graph API for programmatic application configuration.
 
-With Microsoft identity platform (v2.0), expand your reach to these kinds of users:
+With the unified Microsoft identity platform (v2.0), you can write code once and authenticate any Microsoft identity into your application. For several platforms, the fully supported open-source Microsoft Authentication Library (MSAL) is recommended for use against the identity platform endpoints. MSAL is simple to use, provides great single sign-on (SSO) experiences for your users, helps you achieve high reliability and performance, and is developed using Microsoft Secure Development Lifecycle (SDL). When calling APIs, you can configure your application to take advantage of incremental consent, which allows you to delay the request for consent for more invasive scopes until the application’s usage warrants this at runtime.  MSAL also supports Azure Active Directory B2C, so your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
+
+With Microsoft identity platform, expand your reach to these kinds of users:
 
 - Work and school accounts (Azure AD provisioned accounts)
 - Personal accounts (such as Outlook.com or Hotmail.com)
-- Your customers who bring their own email or social identity (such as LinkedIn, Facebook, Google) via the Azure AD B2C offering
-
-With the unified Microsoft identity platform, you can write code once and authenticate any Microsoft identity into your application. For several platforms, there’s a fully supported open-source library called Microsoft Authentication Library (MSAL). MSAL is simple to use, provides great single sign-on (SSO) experiences for your users, helps you achieve high reliability and performance, and is developed using Microsoft Secure Development Lifecycle (SDL). When calling APIs, you can configure your application to take advantage of incremental consent, which allows you to delay the request for consent for more invasive scopes until the application’s usage warrants this at runtime.
+- Your customers who bring their own email or social identity (such as LinkedIn, Facebook, Google) via MSAL and Azure AD B2C
 
 You can use the Azure portal to register and configure your application, and use the Microsoft Graph API for programmatic application configuration.