MicrosoftDocs
diff --git a/‎.openpublishing.redirection.healthcare-apis.json
Lines changed: 12 additions & 4 deletions b/‎.openpublishing.redirection.healthcare-apis.json
Lines changed: 12 additions & 4 deletions
diff --git a/‎articles/active-directory/develop/reference-app-manifest.md
Lines changed: 9 additions & 7 deletions b/‎articles/active-directory/develop/reference-app-manifest.md
Lines changed: 9 additions & 7 deletions
diff --git a/‎articles/active-directory/develop/scenario-daemon-acquire-token.md
Lines changed: 76 additions & 36 deletions b/‎articles/active-directory/develop/scenario-daemon-acquire-token.md
Lines changed: 76 additions & 36 deletions
@@ -586,15 +586,19 @@
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-data-flow.md",
-          "redirect_url": "/azure/healthcare-apis/iot/understand-service",
+          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-data-processing-stages",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/data-flow.md",
-          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-message-processing-stages",
+          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-data-processing-stages",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/understand-service.md",
-          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-message-processing-stages",
+          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-data-processing-stages",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/overview-of-device-message-processing-stages.md",
+          "redirect_url": "/azure/healthcare-apis/iot/overview-of-device-data-processing-stages",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-device-mappings.md",
@@ -654,7 +658,11 @@
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-iot-jsonpath-content-mappings.md",
-          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontenttemplate-mappings",
+          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontent-mappings",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/how-to-use-iotjsonpathcontenttemplate-mappings.md",
+          "redirect_url": "/azure/healthcare-apis/iot/how-to-use-iotjsonpathcontent-mappings",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-button.md",
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: reference
 ms.workload: identity
-ms.date: 05/19/2022
+ms.date: 04/13/2023
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: sureshja
@@ -260,9 +260,9 @@ Example:
     "keyCredentials": [
         {
            "customKeyIdentifier":null,
-           "endDate":"2018-09-13T00:00:00Z",
+           "endDateTime":"2018-09-13T00:00:00Z",
            "keyId":"<guid>",
-           "startDate":"2017-09-12T00:00:00Z",
+           "startDateTime":"2017-09-12T00:00:00Z",
            "type":"AsymmetricX509Cert",
            "usage":"Verify",
            "value":null
@@ -425,10 +425,12 @@ Example:
     "passwordCredentials": [
       {
         "customKeyIdentifier": null,
-        "endDate": "2018-10-19T17:59:59.6521653Z",
+        "displayName": "Generated by App Service",
+        "endDateTime": "2022-10-19T17:59:59.6521653Z",
+        "hint": "Nsn",
         "keyId": "<guid>",
-        "startDate":"2016-10-19T17:59:59.6521653Z",
-        "value":null
+        "secretText": null,        
+        "startDateTime":"2022-10-19T17:59:59.6521653Z"
       }
     ],
 ```
@@ -638,4 +640,4 @@ Use the following comments section to provide feedback that helps refine and sha
 [IMPLICIT-GRANT]:v1-oauth2-implicit-grant-flow.md
 [INTEGRATING-APPLICATIONS-AAD]: ./quickstart-register-app.md
 [O365-PERM-DETAILS]: /graph/permissions-reference
-[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
+[RBAC-CLOUD-APPS-AZUREAD]: http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
@@ -22,11 +22,23 @@ After you've constructed a confidential client application, you can acquire a to
 
 The scope to request for a client credential flow is the name of the resource followed by `/.default`. This notation tells Azure Active Directory (Azure AD) to use the *application-level permissions* declared statically during application registration. Also, these API permissions must be granted by a tenant administrator.
 
-# [.NET](#tab/dotnet)
+# [.NET](#tab/idweb)
 
-```csharp
-ResourceId = "someAppIDURI";
-var scopes = new [] {  ResourceId+"/.default"};
+Here's an example of defining the scopes for the web API as part of the configuration in an [*appsettings.json*](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/blob/master/2-Call-OwnApi/daemon-console/appsettings.json) file. This example is taken from the [.NET Core console daemon](https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2) code sample on GitHub.
+
+```json
+{
+	"AzureAd": {
+		// Same AzureAd section as before.
+	},
+
+	"MyWebApi": {
+		"BaseUrl": "https://localhost:44372/",
+		"RelativePath": "api/TodoList",
+		"RequestAppToken": true,
+		"Scopes": [ "[Enter here the scopes for your web API]" ]
+	}
+}
 ```
 
 # [Java](#tab/java)
@@ -53,6 +65,13 @@ In MSAL Python, the configuration file looks like this code snippet:
 }
 ```
 
+# [.NET (low level)](#tab/dotnet)
+
+```csharp
+ResourceId = "someAppIDURI";
+var scopes = new [] {  ResourceId+"/.default"};
+```
+
 ---
 
 ### Azure AD (v1.0) resources
@@ -65,42 +84,25 @@ The scope used for client credentials should always be the resource ID followed
 
 ## AcquireTokenForClient API
 
-To acquire a token for the app, you'll use `AcquireTokenForClient` or its equivalent, depending on the platform.
+To acquire a token for the app, use `AcquireTokenForClient` or its equivalent, depending on the platform.
 
-# [.NET](#tab/dotnet)
+# [.NET](#tab/idweb)
+
+With Microsoft.Identity.Web, you don't need to acquire a token. You can use higher level APIs, as you see in [Calling a web API from a daemon application](scenario-daemon-call-api.md). If however you're using an SDK that requires a token, the following code snippet shows how to get this token.
 
 ```csharp
-using Microsoft.Identity.Client;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Identity.Abstractions;
+using Microsoft.Identity.Web;
 
-// With client credentials flows, the scope is always of the shape "resource/.default" because the
-// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
-// a tenant administrator.
-string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
+// In the Program.cs, acquire a token for your downstream API
 
-AuthenticationResult result = null;
-try
-{
- result = await app.AcquireTokenForClient(scopes)
-                  .ExecuteAsync();
-}
-catch (MsalUiRequiredException ex)
-{
-    // The application doesn't have sufficient permissions.
-    // - Did you declare enough app permissions during app creation?
-    // - Did the tenant admin grant permissions to the application?
-}
-catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
-{
-    // Invalid scope. The scope has to be in the form "https://resourceurl/.default"
-    // Mitigation: Change the scope to be as expected.
-}
+var tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
+ITokenAcquirer acquirer = tokenAcquirerFactory.GetTokenAcquirer();
+AcquireTokenResult tokenResult = await acquirer.GetTokenForUserAsync(new[] { https://graph.microsoft.com/.default" });
+string accessToken = tokenResult.AccessToken;
 ```
 
-### AcquireTokenForClient uses the application token cache
-
-In MSAL.NET, `AcquireTokenForClient` uses the application token cache. (All the other AcquireToken*XX* methods use the user token cache.)
-Don't call `AcquireTokenSilent` before you call `AcquireTokenForClient`, because `AcquireTokenSilent` uses the *user* token cache. `AcquireTokenForClient` checks the *application* token cache itself and updates it.
-
 # [Java](#tab/java)
 
 This code is extracted from the [MSAL Java dev samples](https://github.com/AzureAD/microsoft-authentication-library-for-java/tree/dev/msal4j-sdk/src/samples/confidential-client/).
@@ -152,7 +154,7 @@ private static IAuthenticationResult acquireToken() throws Exception {
 
 # [Node.js](#tab/nodejs)
 
-The code snippet below illustrates token acquisition in an MSAL Node confidential client application:
+The following code snippet illustrates token acquisition in an MSAL Node confidential client application:
 
 ```JavaScript
 try {
@@ -187,6 +189,40 @@ else:
     print(result.get("correlation_id"))  # You might need this when reporting a bug.
 ```
 
+# [.NET (low level)](#tab/dotnet)
+
+```csharp
+using Microsoft.Identity.Client;
+
+// With client credentials flows, the scope is always of the shape "resource/.default" because the
+// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
+// a tenant administrator.
+string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
+
+AuthenticationResult result = null;
+try
+{
+ result = await app.AcquireTokenForClient(scopes)
+                  .ExecuteAsync();
+}
+catch (MsalUiRequiredException ex)
+{
+    // The application doesn't have sufficient permissions.
+    // - Did you declare enough app permissions during app creation?
+    // - Did the tenant admin grant permissions to the application?
+}
+catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
+{
+    // Invalid scope. The scope has to be in the form "https://resourceurl/.default"
+    // Mitigation: Change the scope to be as expected.
+}
+```
+
+### AcquireTokenForClient uses the application token cache
+
+In MSAL.NET, `AcquireTokenForClient` uses the application token cache. (All the other AcquireToken*XX* methods use the user token cache.)
+Don't call `AcquireTokenSilent` before you call `AcquireTokenForClient`, because `AcquireTokenSilent` uses the *user* token cache. `AcquireTokenForClient` checks the *application* token cache itself and updates it.
+
 ---
 
 ### Protocol
@@ -253,10 +289,10 @@ If your daemon app calls your own web API and you weren't able to add an app per
 
 ## Next steps
 
-# [.NET](#tab/dotnet)
+# [.NET](#tab/idweb)
 
 Move on to the next article in this scenario,
-[Calling a web API](./scenario-daemon-call-api.md?tabs=dotnet).
+[Calling a web API](./scenario-daemon-call-api.md?tabs=idweb).
 
 # [Java](#tab/java)
 
@@ -273,4 +309,8 @@ Move on to the next article in this scenario,
 Move on to the next article in this scenario,
 [Calling a web API](./scenario-daemon-call-api.md?tabs=python).
 
+# [.NET low level](#tab/dotnet)
+
+Move on to the next article in this scenario,
+[Calling a web API](./scenario-daemon-call-api.md?tabs=dotnet).
 ---