Merge branch 'release-ga-managed-grafana' of https://github.com/MicrosoftDocs/azure-docs-pr into release-ga-auth

Author: maud-lv

.openpublishing.redirection.json

@@ -18319,14 +18319,19 @@
     "redirect_document_id":  false
 },
 {
-    "source_path_from_root":  "/articles/connectors/connectors-create-api-bingsearch.md",
+    "source_path_from_root": "/articles/connectors/connectors-create-api-bingsearch.md",
     "redirect_url":  "/connectors/bingsearch",
-    "redirect_document_id":  false
+    "redirect_document_id": false
 },
 {
-  "source_path_from_root": "/articles/connectors/connectors-create-api-twilio.md",
-  "redirect_url": "/connectors/twilio",
-  "redirect_document_id": false
+    "source_path_from_root": "/articles/connectors/connectors-create-api-twilio.md",
+    "redirect_url": "/connectors/twilio",
+    "redirect_document_id": false
+},
+{
+    "source_path_from_root": "/articles/connectors/connectors-create-api-sendgrid.md",
+    "redirect_url": "/connectors/sendgrid",
+    "redirect_document_id": false
 },
 {
   "source_path_from_root":  "/articles/connectors/connectors-schema-migration.md",

articles/active-directory-b2c/TOC.yml

@@ -355,7 +355,7 @@
       items:
       - name: Multi-factor authentication
         href: multi-factor-authentication.md
-        displayName: TOTP, time-based-one-time password, time-based one-time password, authenticator app, Microsoft authenticator app, mfa, 2fa
+        displayName: TOTP, multi-factor, multifactor, time-based-one-time password, time-based one-time password, authenticator app, Microsoft authenticator app, mfa, 2fa
       - name: Partner integration
         items:
         - name: Asignio

articles/active-directory-b2c/configure-authentication-in-azure-static-app.md

@@ -7,7 +7,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 06/28/2022
+ms.date: 08/22/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: "b2c-support"
@@ -30,7 +30,7 @@ OpenID Connect (OIDC) is an authentication protocol that's built on OAuth 2.0. U
 When the access token expires or the app session is invalidated, Azure Static Web App initiates a new authentication request and redirects users to Azure AD B2C. If the Azure AD B2C [SSO session](session-behavior.md) is active, Azure AD B2C issues an access token without prompting users to sign in again. If the Azure AD B2C session expires or becomes invalid, users are prompted to sign in again.
 
 ## Prerequisites
-
+- A premium Azure subscription. 
 - If you haven't created an app yet, follow the guidance how to create an [Azure Static Web App](../static-web-apps/overview.md).
 - Familiarize yourself with the Azure Static Web App [staticwebapp.config.json](../static-web-apps/configuration.md) configuration file.
 - Familiarize yourself with the Azure Static Web App [App Settings](../static-web-apps/application-settings.md).

articles/active-directory-b2c/json-transformations.md

@@ -152,7 +152,7 @@ The following example generates a JSON string based on the claim value of "email
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
     <InputClaim ClaimTypeReferenceId="otp" TransformationClaimType="personalizations.0.dynamic_template_data.otp" />
-    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.verify-email" />
+    <InputClaim ClaimTypeReferenceId="copiedEmail" TransformationClaimType="personalizations.0.dynamic_template_data.verify-email" />
   </InputClaims>
   <InputParameters>
     <InputParameter Id="template_id" DataType="string" Value="d-4c56ffb40fa648b1aa6822283df94f60"/>
@@ -169,6 +169,7 @@ The following claims transformation outputs a JSON string claim that will be the
 
 - Input claims:
   - **email**,  transformation claim type  **personalizations.0.to.0.email**: "[email protected]"
+  - **copiedEmail**,  transformation claim type  **personalizations.0.dynamic_template_data.verify-email**: "[email protected]"
   - **otp**, transformation claim type **personalizations.0.dynamic_template_data.otp** "346349"
 - Input parameter:
   - **template_id**: "d-4c56ffb40fa648b1aa6822283df94f60"

articles/active-directory-b2c/openid-connect.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 04/12/2022
+ms.date: 08/12/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ms.custom: fasttrack-edit
@@ -43,7 +43,7 @@ client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
 &response_type=code+id_token
 &redirect_uri=https%3A%2F%2Fjwt.ms%2F
 &response_mode=fragment
-&scope=&scope=openid%20offline_access%20{application-id-uri}/{scope-name}
+&scope=openid%20offline_access%20{application-id-uri}/{scope-name}
 &state=arbitrary_data_you_can_receive_in_the_response
 &nonce=12345
 ```

articles/active-directory-b2c/user-flow-custom-attributes.md

@@ -143,9 +143,12 @@ You can create these attributes by using the portal UI before or after you use t
 
 |Name     |Used in |
 |---------|---------|
-|`extension_loyaltyId`  | Custom policy|
+|`extension_loyaltyId` | Custom policy|
 |`extension_<b2c-extensions-app-guid>_loyaltyId`  | [Microsoft Graph API](microsoft-graph-operations.md#application-extension-directory-extension-properties)|
 
+> [!NOTE] 
+> When using a custom attribute in custom policies, you must prefix the claim type ID with `extension_` to allow the correct data mapping to take place within the Azure AD B2C directory.
+
 The following example demonstrates the use of custom attributes in an Azure AD B2C custom policy claim definition.
 
 ```xml

articles/active-directory/develop/active-directory-schema-extensions.md

@@ -59,10 +59,11 @@ For example, here is a claims-mapping policy to emit a single claim from a direc
 
 Where *xxxxxxx* is the appID (or Client ID) of the application that the extension was registered with.
 
+> [!WARNING]
+> When you define a claims mapping policy for a directory extension attribute, use the `ExtensionID` property instead of the `ID` property within the body of the `ClaimsSchema` array, as shown in the example above.
+
 > [!TIP]
 > Case consistency is important when setting directory extension attributes on objects. Extension attribute names aren't cases sensitive when being set up, but they are case sensitive when being read from the directory by the token service.  If an extension attribute is set on a user object with the name "LegacyId" and on another user object with the name "legacyid", when the attribute is mapped to a claim using the name "LegacyId" the data will be successfully retrieved and the claim included in the token for the first user but not the second.
->
-> The "Id" parameter in the claims schema used for built-in directory attributes is "ExtensionID" for directory extension attributes.
 
 ## Next steps
 - Learn how to [add custom or additional claims to the SAML 2.0 and JSON Web Tokens (JWT) tokens](active-directory-optional-claims.md).

articles/active-directory/develop/custom-rbac-for-developers.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity 
-ms.date: 06/16/2022
+ms.date: 08/19/2022
 ms.custom: template-concept
 ms.author: davidmu
 ms.reviewer: john.garland, maggie.marxen, ian.bennett, marsma
@@ -43,7 +43,9 @@ Developers have the flexibility to provide their own implementation for how role
 
 ### App roles
 
-Azure AD supports declaring app roles for an application. When a user signs into an application, Azure AD includes a [roles claim](./access-tokens.md#payload-claims) for each role that the user has been granted for that application. Applications receive the tokens that contain the role claims and then can use the information for permission assignments. The roles assigned to the user determine the level of access to resources and functionality.
+Azure AD allows you to [define app roles](./howto-add-app-roles-in-azure-ad-apps.md) for your application and assign those roles to users and other applications. The roles you assign to a user or application define their level of access to the resources and operations in your application.
+
+When Azure AD issues an access token for an authenticated user or application, it includes the names of the roles you've assigned the entity (the user or application) in the access token's [`roles`](./access-tokens.md#payload-claims) claim. An application like a web API that receives that access token in a request can then make authorization decisions based on the values in the `roles` claim.
 
 ### Groups
 
@@ -79,5 +81,5 @@ Although either app roles or groups can be used for authorization, key differenc
 
 ## Next steps
 
-- [How to add app roles to your application and receive them in the token](./howto-add-app-roles-in-azure-ad-apps.md).
-- [Azure Identity Management and access control security best practices](../../security/fundamentals/identity-management-best-practices.md).
+- [How to add app roles to your application and receive them in the token](./howto-add-app-roles-in-azure-ad-apps.md)
+- [Azure Identity Management and access control security best practices](../../security/fundamentals/identity-management-best-practices.md)

articles/active-directory/develop/msal-net-token-cache-serialization.md

@@ -98,7 +98,7 @@ Here are examples of possible distributed caches:
 services.Configure<MsalDistributedTokenCacheAdapterOptions>(options => 
   {
     // Optional: Disable the L1 cache in apps that don't use session affinity
-    //                 by setting DisableL1Cache to 'false'.
+    //                 by setting DisableL1Cache to 'true'.
     options.DisableL1Cache = false;
 
     // Or limit the memory (by default, this is 500 MB)

articles/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: app-service-web
 ms.topic: tutorial
 ms.workload: identity
-ms.date: 04/25/2022
+ms.date: 08/19/2022
 ms.author: ryanwi
 ms.reviewer: stsoneff
 ms.devlang: csharp, javascript
@@ -90,7 +90,7 @@ webAppName="SecureWebApp-20201106120003"
 
 spId=$(az resource list -n $webAppName --query [*].identity.principalId --out tsv)
 
-graphResourceId=$(az ad sp list --display-name "Microsoft Graph" --query [0].objectId --out tsv)
+graphResourceId=$(az ad sp list --display-name "Microsoft Graph" --query [0].id --out tsv)
 
 appRoleId=$(az ad sp list --display-name "Microsoft Graph" --query "[0].appRoles[?value=='User.Read.All' && contains(allowedMemberTypes, 'Application')].id" --output tsv)