Merge pull request #173782 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

articles/active-directory/app-provisioning/accidental-deletions.md

@@ -21,7 +21,7 @@ The feature lets you specify a deletion threshold, above which an admin
 needs to explicitly choose to allow the deletions to be processed.
 
 > [!NOTE]
-> Accidental deletions are not supported for our Workday / SuccessFactors integrations. It is also not supported for changes in scoping (e.g. changing a scoping filter or changing from "sync all users and groups" to "sync assigned users and groups". Until the accidental deletions prevention feature is fully released, you will need to access the Azure portal using this URL: https://portal.azure.com/?Microsoft_AAD_IAM_userProvisioningDeleteThreshold=true 
+> Accidental deletions are not supported for our Workday / SuccessFactors integrations. It is also not supported for changes in scoping (e.g. changing a scoping filter or changing from "sync all users and groups" to "sync assigned users and groups". Until the accidental deletions prevention feature is fully released, you will need to access the Azure portal using this URL: https://aka.ms/AccidentalDeletionsPreview
 
 
 ## Configure accidental deletion prevention
@@ -79,8 +79,7 @@ To learn more about de-provisioning scenarios, see [How Application Provisioning
 ### What scenarios count toward the deletion threshold?
 When a user is set to be removed from the target application, it will be counted against the 
 deletion threshold. Scenarios that could lead to a user being removed from the target 
-application could include: unassigning the user from the application, changing the sync scope 
-from “sync all” to “sync assigned” to soft / hard deleting a user in the directory. Groups 
+application could include: unassigning the user from the application and soft / hard deleting a user in the directory. Groups 
 evaluated for deletion count towards the deletion threshold. In addition to deletions, the same functionality also works for disables.
 
 ### What is the interval that the deletion threshold is evaluated on?

articles/active-directory/azuread-dev/about-microsoft-identity-platform.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: overview
 ms.workload: identity
-ms.date: 12/09/2019
+ms.date: 09/27/2021
 ms.author: ryanwi
 ms.reviewer: agirling, saeeda, benv, marsma
 ms.custom: aaddev

articles/active-directory/develop/active-directory-authentication-protocols.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 12/18/2019
+ms.date: 09/27/2021
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: hirsin

articles/active-directory/develop/api-find-an-api-how-to.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/28/2019
+ms.date: 09/27/2021
 ms.author: ryanwi
 ROBOTS: NOINDEX
 ---
@@ -28,4 +28,4 @@ When you add permissions to your app registration, you can **add API access** to
 
 ## Next steps
 
-- [Understanding the Azure Active Directory application manifest](./reference-app-manifest.md)
+- [Understanding the Azure Active Directory application manifest](./reference-app-manifest.md)

articles/active-directory/develop/application-model.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/28/2020
+ms.date: 09/27/2021
 ms.author: ryanwi
 ms.reviewer: jmprieur, saeeda, sureshja, hirsin
 ms.custom: aaddev, identityplatformtop40, scenarios:getting-started
@@ -83,4 +83,4 @@ For more information about the application model, see the following articles:
 
 * For more information on application objects and service principals in the Microsoft identity platform, see [How and why applications are added to Azure AD](active-directory-how-applications-are-added.md).
 * For more information on single-tenant apps and multi-tenant apps, see [Tenancy in Azure Active Directory](single-and-multi-tenant-apps.md).
-* For more information on how Azure AD also provides Azure Active Directory B2C so that organizations can sign in users, typically customers, by using social identities like a Google account, see [Azure Active Directory B2C documentation](../../active-directory-b2c/index.yml).
+* For more information on how Azure AD also provides Azure Active Directory B2C so that organizations can sign in users, typically customers, by using social identities like a Google account, see [Azure Active Directory B2C documentation](../../active-directory-b2c/index.yml).

articles/active-directory/develop/consent-framework-links.md

@@ -10,7 +10,7 @@ ms.subservice: develop
 ms.custom: aaddev 
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/11/2018
+ms.date: 09/27/2021
 ms.author: ryanwi
 ROBOTS: NOINDEX
 ---
@@ -27,4 +27,4 @@ This article is to help you learn more about how the Azure AD consent framework
 - For more depth, learn [how consent is supported at the OAuth 2.0 protocol layer during the authorization code grant flow.](../azuread-dev/v1-protocols-oauth-code.md#request-an-authorization-code)
 
 ## Next steps
-[AzureAD Microsoft Q&A](/answers/topics/azure-active-directory.html)
+[AzureAD Microsoft Q&A](/answers/topics/azure-active-directory.html)

articles/active-directory/develop/delegated-and-app-perms.md

@@ -10,7 +10,7 @@ ms.subservice: develop
 ms.custom: aaddev 
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 06/28/2019
+ms.date: 09/27/2021
 ms.author: ryanwi
 ROBOTS: NOINDEX
 ---
@@ -24,4 +24,4 @@ ROBOTS: NOINDEX
 - For more depth, learn how resource applications expose [scopes](developer-glossary.md#scopes) and [application roles](developer-glossary.md#roles) to client applications, which manifest as delegated and application permissions respectively in the Azure portal. 
 
 ## Next steps
-[AzureAD Microsoft Q&A](/answers/topics/azure-active-directory.html)
+[AzureAD Microsoft Q&A](/answers/topics/azure-active-directory.html)

articles/active-directory/develop/developer-glossary.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 04/24/2020
+ms.date: 09/27/2021
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: jmprieur, saeeda, jesakowi, nacanuma
@@ -30,7 +30,7 @@ Access tokens are sometimes referred to as "User+App" or "App-Only", depending o
 * ["Authorization code" authorization grant](#authorization-grant), the end user authenticates first as the resource owner, delegating authorization to the client to access the resource. The client authenticates afterward when obtaining the access token. The token can sometimes be referred to more specifically as a "User+App" token, as it represents both the user that authorized the client application, and the application.
 * ["Client credentials" authorization grant](#authorization-grant), the client provides the sole authentication, functioning without the resource-owner's authentication/authorization, so the token can sometimes be referred to as an "App-Only" token.
 
-See the [Microsoft identity platform Token Reference][AAD-Tokens-Claims] for more details.
+See the [access tokens reference][AAD-Tokens-Claims] for more details.
 
 ## application ID (client ID)
 
@@ -109,7 +109,7 @@ See [consent framework](consent-framework.md) for more information.
 
 An [OpenID Connect][OpenIDConnect-ID-Token] [security token](#security-token) provided by an [authorization server's](#authorization-server) [authorization endpoint](#authorization-endpoint), which contains [claims](#claim) pertaining to the authentication of an end user [resource owner](#resource-owner). Like an access token, ID tokens are also represented as a digitally signed [JSON Web Token (JWT)][JWT]. Unlike an access token though, an ID token's claims are not used for purposes related to resource access and specifically access control.
 
-See the [Microsoft identity platform token reference][AAD-Tokens-Claims] for more details.
+See the [ID token reference](id-tokens.md) for more details.
 
 ## Microsoft identity platform
 
@@ -142,6 +142,8 @@ A type of [security token](#security-token) issued by an [authorization server](
 
 Unlike access tokens, refresh tokens can be revoked. If a client application attempts to request a new access token using a refresh token that has been revoked, the authorization server will deny the request, and the client application will no longer have permission to access the [resource server](#resource-server) on behalf of the [resource owner](#resource-owner).
 
+See the [refresh tokens](refresh-tokens.md) for more details.
+
 ## resource owner
 
 As defined by the [OAuth2 Authorization Framework][OAuth2-Role-Def], an entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end user. For example, when a [client application](#client-application) wants to access a user's mailbox through the [Microsoft Graph API][Microsoft-Graph], it requires permission from the resource owner of the mailbox.

articles/active-directory/develop/howto-add-terms-of-service-privacy-statement.md

@@ -9,9 +9,9 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 05/22/2019
+ms.date: 09/27/2021
 ms.author: ryanwi
-ms.reviewer: lenalepa, sureshja
+ms.reviewer: sureshja
 ms.custom: aaddev
 ---
 
@@ -57,7 +57,7 @@ Follow these steps in the Azure portal.
 1. Sign in to the <a href="https://portal.azure.com/" target="_blank">Azure portal</a> and select the correct Azure AD tenant(not B2C).
 2. Navigate to the **App registrations** section and select your app.
 3. Under **Manage**, select **Branding**.
-4. Fill out the **Terms of Service URL** and **Privacy Statement URL** fields.
+4. Fill out the **Terms of service URL** and **Privacy statement URL** fields.
 5. Select **Save**.
 
     ![App properties contains terms of service and privacy statement URLs](./media/howto-add-terms-of-service-privacy-statement/azure-portal-terms-service-privacy-statement-urls.png)

articles/active-directory/develop/mark-app-as-publisher-verified.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
-ms.date: 05/08/2020
+ms.date: 09/27/2021
 ms.author: ryanwi
 ms.custom: aaddev
 ms.reviewer: jesakowi
@@ -37,13 +37,13 @@ Make sure you have met the [pre-requisites](publisher-verification-overview.md#r
 
 1. Ensure you are signed in using [multi-factor authentication](../fundamentals/concept-fundamentals-mfa-get-started.md) to an organizational (Azure AD) account that is authorized to make changes to the app(s) you want to mark as Publisher Verified and on the MPN Account in Partner Center.
 
-    - In Azure AD this user must be a member of one of the following [roles](../roles/permissions-reference.md): Application Admin, Cloud Application Admin, Global Admin. 
+    - In Azure AD this user must be a member of one of the following [roles](../roles/permissions-reference.md): Application Admin, Cloud Application Admin, or Global Admin. 
 
     - In Partner Center this user must have of the following [roles](/partner-center/permissions-overview): MPN Admin, Accounts Admin, or a Global Admin (this is a shared role mastered in Azure AD). 
 
-1. Navigate to the App Registration portal:  
+1. Navigate to the **App registrations** blade:  
 
-1. Click on an app you would like to mark as Publisher Verified and open the Branding blade. 
+1. Click on an app you would like to mark as Publisher Verified and open the **Branding** blade. 
 
 1. Ensure the app’s [publisher domain](howto-configure-publisher-domain.md) is set.