Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into overview-get-started-data-sources-visualizations-renderers

Author: paulth1

articles/active-directory-b2c/display-control-time-based-one-time-password.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 12/09/2021
+ms.date: 07/20/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -116,4 +116,8 @@ The following screenshot illustrates a TOTP verification page.
 
 ## Next steps
 
-- Learn how to validate a TOTP code in [Define an Azure AD MFA technical profile](multi-factor-auth-technical-profile.md).
+- Learn more about multifactor authentication in [Enable multifactor authentication in Azure Active Directory B2C](multi-factor-authentication.md?pivots=b2c-custom-policy)
+
+- Learn how to validate a TOTP code in [Define an Azure AD MFA technical profile](multi-factor-auth-technical-profile.md).
+
+- Explore a sample [Azure AD B2C MFA with TOTP using any Authenticator app custom policy in GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies/totp).  

articles/active-directory-b2c/identity-provider-twitter.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 09/16/2021
+ms.date: 07/20/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -34,30 +34,35 @@ zone_pivot_groups: b2c-policy-type
 To enable sign-in for users with a Twitter account in Azure AD B2C, you need to create a Twitter application. If you don't already have a Twitter account, you can sign up at [`https://twitter.com/signup`](https://twitter.com/signup). You also need to [Apply for a developer account](https://developer.twitter.com/). For more information, see [Apply for access](https://developer.twitter.com/en/apply-for-access).
 
 1. Sign in to the [Twitter Developer Portal](https://developer.twitter.com/portal/projects-and-apps) with your Twitter account credentials.
-1. Under **Standalone Apps**, select **+Create App**.
-1. Enter an **App name**, and then select **Complete**.
-1. Copy the value of the **App key**, and **API key secret**.  You use both of them to configure Twitter as an identity provider in your tenant. 
-1. Under **Setup your App**, select **App settings**.
-1. Under **Authentication settings**, select **Edit**
-    1. Select **Enable 3-legged OAuth** checkbox.
-    1. Select **Request email address from users** checkbox.
-    1. For the **Callback URLs**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`.  If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
+1. Select **+ Create Project** button. 
+1. Under **Project name** tab, enter a preferred name of your project, and then select **Next** button.
+1. Under **Use case** tab, select your preferred use case, and then select **Next**. 
+1. Under **Project description** tab, enter your project description, and then select **Next** button. 
+1. Under **App name** tab, enter a name for your app, such as *azureadb2c*, and the select **Next** button.
+1. Under **Keys & Tokens** tab, copy the value of **API Key** and **API Key Secret** for later. You use both of them to configure Twitter as an identity provider in your Azure AD B2C tenant. 
+1. Select **App settings** to open the app settings. 
+1. At the lower part of the page, under **User authentication settings**, select **Set up**.
+1. In the **User authentication settings** page, select **OAuth 2.0** option. 
+1. Under **OAUTH 2.0 SETTINGS**, for the **Type of app**, select your appropriate app type such as *Web App*. 
+1. Under **GENERAL AUTHENTICATION SETTINGS**:
+    1. For the **Callback URI/Redirect URL**, enter `https://your-tenant.b2clogin.com/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name/your-tenant-name.onmicrosoft.com/your-user-flow-Id/oauth1/authresp`. Use all lowercase letters when entering your tenant name and user flow ID even if they are defined with uppercase letters in Azure AD B2C. Replace:
         - `your-tenant-name` with the name of your tenant name.
         - `your-domain-name` with your custom domain.
         - `your-user-flow-Id` with the identifier of your user flow. For example, `b2c_1a_signup_signin_twitter`. 
 
     1. For the **Website URL**, enter `https://your-tenant.b2clogin.com`. Replace `your-tenant` with the name of your tenant. For example, `https://contosob2c.b2clogin.com`. If you use a [custom domain](custom-domain.md), enter `https://your-domain-name`.
     1. Enter a URL for the **Terms of service**, for example `http://www.contoso.com/tos`. The policy URL is a page you maintain to provide terms and conditions for your application.
     1. Enter a URL for the **Privacy policy**, for example `http://www.contoso.com/privacy`. The policy URL is a page you maintain to provide privacy information for your application.
-    1. Select **Save**.
+1. Select **Save**. 
 
 ::: zone pivot="b2c-user-flow"
 
 ## Configure Twitter as an identity provider
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. Make sure you're using the directory that contains your Azure AD B2C tenant. 
+    1. Select the **Directories + subscriptions** icon in the portal toolbar.
+    1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Twitter**.
 1. Enter a **Name**. For example, *Twitter*.
@@ -86,25 +91,26 @@ If the sign-in process is successful, your browser is redirected to `https://jwt
 
 ## Create a policy key
 
-You need to store the secret key that you previously recorded in your Azure AD B2C tenant.
+You need to store the secret key that you previously recorded for Twitter app in your Azure AD B2C tenant.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
-1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
-1. On the Overview page, select **Identity Experience Framework**.
+1. Make sure you're using the directory that contains your Azure AD B2C tenant. 
+    1. Select the **Directories + subscriptions** icon in the portal toolbar.
+    1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
+1. In the Azure portal, search for and select **Azure AD B2C**.
+1. On the left menu, under **Policies**, select **Identity Experience Framework**.
 1. Select **Policy Keys** and then select **Add**.
 1. For **Options**, choose `Manual`.
 1. Enter a **Name** for the policy key. For example, `TwitterSecret`. The prefix `B2C_1A_` is added automatically to the name of your key.
-1. In **Secret**, enter your client secret that you previously recorded.
+1. For **Secret**, enter your *API key secret* value that you previously recorded.
 1. For **Key usage**, select `Encryption`.
 1. Click **Create**.
 
 ## Configure Twitter as an identity provider
 
 To enable users to sign in using a Twitter account, you need to define the account as a claims provider that Azure AD B2C can communicate with through an endpoint. The endpoint provides a set of claims that are used by Azure AD B2C to verify that a specific user has authenticated.
 
-You can define a Twitter account as a claims provider by adding it to the **ClaimsProviders** element in the extension file of your policy.
+You can define a Twitter account as a claims provider by adding it to the **ClaimsProviders** element in the extension file of your policy. Refer to the custom policy starter pack that you downloaded in the Prerequisites of this article.
 
 1. Open the *TrustFrameworkExtensions.xml*.
 2. Find the **ClaimsProviders** element. If it does not exist, add it under the root element.
@@ -149,7 +155,7 @@ You can define a Twitter account as a claims provider by adding it to the **Clai
     </ClaimsProvider>
     ```
 
-4. Replace the value of **client_id** with the *API key secret* that you previously recorded.
+4. Replace the value of **client_id** with the *API key* that you previously recorded.
 5. Save the file.
 
 [!INCLUDE [active-directory-b2c-add-identity-provider-to-user-journey](../../includes/active-directory-b2c-add-identity-provider-to-user-journey.md)]

articles/active-directory-b2c/multi-factor-authentication.md

@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 06/27/2022
+ms.date: 07/20/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -83,7 +83,7 @@ To enable multifactor authentication, get the custom policy starter pack from Gi
 
 -  [Download the .zip file](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/archive/master.zip) or clone the repository from `https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack`, and then update the XML files in the **SocialAndLocalAccountsWithMFA** starter pack with your Azure AD B2C tenant name. The **SocialAndLocalAccountsWithMFA**  enables social and local sign in options, and multifactor authentication options, except for the Authenticator app - TOTP option.
 - To support the **Authenticator app - TOTP** MFA option, download the custom policy files from `https://github.com/azure-ad-b2c/samples/tree/master/policies/totp`, and then update the XML files with your Azure AD B2C tenant name. Make sure to include `TrustFrameworkExtensions.xml`, `TrustFrameworkLocalization.xml`, and `TrustFrameworkBase.xml` XML files from the **SocialAndLocalAccounts** starter pack.
-- Update your [page layout] to version `2.1.9`. For more information, see [Select a page layout](contentdefinitions.md#select-a-page-layout).
+- Update your [page layout] to version `2.1.14`. For more information, see [Select a page layout](contentdefinitions.md#select-a-page-layout).
 
 ::: zone-end
 

articles/active-directory-b2c/tutorial-create-user-flows.md

@@ -343,7 +343,7 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 In this article, you learned how to:
 
 > [!div class="checklist"]
-> * Create a sig- up and sign in user flow
+> * Create a sign-up and sign in user flow
 > * Create a profile editing user flow
 > * Create a password reset user flow
 

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 07/06/2022
+ms.date: 07/20/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/app-provisioning/sap-successfactors-integration-reference.md

@@ -79,12 +79,12 @@ Based on the attribute-mapping, during full sync Azure AD provisioning service s
 >| OData API Host | Appends https to the *Tenant URL*. Example: `https://api4.successfactors.com` |
 >| OData API Endpoint | `/odata/v2/PerPerson` |
 >| OData $format query parameter | `json` |
->| OData $filter query parameter | `(personEmpTerminationInfoNav/activeEmploymentsCount ge 1) and (lastModifiedDateTime le <CurrentExecutionTime>)` |
+>| OData $filter query parameter | `(personEmpTerminationInfoNav/activeEmploymentsCount ne null) and (lastModifiedDateTime le <CurrentExecutionTime>)` |
 >| OData $expand query parameter | This parameter value depends on the attributes mapped. Example: `employmentNav/userNav,employmentNav/jobInfoNav,personalInfoNav,personEmpTerminationInfoNav,phoneNav,emailNav,employmentNav/jobInfoNav/companyNav/countryOfRegistrationNav,employmentNav/jobInfoNav/divisionNav,employmentNav/jobInfoNav/departmentNav` |
 >| OData customPageSize query parameter | `100` |
 
 > [!NOTE]
-> During the first initial full sync, Azure AD provisioning service does not pull inactive/terminated worker data.
+> During the full initial sync, both active and terminated workers from SAP SuccessFactors will be fetched.
 
 For each SuccessFactors user, the provisioning service looks for an account in the target (Azure AD/on-premises Active Directory) using the matching attribute defined in the mapping. For example: if *personIdExternal* maps to *employeeId* and is set as the matching attribute, then the provisioning service uses the *personIdExternal* value to search for the user with *employeeId* filter. If a user match is found, then it updates the target attributes. If no match is found, then it creates a new entry in the target.