Merge pull request #233160 from cilwerner/dirty-pr-release-msid-gtd-tutorial-web-app-redirect-json

[GTD] DIRTY PR release msid gtd tutorial web app TOC

Author: v-lmcdonald

.openpublishing.publish.config.json

@@ -1002,8 +1002,6 @@
   ".openpublishing.redirection.baremetal-infrastructure.json",
   ".openpublishing.redirection.defender-for-cloud.json",
   ".openpublishing.redirection.defender-for-iot.json",
-  ".openpublishing.redirection.deployment-environments.json",
-  ".openpublishing.redirection.dev-box.json",
   ".openpublishing.redirection.healthcare-apis.json",
   ".openpublishing.redirection.iot-hub-device-update.json",
   ".openpublishing.redirection.json",
@@ -1060,6 +1058,8 @@
   "articles/stream-analytics/.openpublishing.redirection.stream-analytics.json",
   "articles/synapse-analytics/.openpublishing.redirection.synapse-analytics.json",
   "articles/virtual-machine-scale-sets/.openpublishing.redirection.virtual-machine-scale-sets.json",
-  "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json"
+  "articles/virtual-machines/.openpublishing.redirection.virtual-machines.json",
+  "articles/dev-box/.openpublishing.redirection.dev-box.json",
+  "articles/deployment-environments/.openpublishing.redirection.deployment-environments.json"
 ]
 }

.openpublishing.redirection.dev-box.json

@@ -74,6 +74,8 @@ Usage charges for Azure AD B2C are billed to an Azure subscription. You need to
 
 A subscription linked to an Azure AD B2C tenant can be used for the billing of Azure AD B2C usage or other Azure resources, including additional Azure AD B2C resources. It can't be used to add other Azure license-based services or Office 365 licenses within the Azure AD B2C tenant.
 
+[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-create-subscription.md)]
+
 ### Prerequisites
 
 * [Azure subscription](https://azure.microsoft.com/free/)

articles/active-directory-b2c/billing.md

@@ -8,9 +8,10 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 02/24/2023
+ms.date: 03/30/2023
 ms.author: godonnell
 ms.subservice: B2C
+ms.custom: "b2c-support"
 ---
 
 # Use the Azure portal to create and delete consumer users in Azure AD B2C
@@ -34,7 +35,7 @@ This article focuses on working with **consumer accounts** in the Azure portal.
 1. Sign in to the [Azure portal](https://portal.azure.com).
 1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. In the left menu, select **Azure Active Directory**. Or, select **All services** and search for and select **Azure Active Directory**.
 1. Under **Manage**, select **Users**.
 1. Select **New user**.
 1. Select **Create Azure AD B2C user**.

articles/active-directory-b2c/manage-users-portal.md

@@ -40,9 +40,11 @@ Before you create your Azure AD B2C tenant, you need to take the following consi
 
 - An Azure account that's been assigned at least the [Contributor](../role-based-access-control/built-in-roles.md) role within the subscription or a resource group within the subscription is required. 
 
+[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-create-subscription.md)] 
+
 ## Create an Azure AD B2C tenant
 >[!NOTE]
->If you're unable to create Azure AD B2C tenant, [review your user settings page](tenant-management-check-tenant-creation-permission.md) to ensure that tenant creation isn't switched off. If tenant creation is switched off, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
+>If you're unable to create Azure AD B2C tenant, [review your user settings page](tenant-management-check-tenant-creation-permission.md) to ensure that tenant creation isn't switched off. If tenant creation is switched on, ask your _Global Administrator_ to assign you a _Tenant Creator_ role.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/). 
 

articles/active-directory-b2c/tutorial-create-tenant.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/06/2023
+ms.date: 04/02/2023
 
 ms.author: justinha
 author: justinha
@@ -50,9 +50,8 @@ The following expiration requirements apply to other providers that use Azure AD
 
 | Property | Requirements |
 | --- | --- |
-| Password expiry duration (Maximum password age) |<ul><li>Default value: **90** days.</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet from the Azure Active Directory Module for Windows PowerShell.</li></ul> |
-| Password expiry notification (When users are notified of password expiration) |<ul><li>Default value: **14** days (before password expires).</li><li>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet.</li></ul> |
-| Password expiry (Let passwords never expire) |<ul><li>Default value: **false** (indicates that password's have an expiration date).</li><li>The value can be configured for individual user accounts by using the `Set-MsolUser` cmdlet.</li></ul> |
+| Password expiry duration (Maximum password age) |Default value: **90** days.<br>The value is configurable by using the `Set-MsolPasswordPolicy` cmdlet from the Azure Active Directory Module for Windows PowerShell. |
+| Password expiry (Let passwords never expire) |Default value: **false** (indicates that password's have an expiration date).<br>The value can be configured for individual user accounts by using the `Set-MsolUser` cmdlet.|
 
 ## Next steps
 

articles/active-directory/authentication/concept-password-ban-bad-combined-policy.md

@@ -4,7 +4,7 @@ description: Learn how to use system-preferred multifactor authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 03/31/2023
+ms.date: 04/03/2023
 ms.author: justinha
 author: justinha
 manager: amycolannino
@@ -27,7 +27,20 @@ After system-preferred MFA is enabled, the authentication system does all the wo
 >[!NOTE]
 >System-preferred MFA is a key security upgrade to traditional second factor notifications. We highly recommend enabling system-preferred MFA in the near term for improved sign-in security. 
 
-## Enable system-preferred MFA
+## Enable system-preferred MFA in the Azure portal
+
+By default, system-preferred MFA is Microsoft managed and disabled for all users. 
+
+1. In the Azure portal, click **Security** > **Authentication methods** > **Settings**.
+1. For **System-preferred multifactor authentication**, choose whether to explicitly enable or disable the feature, and include or exclude any users. Excluded groups take precedence over include groups. 
+
+   For example, the following screenshot shows how to make system-preferred MFA explicitly enabled for only the Engineering group. 
+
+   :::image type="content" border="true" source="./media/concept-system-preferred-multifactor-authentication/enable.png" alt-text="Screenshot of how to enable Microsoft Authenticator settings for Push authentication mode.":::
+
+1. After you finish making any changes, click **Save**. 
+
+## Enable system-preferred MFA using Graph APIs
 
 To enable system-preferred MFA in advance, you need to choose a single target group for the schema configuration, as shown in the [Request](#request) example. 
 
@@ -47,7 +60,7 @@ System-preferred MFA can be enabled only for a single group, which can be a dyna
 
 | Property | Type | Description |
 |----------|------|-------------|
-| id | String | ID of the entity targeted. |
+| ID | String | ID of the entity targeted. |
 | targetType | featureTargetType | The kind of entity targeted, such as group, role, or administrative unit. The possible values are: 'group', 'administrativeUnit', 'role', 'unknownFutureValue'. |
 
 Use the following API endpoint to enable **systemCredentialPreferences** and include or exclude groups: