Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into release-ga-msal-apple

Author: v-alje

articles/active-directory-b2c/active-directory-b2c-get-started-custom.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/16/2019
+ms.date: 09/26/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -21,44 +21,45 @@ ms.subservice: B2C
 
 ## Prerequisites
 
-- If you don't have one already, you need to [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
+- If you don't have one already, [create an Azure AD B2C tenant](tutorial-create-tenant.md) that is linked to your Azure subscription.
 - [Register your application](tutorial-register-applications.md) in the tenant that you created so that it can communicate with Azure AD B2C.
+- Complete the steps in [Set up sign-up and sign-in with a Facebook account](active-directory-b2c-setup-fb-app.md) to configure a Facebook application.
 
 ## Add signing and encryption keys
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-2. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directory + subscription** filter in the top menu and choose the directory that contains your tenant.
-3. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
-4. On the Overview page, select **Identity Experience Framework**.
+1. Sign in to the [Azure portal](https://portal.azure.com)
+1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. On the Overview page, select **Identity Experience Framework**.
 
 ### Create the signing key
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Generate`.
-3. In **Name**, enter `TokenSigningKeyContainer`. The prefix `B2C_1A_` might be added automatically.
-4. For **Key type**, select **RSA**.
-5. For **Key usage**, select **Signature**.
-6. Click **Create**.
+1. For **Options**, choose `Generate`.
+1. In **Name**, enter `TokenSigningKeyContainer`. The prefix `B2C_1A_` might be added automatically.
+1. For **Key type**, select **RSA**.
+1. For **Key usage**, select **Signature**.
+1. Select **Create**.
 
 ### Create the encryption key
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Generate`.
-3. In **Name**, enter `TokenEncryptionKeyContainer`. The prefix `B2C_1A`_ might be added automatically.
-4. For **Key type**, select **RSA**.
-5. For **Key usage**, select **Encryption**.
-6. Click **Create**.
+1. For **Options**, choose `Generate`.
+1. In **Name**, enter `TokenEncryptionKeyContainer`. The prefix `B2C_1A`_ might be added automatically.
+1. For **Key type**, select **RSA**.
+1. For **Key usage**, select **Encryption**.
+1. Select **Create**.
 
 ### Create the Facebook key
 
-If you already have a [Facebook application secret](active-directory-b2c-setup-fb-app.md), add it as a policy key to your tenant. Otherwise, you must create the key with a placeholder value so that your policies pass validation.
+Add your Facebook application's [App Secret](active-directory-b2c-setup-fb-app.md) as a policy key. You can use the App Secret of the application you created as part of this article's prerequisites.
 
 1. Select **Policy Keys** and then select **Add**.
-2. For **Options**, choose `Manual`.
-3. For **Name**, enter `FacebookSecret`. The prefix `B2C_1A_` might be added automatically.
-4. In **Secret**, enter your Facebook secret from developers.facebook.com or `0` as a placeholder. This value is the secret, not the application ID.
-5. For **Key usage**, select **Signature**.
-6. Click **Create**.
+1. For **Options**, choose `Manual`.
+1. For **Name**, enter `FacebookSecret`. The prefix `B2C_1A_` might be added automatically.
+1. In **Secret**, enter your Facebook application's *App Secret* from developers.facebook.com. This value is the secret, not the application ID.
+1. For **Key usage**, select **Signature**.
+1. Select **Create**.
 
 ## Register Identity Experience Framework applications
 
@@ -74,19 +75,19 @@ Azure AD B2C requires you to register two applications that are used to sign up
 1. For **Name**, enter `IdentityExperienceFramework`.
 1. For **Application type**, choose **Web app/API**.
 1. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name. All URLs should now be using [b2clogin.com](b2clogin.md).
-1. Click **Create**. After it's created, copy the application ID and save it to use later.
+1. Select **Create**. After it's created, copy the application ID and save it to use later.
 
 ### Register the ProxyIdentityExperienceFramework application
 
 1. In **App registrations (Legacy)**, select **New application registration**.
-2. For **Name**, enter `ProxyIdentityExperienceFramework`.
-3. For **Application type**, choose **Native**.
-4. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
-5. Click **Create**. After it's created, copy the application ID and save it to use later.
-6. On the Settings page, select **Required permissions**, and then select **Add**.
-7. Choose **Select an API**, search for and select **IdentityExperienceFramework**, and then click **Select**.
-9. Select the check box next to **Access IdentityExperienceFramework**, click **Select**, and then click **Done**.
-10. Select **Grant Permissions**, and then confirm by selecting **Yes**.
+1. For **Name**, enter `ProxyIdentityExperienceFramework`.
+1. For **Application type**, choose **Native**.
+1. For **Redirect URI**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant.
+1. Select **Create**. After it's created, copy the application ID and save it to use later.
+1. Select **Settings**, then select **Required permissions**, and then select **Add**.
+1. Choose **Select an API**, search for and select **IdentityExperienceFramework**, and then click **Select**.
+1. Select the check box next to **Access IdentityExperienceFramework**, click **Select**, and then click **Done**.
+1. Select **Grant permissions**, and then confirm by selecting **Yes**.
 
 ## Custom policy starter pack
 
@@ -156,7 +157,6 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 
 ## Add Facebook as an identity provider
 
-1. Complete the steps in [Set up sign-up and sign-in with a Facebook account](active-directory-b2c-setup-fb-app.md) to configure a Facebook application.
 1. In the `SocialAndLocalAccounts/`**`TrustFrameworkExtensions.xml`** file, replace the value of `client_id` with the Facebook application ID:
 
    ```xml
@@ -168,7 +168,7 @@ As you upload the files, Azure adds the prefix `B2C_1A_` to each.
 
 1. Upload the *TrustFrameworkExtensions.xml* file to your tenant.
 1. Under **Custom policies**, select **B2C_1A_signup_signin**.
-1. Select **Run now** and select Facebook to sign in with Facebook and test the custom policy. Or, invoke the policy directly from your registered application.
+1. Select **Run now** and select Facebook to sign in with Facebook and test the custom policy.
 
 ## Next steps
 

articles/active-directory-b2c/active-directory-b2c-reference-disable-ev.md

@@ -1,34 +1,36 @@
 ---
-title: Disable email verification during consumer sign-up in Azure Active Directory B2C | Microsoft Docs
-description: A topic demonstrating how to disable email verification during consumer sign-up in Azure Active Directory B2C.
+title: Disable email verification during customer sign-up in Azure Active Directory B2C
+description: Learn how to disable email verification during customer sign-up in Azure Active Directory B2C.
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 11/30/2018
+ms.date: 09/25/2018
 ms.author: marsma
 ms.subservice: B2C
 ---
 
-# Disable email verification during consumer sign-up in Azure Active Directory B2C
-When enabled, Azure Active Directory B2C (Azure AD B2C) gives a consumer the ability to sign up for applications by providing an email address and creating a local account. Azure AD B2C ensures valid email addresses by requiring consumers to verify them during the sign-up process. It also prevents a malicious automated process from generating fake accounts for the applications.
+# Disable email verification during customer sign-up in Azure Active Directory B2C
 
-Some application developers prefer to skip email verification during the sign-up process and instead have consumers verify the email address later. To support this, Azure AD B2C can be configured to disable email verification. Doing so creates a smoother sign-up process and gives developers the flexibility to differentiate the consumers that have verified their email address from those consumers that have not.
+By default, Azure Active Directory B2C (Azure AD B2C) verifies your customer's email address for local accounts (accounts for users who sign up with email address or username). Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up process. It also prevents a malicious actors from using automated processes to generate fraudulent accounts in your applications.
 
-By default, sign-up user flows have email verification turned on. Use the following steps to turn it off:
+Some application developers prefer to skip email verification during the sign-up process and instead have customers verify their email address later. To support this, Azure AD B2C can be configured to disable email verification. Doing so creates a smoother sign-up process and gives developers the flexibility to differentiate customers that have verified their email address from customers that have not.
 
-1. Click **User flows**.
-2. Click your user flow (for example, "B2C_1_SiUp") to open it.
-3. Click **Page layouts**.
-4. Click **Local account sign-up page**.
-5. Click **Email Address** in the **Name** column under the **User attributes** section.
-6. Under **Requires verification**, select **No**.
-7. Click **Save** at the top of the blade. You're done!
+Follow these steps to disable email verification:
 
-> [!NOTE]
-> Disabling email verification in the sign-up process may lead to spam. If you disable the default one, we recommend adding your own verification system.
->
->
+1. Sign in to the [Azure portal](https://portal.azure.com)
+1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. Select **User flows**.
+1. Select the user flow for which you want to disable email verification. For example, *B2C_1_signinsignup*.
+1. Select **Page layouts**.
+1. Select **Local account sign-up page**.
+1. Under **User attributes**, select **Email Address**.
+1. In the **REQUIRES VERIFICATION** drop down, select **No**.
+1. Select **Save**. Email verification is now disabled for this user flow.
+
+> [!WARNING]
+> Disabling email verification in the sign-up process may lead to spam. If you disable the default Azure AD B2C-provided email verification, we recommend that you implement a replacement verification system.

articles/active-directory-b2c/active-directory-b2c-reference-threat-management.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 07/10/2019
+ms.date: 09/26/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -32,10 +32,10 @@ The first 10 lockout periods are one minute long. The next 10 lockout periods ar
 
 To manage password protection settings, including the lockout threshold:
 
-1. Navigate to the [Azure portal](https://portal.azure.com).
-1. Select the **Directory + Subscription** filter in the top-right menu of the portal, then select your Azure AD B2C tenant.
-1. Select **Azure Active Directory** in the left-hand menu (or select **All services** in the upper-left section of the portal, then search for and select *Azure Active Directory*).
-1. Under **Security**, select **Authentication methods**, then select **Password protection**.
+1. Sign in to the [Azure portal](https://portal.azure.com)
+1. Use the **Directory + subscription** filter in the top menu to select the directory that contains your Azure AD B2C tenant.
+1. In the left menu, select **Azure AD B2C**. Or, select **All services** and search for and select **Azure AD B2C**.
+1. Under **Security**, select **Authentication methods (Preview)**, then select **Password protection**.
 1. Enter your desired password protection settings, then select **Save**.
 
     ![Azure portal Password protection page in Azure AD settings](media/active-directory-b2c-reference-threat-management/portal-02-password-protection.png)

articles/active-directory-b2c/active-directory-b2c-setup-fb-app.md

@@ -8,7 +8,7 @@ manager: celestedg
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 08/08/2019
+ms.date: 09/26/2019
 ms.author: marsma
 ms.subservice: B2C
 ---
@@ -21,20 +21,20 @@ To use a Facebook account as an [identity provider](active-directory-b2c-referen
 
 1. Sign in to [Facebook for developers](https://developers.facebook.com/) with your Facebook account credentials.
 1. If you have not already done so, you need to register as a Facebook developer. To do this, select **Get Started** on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.
-1. Select **My Apps** and then **Add New App**.
+1. Select **My Apps** and then **Create App**.
 1. Enter a **Display Name** and a valid **Contact Email**.
-1. Click **Create App ID**. This may require you to accept Facebook platform policies and complete an online security check.
+1. Select **Create App ID**. This may require you to accept Facebook platform policies and complete an online security check.
 1. Select **Settings** > **Basic**.
 1. Choose a **Category**, for example `Business and Pages`. This value is required by Facebook, but not used for Azure AD B2C.
 1. At the bottom of the page, select **Add Platform**, and then select **Website**.
 1. In **Site URL**, enter `https://your-tenant-name.b2clogin.com/` replacing `your-tenant-name` with the name of your tenant. Enter a URL for the **Privacy Policy URL**, for example `http://www.contoso.com`. The policy URL is a page you maintain to provide privacy information for your application.
 1. Select **Save Changes**.
 1. At the top of the page, copy the value of **App ID**.
-1. Click **Show** and copy the value of **App Secret**. You use both of them to configure Facebook as an identity provider in your tenant. **App Secret** is an important security credential.
+1. Select **Show** and copy the value of **App Secret**. You use both of them to configure Facebook as an identity provider in your tenant. **App Secret** is an important security credential.
 1. Select the plus sign next to **PRODUCTS**, and then select **Set up** under **Facebook Login**.
 1. Under **Facebook Login**, select **Settings**.
-1. In **Valid OAuth redirect URIs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant. Click **Save Changes** at the bottom of the page.
-1. To make your Facebook application available to Azure AD B2C, click the Status selector at the top right of the page and turn it **On** to make the Application public, and then click **Confirm**.  At this point the Status should change from **Development** to **Live**.
+1. In **Valid OAuth redirect URIs**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp`. Replace `your-tenant-name` with the name of your tenant. Select **Save Changes** at the bottom of the page.
+1. To make your Facebook application available to Azure AD B2C, select the Status selector at the top right of the page and turn it **On** to make the Application public, and then select **Switch Mode**.  At this point the Status should change from **Development** to **Live**.
 
 ## Configure a Facebook account as an identity provider
 

articles/active-directory-b2c/active-directory-b2c-setup-sf-app-custom.md

@@ -123,7 +123,7 @@ You can define a Salesforce account as a claims provider by adding it to the **C
             <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert"/>
           </CryptographicKeys>
           <OutputClaims>
-            <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="userId"/>
+            <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userId"/>
             <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/>
             <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/>
             <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>