Merge pull request #214352 from MicrosoftDocs/main

10/12 PM Publish

Author: huypub

articles/active-directory-b2c/json-transformations.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 08/10/2022
+ms.date: 09/07/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -251,6 +251,26 @@ The following claims transformation outputs a JSON string claim that will be the
     }
     ```
 
+The **GenerateJson** claims transformation accepts plain strings. If an input claim contains a JSON string, that string will be escaped. In the following example, if you use email output from [CreateJsonArray above](json-transformations.md#example-of-createjsonarray), that is ["[email protected]"], as an input parameter, the email will look like as shown in the following JSON claim:
+
+- Output claim:
+  - **requestBody**:
+
+    ```json
+    {
+       "customerEntity":{
+          "email":"[\"[email protected]\"]",
+          "userObjectId":"01234567-89ab-cdef-0123-456789abcdef",
+          "firstName":"John",
+          "lastName":"Smith",
+          "role":{
+             "name":"Administrator",
+             "id": 1
+          }
+       }
+    }
+    ```
+
 ## GetClaimFromJson
 
 Get a specified element from a JSON data. Check out the [Live demo](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation/json#getclaimfromjson) of this claims transformation.

articles/active-directory-b2c/user-profile-attributes.md

@@ -8,9 +8,10 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/24/2021
+ms.date: 10/11/2021
 ms.author: kengaderdus
 ms.subservice: B2C
+ms.custom: b2c-support
 ---
 
 # User profile attributes
@@ -48,7 +49,7 @@ The table below lists the [user resource type](/graph/api/resources/user) attrib
 |creationType    |String|If the user account was created as a local account for an Azure Active Directory B2C tenant, the value is LocalAccount or nameCoexistence. Read only.|No|No|Persisted, Output|
 |dateOfBirth     |Date|Date of birth.|No|No|Persisted, Output|
 |department      |String|The name for the department in which the user works. Max length 64.|Yes|No|Persisted, Output|
-|displayName     |String|The display name for the user. Max length 256.|Yes|Yes|Persisted, Output|
+|displayName     |String|The display name for the user. Max length 256. \< \> characters aren't allowed. | Yes|Yes|Persisted, Output|
 |facsimileTelephoneNumber<sup>1</sup>|String|The telephone number of the user's business fax machine.|Yes|No|Persisted, Output|
 |givenName       |String|The given name (first name) of the user. Max length 64.|Yes|Yes|Persisted, Output|
 |jobTitle        |String|The user's job title. Max length 128.|Yes|Yes|Persisted, Output|
@@ -165,7 +166,7 @@ In user migration scenarios, if the accounts you want to migrate have weaker pas
 
 ## MFA phone number attribute
 
-When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/b2cauthenticationmethodspolicy-update), [get](/graph/api/b2cauthenticationmethodspolicy-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
+When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/phoneauthenticationmethod-update), [get](/graph/api/phoneauthenticationmethod-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).
 
 In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number is available through `strongAuthenticationPhoneNumber` claim type.
 

articles/active-directory/enterprise-users/groups-dynamic-membership.md

@@ -104,7 +104,7 @@ dirSyncEnabled |true false |user.dirSyncEnabled -eq true
 | memberOf | Any string value (valid group object ID) | user.memberof -any (group.objectId -in ['value']) |
 | mobile |Any string value or *null* | user.mobile -eq "value" |
 | objectId |GUID of the user object | user.objectId -eq "11111111-1111-1111-1111-111111111111" |
-| onPremisesDistinguishedName (preview)| Any string value or *null* | user.onPremisesDistinguishedName -eq "value" |
+| onPremisesDistinguishedName | Any string value or *null* | user.onPremisesDistinguishedName -eq "value" |
 | onPremisesSecurityIdentifier | On-premises security identifier (SID) for users who were synchronized from on-premises to the cloud. | user.onPremisesSecurityIdentifier -eq "S-1-1-11-1111111111-1111111111-1111111111-1111111" |
 | passwordPolicies |None<br>DisableStrongPassword<br>DisablePasswordExpiration<br>DisablePasswordExpiration, DisableStrongPassword | user.passwordPolicies -eq "DisableStrongPassword" |
 | physicalDeliveryOfficeName |Any string value or *null* | user.physicalDeliveryOfficeName -eq "value" |

articles/active-directory/external-identities/media/self-service-sign-up-user-flow/enable-self-service-sign-up.png

@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: B2B
 ms.topic: how-to
-ms.date: 04/26/2022
+ms.date: 10/12/2022
 
 ms.author: mimart
 author: msmimart
@@ -61,9 +61,10 @@ Next, you'll create the user flow for self-service sign-up and add it to an appl
 
    ![Add a new user flow button](media/self-service-sign-up-user-flow/new-user-flow.png)
 
-5. On the **Create** page, enter a **Name** for the user flow. Note that the name is automatically prefixed with **B2X_1_**.
-6. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
-7. Under **User attributes**, choose the attributes you want to collect from the user. For additional attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
+5. Select the user flow type (for example, **Sign up and sign in**), and then select the version (**Recommended** or **Preview**).
+6. On the **Create** page, enter a **Name** for the user flow. Note that the name is automatically prefixed with **B2X_1_**.
+7. In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. **Azure Active Directory Sign up** is selected by default. (See [Before you begin](#before-you-begin) earlier in this article to learn how to add identity providers.)
+8. Under **User attributes**, choose the attributes you want to collect from the user. For additional attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
 
    ![Create a new user flow page](media/self-service-sign-up-user-flow/create-user-flow.png)
 
@@ -86,7 +87,7 @@ You can choose order in which the attributes are displayed on the sign-up page.
 
 ## Add applications to the self-service sign-up user flow
 
-Now you can associate applications with the user flow.
+Now you'll associate applications with the user flow to enable sign-up for those applications. New users who access the associated applications will be presented with your new self-service sign-up experience.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Azure AD administrator.
 2. Under **Azure services**, select **Azure Active Directory**.
@@ -107,3 +108,4 @@ Now you can associate applications with the user flow.
 - [Add Facebook to your list of social identity providers](facebook-federation.md)
 - [Use API connectors to customize and extend your user flows via web APIs](api-connectors-overview.md)
 - [Add custom approval workflow to your user flow](self-service-sign-up-add-approvals.md)
+- [Learn more about initiating an OAuth 2.0 authorization code flow](../develop/v2-oauth2-auth-code-flow.md#request-an-authorization-code)

articles/active-directory/external-identities/media/self-service-sign-up-user-flow/new-user-flow.png

@@ -94,7 +94,7 @@ To ensure timing accuracy of scheduled workflows it’s curial to consider:
  6. Select **Add attribute**.
  7. Fill in the following information: 
      - Mapping Type: Direct
-     - Source attribute: msDS-cloudExtensionAttribute1
+     - Source attribute: extensionAttribute1
      - Default value: Leave blank
      - Target attribute: employeeHireDate
      - Apply this mapping: Always
@@ -157,4 +157,4 @@ For more information, see [How to customize a synchronization rule](../hybrid/ho
 ## Next steps
 - [What are lifecycle workflows?](what-are-lifecycle-workflows.md)
 - [Create a custom workflow using the Azure portal](tutorial-onboard-custom-workflow-portal.md)
-- [Create a Lifecycle workflow](create-lifecycle-workflow.md)
+- [Create a Lifecycle workflow](create-lifecycle-workflow.md)

articles/active-directory/external-identities/self-service-sign-up-user-flow.md

@@ -58,8 +58,8 @@ First we'll create our employee, Melva Prince.
   "displayName": "Melva Prince",
   "mailNickname": "mprince",
   "department": "sales",
-  "mail": "mpricne@<your tenant name here>",
-  "employeeHireDate": "2022-04-15T22:10:00Z"
+  "mail": "mprince@<your tenant name here>",
+  "employeeHireDate": "2022-04-15T22:10:00Z",
   "userPrincipalName": "mprince@<your tenant name here>",
   "passwordProfile" : {
     "forceChangePasswordNextSignIn": true,
@@ -84,7 +84,7 @@ Next, we'll create Britta Simon.  This is the account that will be used as our m
   "mailNickname": "bsimon",
   "department": "sales",
   "mail": "bsimon@<your tenant name here>",
-  "employeeHireDate": "2021-01-15T22:10:00Z"
+  "employeeHireDate": "2021-01-15T22:10:00Z",
   "userPrincipalName": "bsimon@<your tenant name here>",
   "passwordProfile" : {
     "forceChangePasswordNextSignIn": true,

articles/active-directory/governance/how-to-lifecycle-workflow-sync-attributes.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
-ms.date: 06/15/2022
+ms.date: 10/12/2022
 ms.subservice: hybrid
 ms.author: billmath
 
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 Group writeback allows you to write cloud groups back to your on-premises Active Directory instance by using Azure Active Directory (Azure AD) Connect sync. You can use this feature to manage groups in the cloud, while controlling access to on-premises applications and resources.  
 
 >[NOTE]
->The Group writeback functionality is currently in Public Preview. We are collecting customer feedback and telemetry. Please refer to [the limitations]([#Understand limitations of public preview](https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-group-writeback-v2#understand-limitations-of-public-preview) before you enable this funcitonality.
+>The Group writeback functionality is currently in Public Preview as we are collecting customer feedback and telemetry. Please refer to [the limitations](https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-group-writeback-v2#understand-limitations-of-public-preview) before you enable this functionality.
 
 
 There are two versions of group writeback. The original version is in general availability and is limited to writing back Microsoft 365 groups to your on-premises Active Directory instance as distribution groups. The new, expanded version of group writeback is in public preview and enables the following capabilities:  
@@ -121,8 +121,8 @@ If you plan to make changes to the default behavior, we recommend that you do so
 
 ## Understand limitations of public preview  
 
-Although this release has undergone extensive testing, you might still encounter issues. One of the goals of this public preview release is to find and fix any issues before the feature moves to general availability. Please also note that any public preview functionality can still receive breaking changes which may require you to make changes to you configuration to continue using this feature. We may also decide to change certain functionality without prior notice.
-Microsoft provides support for this public preview release, but it might not be able to immediately fix issues that you encounter. For these reasons, we recommend that you do not deploy this release in your production environment. 
+Although this release has undergone extensive testing, you might still encounter issues. One of the goals of this public preview release is to find and fix any issues before the feature moves to general availability. Please also note that any public preview functionality can still receive breaking changes which may require you to make changes to you configuration to continue using this feature. We may also decide to change or remove certain functionality without prior notice.
+Microsoft provides support for this public preview release, but we might not be able to immediately fix issues that you encounter. For these reasons, we recommend that you do not deploy this release in your production environment. 
 
 These limitations and known issues are specific to group writeback: 
 

articles/active-directory/governance/tutorial-prepare-azure-ad-user-accounts.md

@@ -369,7 +369,7 @@ This enables an OIDC Issuer URL of the provider which allows the API server to d
 
 ### Prerequisites
 
-* The Azure CLI version 2.42.0 or higher. Run `az --version` to find your version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
+* The Azure CLI version 2.40.0 or higher. Run `az --version` to find your version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
 * AKS version 1.22 and higher. If your cluster is running version 1.21 and the OIDC Issuer preview is enabled, we recommend you upgrade the cluster to the minimum required version supported.
 
 ### Create an AKS cluster with OIDC Issuer