SFI - Remediate ROPC and implicit grant flow

kengaderdus · kengaderdus · commit fd3269f560be · 2024-10-08T15:44:39.000+03:00
diff --git a/articles/active-directory-b2c/application-types.md b/articles/active-directory-b2c/application-types.md
@@ -5,10 +5,9 @@ description: Learn about the types of applications you can use with Azure Active
 
 author: kengaderdus
 manager: CelesteDG
-ms.service: active-directory
+ms.service: azure-active-directory
 ms.topic: concept-article
 ms.date: 10/11/2024
-ms.author: kengaderdus
 ms.subservice: B2C
 
 
diff --git a/articles/active-directory-b2c/partner-asignio.md b/articles/active-directory-b2c/partner-asignio.md
@@ -6,7 +6,7 @@ author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 10/03/2024
+ms.date: 10/11/2024
 ms.author: gasinh
 ms.reviewer: kengaderdus
 ms.subservice: B2C
@@ -95,12 +95,10 @@ Learn more: [Application types that can be used in Active Directory B2C](applica
 
 For this tutorial, you're registering  `https://jwt.ms`, a Microsoft web application with decoded token contents that don't leave your browser.
 
-### Register a web application and enable ID token implicit grant
+### Register a web application
 
-Complete [Tutorial: Register a web application in Azure Active Directory B2C](tutorial-register-applications.md?tabs=app-reg-ga)
+Complete the steps in [Tutorial: Register a web application in Azure Active Directory B2C](tutorial-register-applications.md?tabs=app-reg-ga) article.
 
->[!NOTE]
->Enable implicit flow only for testing purposes. Don’t enable implicit flow in production.
 
 ## Configure Asignio as an identity provider in Azure AD B2C
 
diff --git a/articles/active-directory-b2c/partner-itsme.md b/articles/active-directory-b2c/partner-itsme.md
@@ -5,10 +5,9 @@ description: Learn how to integrate Azure AD B2C authentication with itsme OIDC
 
 author: gargi-sinha
 manager: martinco
-ms.service: active-directory
+ms.service: azure-active-directory
 ms.topic: how-to
 ms.date: 10/11/2024
-ms.author: kengaderdus
 ms.subservice: B2C
 
 
diff --git a/articles/active-directory-b2c/partner-trusona.md b/articles/active-directory-b2c/partner-trusona.md
@@ -6,7 +6,7 @@ author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 10/03/2024
+ms.date: 10/11/2024
 ms.author: gasinh
 ms.subservice: B2C
 zone_pivot_groups: b2c-policy-type
@@ -110,18 +110,22 @@ To register a web application in your Azure AD B2C tenant, use our new unified a
 1. Select **Register**.
 
 ### Enable ID token implicit grant
-If you register this app and configure it with `https://jwt.ms/` app for testing a user flow or custom policy, you need to enable the implicit grant flow in the app registration:
 
-1. In the left menu, under **Manage**, select **Authentication**.
+You can enable implicit grant flow to use this app registration to [test a user flow for testing purposes](add-sign-up-and-sign-in-policy.md?pivots=b2c-user-flow#test-the-user-flow).
 
-1. Under **Implicit grant and hybrid flows**, select **ID tokens (used for implicit and hybrid flows)** check boxes.
+1. Select the app registration you created.
+
+1. Under **Manage**, select **Authentication**.
+
+1. Under **Implicit grant and hybrid flows**, select both the **Access tokens (used for implicit flows)** and **ID tokens (used for implicit and hybrid flows)** check boxes.
 
 1. Select **Save**.
 
-::: zone pivot="b2c-user-flow"
 
->[!NOTE]
->Enable implicit flow only for testing purposes. Don’t enable implicit flow in production.
+> [!NOTE]
+> If you enable implicit grant to test a user flow, make sure you disable the implicit grant flow settings before you deploy your app to production.
+
+::: zone pivot="b2c-user-flow"
 
 ## Step 3: Configure Trusona Authentication Cloud as an IdP in Azure AD B2C
 
diff --git a/articles/active-directory-b2c/partner-xid.md b/articles/active-directory-b2c/partner-xid.md
@@ -6,7 +6,7 @@ author: gargi-sinha
 manager: martinco
 ms.service: active-directory
 ms.topic: how-to
-ms.date: 10/03/2024
+ms.date: 10/11/2024
 ms.author: gasinh
 ms.subservice: B2C
 
@@ -74,12 +74,9 @@ Learn more: [Application types that can be used in Active Directory B2C](applica
 
 For testing, you register `https://jwt.ms`, a Microsoft web application with decoded token contents, which don't leave your browser.
 
-### Register a web application and enable ID token implicit grant
+### Register a web application
 
-Complete [Tutorial: Register a web application in Azure AD B2C](tutorial-register-applications.md?tabs=app-reg-ga) 
-
->[!NOTE]
->Enable implicit flow only for testing purposes. Don’t enable implicit flow in production.
+Complete the steps in [Tutorial: Register a web application in Azure Active Directory B2C](tutorial-register-applications.md?tabs=app-reg-ga) article.
 
 <a name='create-a-xid-policy-key'></a>
 
