Merge pull request #51111 from wwlpublish/b0c67b7f93b8007a757ece3715f23dfc52a7087020481635f12fb53ee3418090-live

 Modules/M02-authentication-microsoft-authentication-library

Author: AnnaMHuff

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 07/16/2024
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/2-microsoft-authentication-library-overview.yml

@@ -4,13 +4,12 @@ title: Explore the Microsoft Authentication Library
 metadata:
   title: Explore the Microsoft Authentication Library
   description: "Explore the Microsoft Authentication Library"
-  ms.date: 07/16/2024
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit
   ms.custom:
-    - sfi-ropc-nochange
-    - N/A
+  - N/A
 durationInMinutes: 3
 content: |
   [!include[](includes/2-microsoft-authentication-library-overview.md)]

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/3-initialize-client-applications.yml

@@ -4,7 +4,7 @@ title: Initialize client applications
 metadata:
   title: Initialize client applications
   description: "Initialize client applications"
-  ms.date: 07/16/2024
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/4-interactive-authentication-msal.yml

@@ -1,15 +1,15 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.implement-authentication-by-using-microsoft-authentication-library.exercise-implement-interactive-msal-net
-title: Exercise - Implement interactive authentication by using MSAL.NET
+title: Exercise - Implement interactive authentication with MSAL.NET
 metadata:
-  title: Exercise - Implement interactive authentication by using MSAL.NET
-  description: "Exercise - Implement interactive authentication by using MSAL.NET"
-  ms.date: 07/16/2024
+  title: Exercise - Implement interactive authentication with MSAL.NET
+  description: "Exercise - Implement interactive authentication with MSAL.NET"
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit
   ms.custom:
   - N/A
-durationInMinutes: 10
+durationInMinutes: 15
 content: |
   [!include[](includes/4-interactive-authentication-msal.md)]

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/5-knowledge-check.yml

@@ -4,13 +4,12 @@ title: Module assessment
 metadata:
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 07/16/2024
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit
   ms.custom:
   - N/A
-  module_assessment: true
 durationInMinutes: 3
 quiz:
   title: "Check your knowledge"

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/6-summary.yml

@@ -4,7 +4,7 @@ title: Summary
 metadata:
   title: Summary
   description: "Summary"
-  ms.date: 07/16/2024
+  ms.date: 06/26/2025
   author: wwlpublish
   ms.author: jeffko
   ms.topic: unit

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/includes/1-introduction.md

@@ -5,4 +5,4 @@ After completing this module, you'll be able to:
 * Explain the benefits of using MSAL and the application types and scenarios it supports
 * Instantiate both public and confidential client apps from code
 * Register an app with the Microsoft identity platform
-* Create an app that retrieves a token by using the MSAL.NET library
+* Create an app that retrieves a token with the MSAL.NET SDK

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/includes/2-microsoft-authentication-library-overview.md

@@ -1,4 +1,4 @@
-The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API MSAL supports many different application architectures and platforms including .NET, JavaScript, Java, Python, Android, and iOS.
+The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL supports many different application architectures and platforms including .NET, JavaScript, Java, Python, Android, and iOS.
 
 MSAL gives you many ways to get tokens, with a consistent API for many platforms. Using MSAL provides the following benefits:
 

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/includes/3-initialize-client-applications.md

@@ -1,12 +1,12 @@
 With MSAL.NET 3.x, the recommended way to instantiate an application is by using the application builders: `PublicClientApplicationBuilder` and `ConfidentialClientApplicationBuilder`. They offer a powerful mechanism to configure the application either from the code, or from a configuration file, or even by mixing both approaches.
 
-Before initializing an application, you first need to register it so that your app can be integrated with the Microsoft identity platform.  After registration, you may need the following information (which can be found in the Azure portal):
+Before initializing an application, you first need to register it so that your app can be integrated with the Microsoft identity platform. After registration, you might need the following information (which can be found in the Azure portal):
 
 * **Application (client) ID** - This is a string representing a GUID.
 * **Directory (tenant) ID** - Provides identity and access management (IAM) capabilities to applications and resources used by your organization. It can specify if you're writing a line of business application solely for your organization (also named single-tenant application).
 * The identity provider URL (named the **instance**) and the sign-in audience for your application. These two parameters are collectively known as the authority.
 * **Client credentials** - which can take the form of an application secret (client secret string) or certificate (of type `X509Certificate2`) if it's a confidential client app.
-* For web apps, and sometimes for public client apps (in particular when your app needs to use a broker), you need to set the **Redirect URI** where the identity provider will contact back your application with the security tokens.
+* For web apps, and sometimes for public client apps (in particular when your app needs to use a broker), you need to set the **Redirect URI** where the identity provider sends the security token back to your application.
 
 ## Initializing public and confidential client applications from code
 

learn-pr/wwl-azure/implement-authentication-by-using-microsoft-authentication-library/includes/4-interactive-authentication-msal.md

@@ -1,169 +1,30 @@
-In this exercise you learn how to perform the following actions:
+In this exercise, you register an application in Microsoft Entra ID, then create a .NET console application that uses MSAL.NET to perform interactive authentication and acquire an access token for Microsoft Graph. You learn how to configure authentication scopes, handle user consent, and see how tokens are cached for subsequent runs. 
 
-* Register an application with the Microsoft identity platform
-* Use the `PublicClientApplicationBuilder` class in MSAL.NET
-* Acquire a token interactively in a console application
-
-## Prerequisites
-
-* An **Azure account** with an active subscription. If you don't already have one, you can sign up for a free trial at [https://azure.com/free](https://azure.com/free)
-* **Visual Studio Code**: You can install Visual Studio Code from [https://code.visualstudio.com](https://code.visualstudio.com/).
-* A version of the .NET SDK [https://dotnet.microsoft.com/download/dotnet](https://dotnet.microsoft.com/en-us/download/dotnet) (6.0, 7.0, or 8.0) 
-
-## Register a new application
-
-1. Sign in to the portal: [https://portal.azure.com](https://portal.azure.com) 
-
-1. Search for and select **Microsoft Entra ID**. 
-
-1. Under **Manage**, select **App registrations** > **New registration**.
-
-1. When the **Register an application** page appears, enter your application's registration information:
-
-    | Field | Value |
-    |--|--|
-    | **Name** | `az204appreg` |
-    | **Supported account types** | Select **Accounts in this organizational directory only** |
-    | **Redirect URI (optional)** | Select **Public client/native (mobile & desktop)** and enter `http://localhost` in the box to the right. |
-
-1. Select **Register**.
-
-Microsoft Entra ID assigns a unique application (client) ID to your app, and you're taken to your application's **Overview** page. 
-
-## Set up the console application
-
-1. Launch Visual Studio Code and open a terminal by selecting **Terminal** and then **New Terminal**.
-
-1. Create a folder for the project and change in to the folder.
-
-    ```ps
-    md az204-auth
-    cd az204-auth
-    ```
-
-1. Create the .NET console app.
-
-    ```ps
-    dotnet new console
-    ```
-
-1. Open the *az204-auth* folder in Visual Studio Code.
-
-    ```ps
-    code . -r
-    ```
-
-## Build the console app
-
-In this section, you add the necessary packages and code to the project.
-
-### Add packages and using statements
+Tasks performed in this exercise:
 
-1. Add the `Microsoft.Identity.Client` package to the project in a terminal in Visual Studio Code.
-
-    ```ps
-    dotnet add package Microsoft.Identity.Client
-    ```
-
-2. Open the *Program.cs* file and add `using` statements to include `Microsoft.Identity.Client` and to enable async operations.
-
-    ```csharp
-    using System.Threading.Tasks;
-    using Microsoft.Identity.Client;
-    ```
-
-3. Change the Main method to enable async.
-
-    ```csharp
-    public static async Task Main(string[] args)
-    ```
-
-### Add code for the interactive authentication
-
-1. You need two variables to hold the Application (client) and Directory (tenant) IDs. You can copy those values from the portal. Add the following code and replace the string values with the appropriate values from the portal.
-
-    ```csharp
-    private const string _clientId = "APPLICATION_CLIENT_ID";
-    private const string _tenantId = "DIRECTORY_TENANT_ID";
-    ```
-
-2. Use the `PublicClientApplicationBuilder` class to build out the authorization context.
-
-    ```csharp
-    var app = PublicClientApplicationBuilder
-        .Create(_clientId)
-        .WithAuthority(AzureCloudInstance.AzurePublic, _tenantId)
-        .WithRedirectUri("http://localhost")
-        .Build();
-    ```
-
-    Code | Description
-    | - | - |
-    `.Create` | Creates a `PublicClientApplicationBuilder` from a clientID.
-    `.WithAuthority` | Adds a known Authority corresponding to an ADFS server. In the code we're specifying the Public cloud, and using the tenant for the app we registered.
-
-### Acquire a token
-
-When you registered the *az204appreg* app, it automatically generated an API permission `user.read` for Microsoft Graph. You use that permission to acquire a token.
-
-1. Set the permission scope for the token request. Add the following code below the `PublicClientApplicationBuilder`.
-
-    ```csharp
-    string[] scopes = { "user.read" };
-    ```
-
-1. Add code to request the token and write the result out to the console.
-
-    ```csharp
-    AuthenticationResult result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
-
-    Console.WriteLine($"Token:\t{result.AccessToken}");
-    ```
-
-## Review completed application
-
-The contents of the *Program.cs* file should resemble the following example:
-
-```csharp
-using System;
-using System.Threading.Tasks;
-using Microsoft.Identity.Client;
+* Register an application with the Microsoft identity platform
+* Create a .NET console app that implements the  **PublicClientApplicationBuilder** class to configure authentication.
+* Acquire a token interactively using the **user.read** Microsoft Graph permission.
 
-namespace az204_auth
-{
-    class Program
-    {
-        private const string _clientId = "APPLICATION_CLIENT_ID";
-        private const string _tenantId = "DIRECTORY_TENANT_ID";
+This exercise takes approximately **15** minutes to complete.
 
-        public static async Task Main(string[] args)
-        {
-            var app = PublicClientApplicationBuilder
-                .Create(_clientId)
-                .WithAuthority(AzureCloudInstance.AzurePublic, _tenantId)
-                .WithRedirectUri("http://localhost")
-                .Build(); 
-            string[] scopes = { "user.read" };
-            AuthenticationResult result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
+## Before you start
 
-            Console.WriteLine($"Token:\t{result.AccessToken}");
-        }
-    }
-}
-```
+To complete the exercise, you need:
 
-## Run the application
+* An Azure subscription. If you don't already have one, you can sign up for one [https://azure.microsoft.com/](https://azure.microsoft.com/).
 
-1. In the Visual Studio Code terminal run `dotnet build` to check for errors, then `dotnet run` to run the app. 
+## Get started
 
-1. The app opens the default browser prompting you to select the account you want to authenticate with. If there are multiple accounts listed select the one associated with the tenant used in the app.
+Select the **Launch Exercise** button to open the exercise instructions in a new browser window. When you're finished with the exercise, return here to:
 
-1. If this is the first time you've authenticated to the registered app you receive a **Permissions requested** notification asking you to approve the app to read data associated with your account. Select **Accept**.
+> [!div class="checklist"]
+> * Complete the module
+> * Earn a badge for completing this module
 
-    :::image type="content" source="../media/permission-consent.png" alt-text="Select **Accept** to grant the permission.":::    
+<br/>
 
-1. You should see the results similar to the example below in the console.
+<a href="https://go.microsoft.com/fwlink/?linkid=2325009" target="_blank">
+    <img src="../media/launch-exercise.png" alt="Button to launch exercise.">
+</a>
 
-    ```
-    Token:  eyJ0eXAiOiJKV1QiLCJub25jZSI6IlVhU.....
-    ```