Merge branch 'main' into release-updatecenterv2-publicpreview

.openpublishing.redirection.json

@@ -943,6 +943,11 @@
       "redirect_url": "/azure/frontdoor/front-door-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/frontdoor/standard-premium/how-to-configure-endpoint-manager.md",
+      "redirect_url": "/azure/frontdoor/how-to-configure-endpoints",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/app-service-web/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database.md",
       "redirect_url": "/aspnet/core/security/authorization/secure-data",

articles/active-directory-b2c/custom-policy-developer-notes.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/30/2022 
+ms.date: 12/09/2021
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -156,7 +156,7 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 | ------- | :--: | ----- |
 | [MFA using time-based one-time password (TOTP) with authenticator apps](multi-factor-authentication.md#verification-methods) | Preview |  Users can use any authenticator app that supports TOTP verification, such as the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app).|
 | [Phone factor authentication](phone-factor-technical-profile.md) | GA |  |
-| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | GA |  |
+| [Azure AD MFA authentication](multi-factor-auth-technical-profile.md) | Preview |  |
 | [One-time password](one-time-password-technical-profile.md) | GA |  |
 | [Azure Active Directory](active-directory-technical-profile.md) as local directory | GA |  |
 | [Predicate validations](predicates.md) | GA | For example, password complexity. |
@@ -168,8 +168,8 @@ The following table summarizes the Security Assertion Markup Language (SAML) app
 | Feature | Custom policy | Notes |
 | ------- | :--: | ----- |
 | Azure portal | GA |   |
-| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | GA | Used for troubleshooting during development.  |
-| [Application Insights event logs](analytics-with-application-insights.md) | GA | Used to monitor user flows in production. |
+| [Application Insights user journey logs](troubleshoot-with-application-insights.md) | Preview | Used for troubleshooting during development.  |
+| [Application Insights event logs](analytics-with-application-insights.md) | Preview | Used to monitor user flows in production. |
 
 ## Responsibilities of custom policy feature-set developers
 

articles/active-directory-b2c/deploy-custom-policies-devops.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/30/2022 
+ms.date: 03/25/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---

articles/active-directory-b2c/multi-factor-auth-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/30/2022 
+ms.date: 12/09/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -18,6 +18,8 @@ ms.subservice: B2C
 
 Azure Active Directory B2C (Azure AD B2C) provides support for verifying a phone number by using a verification code, or verifying a Time-based One-time Password (TOTP) code.
 
+[!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
+
 ## Protocol
 
 The **Name** attribute of the **Protocol** element needs to be set to `Proprietary`. The **handler** attribute must contain the fully qualified name of the protocol handler assembly that is used by Azure AD B2C:
@@ -166,9 +168,9 @@ The following example shows an Azure AD MFA technical profile used to verify the
 
 In this mode, the user is required to install any authenticator app that supports time-based one-time password (TOTP) verification, such as the [Microsoft Authenticator app](https://www.microsoft.com/security/mobile-authenticator-app), on a device that they own. 
 
-During the first sign up or sign in, the user scans a QR code, opens a deep link, or enters the code manually using the authenticator app. To verify the TOTP code, use the [Begin verify OTP](#begin-verify-totp) followed by [Verify TOTP](#verify-totp) validation technical profiles.
+During the first sign-up or sign-in, the user scans a QR code, opens a deep link, or enters the code manually using the authenticator app. To verify the TOTP code, use the [Begin verify OTP](#begin-verify-totp) followed by [Verify TOTP](#verify-totp) validation technical profiles.
 
-For subsequent sign ins, use the [Get available devices](#get-available-devices) method to check if the user has already enrolled their device. If the number of available devices is greater than zero, this indicates the user has enrolled before. In this case, the user needs to type the TOTP code that appears in the authenticator app.
+For subsequent sign-ins, use the [Get available devices](#get-available-devices) method to check if the user has already enrolled their device. If the number of available devices is greater than zero, this indicates the user has enrolled before. In this case, the user needs to type the TOTP code that appears in the authenticator app.
 
 The technical profile:
 

articles/active-directory-b2c/self-asserted-technical-profile.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/30/2022 
+ms.date: 02/17/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -50,6 +50,8 @@ In a self-asserted technical profile, you can use the **InputClaims** and **Inpu
 
 ## Display claims
 
+The display claims feature is currently in **preview**.
+
 The **DisplayClaims** element contains a list of claims to be presented on the screen for collecting data from the user. To prepopulate the values of display claims, use the input claims that were previously described. The element may also contain a default value.
 
 The order of the claims in **DisplayClaims** specifies the order in which Azure AD B2C renders the claims on the screen. To force the user to provide a value for a specific claim, set the **Required** attribute of the **DisplayClaim** element to `true`.
@@ -131,7 +133,7 @@ Use output claims when:
 - **Claims are output by output claims transformation**.
 - **Setting a default value in an output claim** without collecting data from the user or returning the data from the validation technical profile. The `LocalAccountSignUpWithLogonEmail` self-asserted technical profile sets the **executed-SelfAsserted-Input** claim to `true`.
 - **A validation technical profile returns the output claims** - Your technical profile may call a validation technical profile that returns some claims. You may want to bubble up the claims and return them to the next orchestration steps in the user journey. For example, when signing in with a local account, the self-asserted technical profile named `SelfAsserted-LocalAccountSignin-Email` calls the validation technical profile named `login-NonInteractive`. This technical profile validates the user credentials and also returns the user profile. Such as 'userPrincipalName', 'displayName', 'givenName' and 'surName'.
-- **A display control returns the output claims** - Your technical profile may have a reference to a [display control](display-controls.md). The display control returns some claims, such as the verified email address. You may want to bubble up the claims and return them to the next orchestration steps in the user journey.
+- **A display control returns the output claims** - Your technical profile may have a reference to a [display control](display-controls.md). The display control returns some claims, such as the verified email address. You may want to bubble up the claims and return them to the next orchestration steps in the user journey. The display control feature is currently in **preview**.
 
 The following example demonstrates the use of a self-asserted technical profile that uses both display claims and output claims.
 

articles/active-directory-b2c/technicalprofiles.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 04/30/2022
+ms.date: 11/30/2021
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -99,7 +99,7 @@ The **TechnicalProfile** element contains the following elements:
 | InputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed before any claims are sent to the claims provider or the relying party. |
 | InputClaims | 0:1 | A list of previously defined references to claim types that are taken as input in the technical profile. |
 | PersistedClaims | 0:1 | A list of previously defined references to claim types that will be persisted by the technical profile. |
-| DisplayClaims | 0:1 | A list of previously defined references to claim types that are presented by the [self-asserted technical profile](self-asserted-technical-profile.md). |
+| DisplayClaims | 0:1 | A list of previously defined references to claim types that are presented by the [self-asserted technical profile](self-asserted-technical-profile.md). The DisplayClaims feature is currently in preview. |
 | OutputClaims | 0:1 | A list of previously defined references to claim types that are taken as output in the technical profile. |
 | OutputClaimsTransformations | 0:1 | A list of previously defined references to claims transformations that should be executed after the claims are received from the claims provider. |
 | ValidationTechnicalProfiles | 0:n | A list of references to other technical profiles that the technical profile uses for validation purposes. For more information, see [Validation technical profile](validation-technical-profile.md).|

articles/active-directory-b2c/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Azure Active Directory business-to-customer (B2C)"
 description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)."
-ms.date: 05/04/2022
+ms.date: 04/04/2022
 ms.service: active-directory
 ms.subservice: B2C
 ms.topic: reference
@@ -15,29 +15,6 @@ manager: CelesteDG
 
 Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md).
 
-## April 2022
-
-### New articles
-
-- [Configure Asignio with Azure Active Directory B2C for multifactor authentication](partner-asignio.md)
-- [Set up sign up and sign in with Mobile ID using Azure Active Directory B2C](identity-provider-mobile-id.md)
-- [Find help and open a support ticket for Azure Active Directory B2C](find-help-open-support-ticket.md)
-
-### Updated articles
-
-- [Configure authentication in a sample single-page application by using Azure AD B2C](configure-authentication-sample-spa-app.md)
-- [Configure xID with Azure Active Directory B2C for passwordless authentication](partner-xid.md)
-- [Azure Active Directory B2C service limits and restrictions](service-limits.md)
-- [Localization string IDs](localization-string-ids.md)
-- [Manage your Azure Active Directory B2C tenant](tenant-management.md)
-- [Page layout versions](page-layout.md)
-- [Secure your API used an API connector in Azure AD B2C](secure-rest-api.md)
-- [Azure Active Directory B2C: What's new](whats-new-docs.md)
-- [Application types that can be used in Active Directory B2C](application-types.md)
-- [Publish your Azure Active Directory B2C app to the Azure Active Directory app gallery](publish-app-to-azure-ad-app-gallery.md)
-- [Quickstart: Set up sign in for a desktop app using Azure Active Directory B2C](quickstart-native-app-desktop.md)
-- [Register a single-page application (SPA) in Azure Active Directory B2C](tutorial-register-spa.md)
-
 ## March 2022
 
 ### New articles

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -0,0 +1,120 @@
+---
+title: Complex applications for Azure Active Directory Application Proxy
+description: Provides an understanding of complex application in Azure Active Directory Application Proxy, and how to configure one. 
+services: active-directory
+author: kenwith
+manager: karenhoran
+ms.service: active-directory
+ms.subservice: app-proxy
+ms.workload: identity
+ms.topic: how-to
+ms.date: 04/22/2022
+ms.author: dhruvinshah
+ms.reviewer: dhruvinshah
+---
+
+# Understanding Azure Active Directory Application Proxy Complex application scenario (Preview)
+
+When applications are made up of multiple individual web application using different domain suffixes or different ports or paths in the URL, the individual web application instances must be published in separate Azure AD Application Proxy apps and the following problems might arise:
+1.	Pre-authentication- The client must separately acquire an access token or cookie for each Azure AD Application Proxy app. This might lead to additional redirects to login.microsoftonline.com and CORS issues.
+2.	CORS issues- Cross-origin resource sharing calls (OPTIONS request) might be triggered to validate if the caller web app is allowed to access the URL of the targeted web app. These will be blocked by the Azure AD Application Proxy Cloud service, since these requests cannot contain authentication information.
+3.	Poor app management- Multiple enterprise apps are created to enable access to a private app adding friction to the app management experience.
+
+The following figure shows an example for complex application domain structure.
+
+![Diagram of domain structure for a complex application showing resource sharing between primary and secondary application.](./media/application-proxy-configure-complex-application/complex-app-structure.png)
+
+With [Azure AD Application Proxy](application-proxy.md), you can address this issue by using complex application publishing that is made up of multiple URLs across various domains. 
+
+![Diagram of a Complex application with multiple application segments definition.](./media/application-proxy-configure-complex-application/complex-app-flow.png)
+
+A complex app has multiple app segments, with each app segment being a pair of an internal & external URL.
+There is one conditional access policy associated with the app and access to any of the external URLs work with pre-authentication with the same set of policies that are enforced for all.
+
+This solution that allows user to:
+
+- by successfully authenticating 
+- not being blocked by CORS errors
+- including those that uses different domain suffixes or different ports or paths in the URL internally
+
+This article provides you with the information you need to configure wildcard application publishing in your environment.
+
+## Characteristics of application segment(s) for complex application. 
+1. Application segments can be configured only for a wildcard application.
+2. External and alternate URL should match the wildcard external and alternate URL domain of the application respectively.
+3. Application segment URL’s (internal and external) need to maintain uniqueness across complex applications.
+4. CORS Rules (optional) can be configured per application segment.
+5. Access will only be granted to defined application segments for a complex application.
+    - Note - If all application segments are deleted, a complex application will behave as a wildcard application opening access to all valid URL by specified domain. 
+6. You can have an internal URL defined both as an application segment and a regular application.
+    - Note - Regular application will always take precedence over a complex app (wildcard application).
+
+## Pre-requisites
+Before you get started with single sign-on for header-based authentication apps, make sure your environment is ready with the following settings and configurations:
+- You need to enable Application Proxy and install a connector that has line of site to your applications. See the tutorial [Add an on-premises application for remote access through Application Proxy](application-proxy-add-on-premises-application.md#add-an-on-premises-app-to-azure-ad) to learn how to prepare your on-premises environment, install and register a connector, and test the connector.
+
+
+## Configure application segment(s) for complex application. 
+
+To configure (and update) Application Segments for a complex app using the API, you first [create a wildcard application](application-proxy-wildcard.md#create-a-wildcard-application), and then update the application's onPremisesPublishing property to configure the application segments and respective CORS settings.
+
+> [!NOTE]
+> One application segment is supported in preview. Support for multiple application segment to be announced soon.
+
+If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
+## Example
+
+##### Request
+Here is an example of the request.
+
+
+```http
+PATCH https://graph.microsoft.com/beta/applications/{<object-id-of--the-complex-app}
+Content-type: application/json
+
+{
+    "onPremisesPublishing": {
+		"onPremisesApplicationSegments": [
+			{
+				"externalUrl": "https://home.contoso.net/",
+				"internalUrl": "https://home.test.com/",
+				"alternateUrl": "",
+				"corsConfigurations": []
+			},
+			{
+				"externalUrl": "https://assets.constoso.net/",
+				"internalUrl": "https://assets.test.com",
+				"alternateUrl": "",
+				"corsConfigurations": [
+					{
+						"resource": "/",
+						"allowedOrigins": [
+							"https://home.contoso.net/"
+						],
+						"allowedHeaders": [
+							"*"
+						],
+						"allowedMethods": [
+							"*"
+						],
+						"maxAgeInSeconds": 0
+					}
+				]
+			}	
+		]
+	}
+}
+
+```
+##### Response
+
+```http
+HTTP/1.1 204 No Content
+```
+
+
+## See also
+- [Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory](../app-proxy/application-proxy-add-on-premises-application.md) 
+- [Plan an Azure AD Application Proxy deployment](application-proxy-deployment-plan.md) 
+- [Remote access to on-premises applications through Azure Active Directory Application Proxy](application-proxy.md)
+- [Understand and solve Azure Active Directory Application Proxy CORS issues](application-proxy-understand-cors-issues.md)

articles/active-directory/develop/TOC.yml

@@ -102,6 +102,7 @@
             - name: App sign-in flow
               href: app-sign-in-flow.md
             - name: Support passwordless authentication
+              href: support-fido2-authentication.md
         - name: Protect and access APIs
           items:
             - name: Restrict your app to a set of users

articles/active-directory/develop/msal-net-migration-public-client.md

@@ -3,15 +3,15 @@ title: Migrate public client applications to MSAL.NET
 titleSuffix: Microsoft identity platform
 description: Learn how to migrate a public client application from Azure Active Directory Authentication Library for .NET to Microsoft Authentication Library for .NET.
 services: active-directory
-author: sahmalik
+author: CelesteDG
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: how-to
 ms.workload: identity
 ms.date: 08/31/2021
-ms.author: sahmalik
+ms.author: celested
 ms.reviewer: saeeda, shermanouko, jmprieur
 ms.custom: "devx-track-csharp, aaddev, has-adal-ref"
 #Customer intent: As an application developer, I want to migrate my public client app from ADAL.NET to MSAL.NET.

articles/active-directory/develop/msal-python-adfs-support.md

@@ -3,15 +3,15 @@ title: Azure AD FS support (MSAL Python)
 titleSuffix: Microsoft identity platform
 description: Learn about Active Directory Federation Services (AD FS) support in the Microsoft Authentication Library for Python
 services: active-directory
-author: abhidnya13    
+author: CelesteDG    
 manager: CelesteDG
 
 ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
 ms.date: 11/23/2019
-ms.author: abpati
+ms.author: celested
 ms.reviewer: nacanuma
 ms.custom: aaddev, devx-track-python, has-adal-ref
 #Customer intent: As an application developer, I want to learn about AD FS support in MSAL for Python so I can decide if this platform meets my application development needs and requirements.