Merge branch 'main' of https://github.com/zhiyuanliang-ms/azure-docs-pr into zhiyuanliang/add-feature-reference

Author: zhiyuanliang-ms

Diff for: .openpublishing.redirection.json

@@ -169,7 +169,7 @@ A claim provides temporary storage of data during an Azure AD B2C policy executi
 </ClaimType>
 ```
 ## Add the RESTful API technical profile 
-A [Restful technical profile](restful-technical-profile.md) provides support for interfacing with your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element in your <em>**`TrustFrameworkExtensions.xml`**</em> file and add a new claims provider as follows:
+A [RESTful technical profile](restful-technical-profile.md) provides support for interfacing with your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element in your <em>**`TrustFrameworkExtensions.xml`**</em> file and add a new claims provider as follows:
 ```xml
 <ClaimsProvider>
   <DisplayName>REST APIs</DisplayName>

Diff for: articles/active-directory-b2c/add-api-connector-token-enrichment.md

@@ -442,7 +442,7 @@ A claim provides temporary storage of data during an Azure AD B2C policy executi
 
 ## Add the RESTful API technical profile 
 
-A [Restful technical profile](restful-technical-profile.md) provides support for interfacing to your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element and add a new claims provider as follows:
+A [RESTful technical profile](restful-technical-profile.md) provides support for interfacing to your own RESTful service. Azure AD B2C sends data to the RESTful service in an `InputClaims` collection and receives data back in an `OutputClaims` collection. Find the **ClaimsProviders** element and add a new claims provider as follows:
 
 ```xml
 <ClaimsProvider>

Diff for: articles/active-directory-b2c/add-api-connector.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 11/27/2023
+ms.date: 11/27/2024
 ms.author: godonnell
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type

Diff for: articles/active-directory-b2c/add-password-reset-policy.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 03/22/2024
+ms.date: 01/10/2025
 ms.author: godonnell
 ms.subservice: b2c
 ms.custom: "b2c-support"

Diff for: articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md

@@ -62,7 +62,7 @@ The following diagram describes the app registrations and the app architecture.
 Before you follow the procedures in this article, make sure that your computer is running:
 
 * [Visual Studio Code](https://code.visualstudio.com/) or any other code editor.
-* [Node.js runtime](https://nodejs.org/en/download/) and [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/).
+* [Node.js runtime](https://nodejs.org/en/download/package-manager/) and [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/).
 * [Angular CLI](https://angular.io/cli).
 
 ## Step 1: Configure your user flow

Diff for: articles/active-directory-b2c/configure-authentication-sample-angular-spa-app.md

@@ -62,7 +62,7 @@ The following diagram describes the app registrations and the app architecture.
 Before you follow the procedures in this article, make sure that your computer is running:
 
 * [Visual Studio Code](https://code.visualstudio.com/) or another code editor.
-* [Node.js runtime](https://nodejs.org/en/download/) and [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/). To test that you have Node.js and npm correctly installed on your machine, you can type `node --version` and `npm --version` in a terminal or command prompt.
+* [Node.js runtime](https://nodejs.org/en/download/package-manager/) and [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/). To test that you have Node.js and npm correctly installed on your machine, you can type `node --version` and `npm --version` in a terminal or command prompt.
 
 ## Step 1: Configure your user flow
 

Diff for: articles/active-directory-b2c/configure-authentication-sample-react-spa-app.md

@@ -60,7 +60,7 @@ The app architecture and registrations are illustrated in the following diagram:
 A computer that's running:
 
 * [Visual Studio Code](https://code.visualstudio.com/), or another code editor.
-* [Node.js runtime](https://nodejs.org/en/download/)
+* [Node.js runtime](https://nodejs.org/en/download/package-manager/)
 
 ## Step 1: Configure your user flow
 

Diff for: articles/active-directory-b2c/configure-authentication-sample-spa-app.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 12/13/2023
+ms.date: 12/13/2024
 ms.author: godonnell
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type

Diff for: articles/active-directory-b2c/configure-user-input.md

@@ -508,6 +508,6 @@ After the policy finishes execution, you're redirected to `https://jwt.ms`, and
 
 Next, learn:
 
-- About [types of Technical Profiles](technicalprofiles.md#types-of-technical-profiles) in Azure AD B2C's custom policies. 
+- About the [types of Technical Profiles](technicalprofiles.md#types-of-technical-profiles) in Azure AD B2C's custom policies. 
 
-- How to [Validate user inputs by using custom policy](custom-policies-series-validate-user-input.md).
+- How to [Validate user inputs by using custom policy](custom-policies-series-validate-user-input.md).

Diff for: articles/active-directory-b2c/custom-policies-series-collect-user-input.md

@@ -1,5 +1,5 @@
 ---
-title: Set up a sign-up and sign-in flow for a local account by using Azure Active Directory B2C custom policy
+title: Set up a sign-up and sign-in flow for a local account
 titleSuffix: Azure AD B2C
 description: Learn how to configure a sign-up and sign-in flow for a local account, using email and password, by using Azure Active Directory B2C custom policy.  
 
@@ -10,7 +10,7 @@ ms.service: azure-active-directory
 
 ms.topic: how-to
 ms.custom: b2c-docs-improvements
-ms.date: 10/11/2024
+ms.date: 11/27/2024
 ms.author: kengaderdus
 ms.reviewer: yoelh
 ms.subservice: b2c

Diff for: articles/active-directory-b2c/custom-policies-series-sign-up-or-sign-in.md

@@ -52,7 +52,7 @@ The following table shows which session provider to use depending on the type of
 |Session provider  |Applicable technical profile types| Purpose |Write claims|Read claims|
 |---------|---------|---------|---------|---------|
 |[DefaultSSOSessionProvider](#defaultssosessionprovider)  | [Self-asserted](self-asserted-technical-profile.md), [Microsoft Entra ID](active-directory-technical-profile.md), [Microsoft Entra multifactor authentication](multi-factor-auth-technical-profile.md), [Claims transformation](claims-transformation-technical-profile.md)| Skips technical profile execution.| Yes | Yes |
-|[ExternalLoginSSOSessionProvider](#externalloginssosessionprovider) | [OAuth1 identity provider](oauth1-technical-profile.md), [Oauth2 identity provider](oauth2-technical-profile.md), [OpenID Connect identity provider](openid-connect-technical-profile.md), [SAML identity provider](saml-identity-provider-technical-profile.md)| Accelerate identity provider selection page. Performing single-logout.|Yes|Yes|
+|[ExternalLoginSSOSessionProvider](#externalloginssosessionprovider) | [OAuth1 identity provider](oauth1-technical-profile.md), [OAuth2 identity provider](oauth2-technical-profile.md), [OpenID Connect identity provider](openid-connect-technical-profile.md), [SAML identity provider](saml-identity-provider-technical-profile.md)| Accelerate identity provider selection page. Performing single-logout.|Yes|Yes|
 |[OAuthSSOSessionProvider](#oauthssosessionprovider) |[JWT token issuer](jwt-issuer-technical-profile.md) | Manages session between OAuth2 or OpenId Connect relying party and Azure AD B2C. Performs single-logout. | No | No |
 |[SamlSSOSessionProvider](#samlssosessionprovider) | [SAML token issuer](saml-issuer-technical-profile.md) | Manages session between SAML relying party and Azure AD B2C. Performs single-logout. | No | No |
 |[NoopSSOSessionProvider](#noopssosessionprovider) |Any| Suppress any technical profile from being part of the session.| No | No |
@@ -291,7 +291,7 @@ To use the `SM-Saml-issuer` session management technical profile, add a referenc
 The `NoopSSOSessionProvider` session provider is used to suppress single sign on behavior. Technical profiles that use this type of session provider will always be processed, even when the user has an active session. This type of session provider can be useful to force particular technical profiles to always run, for example:
 
 - [Claims transformation](claims-transformation-technical-profile.md) - To create, or transform claims that are later used to determine which orchestration steps to process or skip.
-- [Restful](restful-technical-profile.md) - Fetch updated data from a Restful service each time the policy runs. You can also call a Restful for extended logging, and auditing.
+- [RESTful](restful-technical-profile.md) - Fetch updated data from a RESTful service each time the policy runs. You can also call a RESTful for extended logging, and auditing.
 - [Self-asserted](self-asserted-technical-profile.md) - Force the user to provide data each time the policy runs. For example, verify emails with one-time pass-code, or ask the user's consent.
 - [Phonefactor](phone-factor-technical-profile.md) - Force the user to perform multifactor authentication as part of a "step up authentication" even during subsequent logons (single sign-on).
 

Diff for: articles/active-directory-b2c/custom-policy-reference-sso.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 11/27/2024
 ms.author: kengaderdus
 ms.subservice: b2c
 ms.custom: references_regions
@@ -26,7 +26,7 @@ Azure Active Directory B2C (Azure AD B2C) stores customer data in a geographic l
 Region availability and data residency are two different concepts that apply to Azure AD B2C. This article explains the differences between these two concepts, and compares how they apply to Azure versus Azure AD B2C. [Region availability](#region-availability) refers to where a service is available for use whereas [Data residency](#data-residency) refers to where user data is stored.
 
 
-Azure AD B2C is **generally available worldwide** with the option for **data residency** in the **United States, Europe, Asia Pacific, or Australia**.
+Azure AD B2C is **generally available worldwide** with the option for **data residency** in the **United States, Europe, Asia Pacific Australia or New Zealand**.
 
 [Region availability](#region-availability) refers to where a service is available for use. [Data residency](#data-residency) refers to where customer data is stored. For customers in the EU and EFTA, see [EU Data Boundary](#eu-data-boundary).
 
@@ -59,7 +59,7 @@ Data resides in **Asia Pacific** for the following locations:
 
 > Afghanistan (AF), Hong Kong SAR (HK), India (IN), Indonesia (ID), Japan (JP), Korea (KR), Malaysia (MY), Philippines (PH), Singapore (SG), Sri Lanka (LK), Taiwan (TW), and Thailand (TH)
 
-Data resides in **Australia** for the following locations:
+Data resides in Australia or New Zealand for the following locations:
 
 > Australia (AU) and New Zealand (NZ)
 

Diff for: articles/active-directory-b2c/data-residency.md

@@ -29,7 +29,7 @@ In this article, you learn how to create your web app that calls your web API. T
 
 - [Visual Studio Code](https://code.visualstudio.com/), or another code editor
 
-- [Node.js runtime](https://nodejs.org/en/download/)
+- [Node.js runtime](https://nodejs.org/en/download/package-manager/)
 
 ## Step 1: Create a protected web API
 

Diff for: articles/active-directory-b2c/enable-authentication-in-node-web-app-with-api.md

@@ -76,7 +76,7 @@ In the next sections, you create a new web API project. Select your programming
 # [Node.js](#tab/nodejsgeneric)
 
 * [Visual Studio Code](https://code.visualstudio.com/), or another code editor
-* [Node.js runtime](https://nodejs.org/en/download/)
+* [Node.js runtime](https://nodejs.org/en/download/package-manager/)
 
 ---
 

Diff for: articles/active-directory-b2c/enable-authentication-web-api.md

@@ -8,7 +8,7 @@ metadata:
   ms.service: azure-active-directory
 
   ms.topic: faq
-  ms.date: 10/31/2023
+  ms.date: 10/01/2024
   ms.author: godonnell
   ms.subservice: b2c
   ms.custom: b2c-support, has-azure-ad-ps-ref,azure-ad-ref-level-one-done
@@ -32,7 +32,7 @@ sections:
       - question: |
           Why can't I access the Azure AD B2C extension in the Azure portal?
         answer: |
-          There are two common reasons for why the Microsoft Entra extension isn't working for you. Azure AD B2C requires your user role in the directory to be a global administrator. Contact your administrator if you think you should have access. If you have global administrator privileges, make sure that you are in an Azure AD B2C directory and not a Microsoft Entra directory. You can see instructions for [creating an Azure AD B2C tenant](tutorial-create-tenant.md).
+          There are two common reasons for why the Microsoft Entra extension isn't working for you. Azure AD B2C requires your user role in the directory to be a Global administrator. Contact your administrator if you think you should have access. If you have Global administrator privileges, make sure that you are in an Azure AD B2C directory and not a Microsoft Entra directory. You can see instructions for [creating an Azure AD B2C tenant](tutorial-create-tenant.md).
           
       - question: |
           Can I use Azure AD B2C features in my existing, employee-based Microsoft Entra tenant?
@@ -92,7 +92,7 @@ sections:
       - question: |
           Why am I unable to create an Azure AD B2C tenant?
         answer: |
-          You might not have permission to create an Azure AD B2C tenant. Only users with **Global administrator** or **Tenant Creator** roles can create the tenant. You need to contact your **Global administrator**. 
+          You might not have permission to create an Azure AD B2C tenant. Only users with at least **Tenant Creator** roles can create the tenant. 
 
       - question: |
           How do I customize verification emails (the content and the "From:" field) sent by Azure AD B2C?

Diff for: articles/active-directory-b2c/faq.yml

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: reference
-ms.date: 01/11/2024
+ms.date: 11/27/2024
 ms.author: kengaderdus
 ms.subservice: b2c
 
@@ -66,7 +66,7 @@ The following endpoints used in your Azure AD B2C environment must comply with t
 
 ## Check your endpoint compatibility
 
-To verify that your endpoints comply with the requirements described in this article, perform a test using a TLS cipher and scanner tool. Test your endpoint using [SSLLABS](https://www.ssllabs.com/ssltest/analyze.html).
+To verify that your endpoints comply with the requirements described in this article, perform a test using a TLS cipher and scanner tool. Test your endpoint using [SSL LABS](https://www.ssllabs.com/ssltest/analyze.html).
 
 
 ## Next steps

Diff for: articles/active-directory-b2c/https-cipher-tls-requirements.md

@@ -4,7 +4,7 @@ description: Learn how to investigate risky users, and detections in Azure AD B2
 ms.service: entra-id
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 01/24/2024
+ms.date: 01/24/2025
 ms.author: godonnell
 author: garrodonnell
 manager: CelesteDG

Diff for: articles/active-directory-b2c/identity-protection-investigate-risk.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 01/24/2024
+ms.date: 01/24/2025
 ms.author: godonnell
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type

Diff for: articles/active-directory-b2c/identity-provider-adfs-saml.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 01/24/2024
+ms.date: 01/24/2025
 ms.author: godonnell
 ms.subservice: b2c
 zone_pivot_groups: b2c-policy-type
@@ -73,7 +73,7 @@ In this step, configure the claims AD FS application returns to Azure AD B2C.
 
 ## Configure AD FS as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
 1. Select **Identity providers**, and then select **New OpenID Connect provider**.

Diff for: articles/active-directory-b2c/identity-provider-adfs.md

@@ -49,7 +49,7 @@ To enable sign-in for users with an Amazon account in Azure Active Directory B2C
 
 ## Configure Amazon as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Amazon**.

Diff for: articles/active-directory-b2c/identity-provider-amazon.md

@@ -72,7 +72,7 @@ To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
 
 ## Configure Apple as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as a global administrator of your Azure AD B2C tenant.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Apple**.

Diff for: articles/active-directory-b2c/identity-provider-apple-id.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 10/11/2023
+ms.date: 10/11/2024
 ms.author: godonnell
 ms.subservice: b2c
 ms.custom: fasttrack-edit, 

Diff for: articles/active-directory-b2c/identity-provider-azure-ad-b2c.md

@@ -6,7 +6,7 @@ author: garrodonnell
 manager: CelesteDG
 ms.service: azure-active-directory
 ms.topic: how-to
-ms.date: 11/16/2023
+ms.date: 11/16/2024
 ms.custom: project-no-code
 ms.author: godonnell
 ms.subservice: b2c

Diff for: articles/active-directory-b2c/identity-provider-azure-ad-multi-tenant.md

@@ -9,7 +9,7 @@ manager: CelesteDG
 ms.service: azure-active-directory
 
 ms.topic: how-to
-ms.date: 01/27/2024
+ms.date: 01/27/2025
 ms.author: godonnell
 ms.subservice: b2c
 ms.custom: fasttrack-edit, 

Diff for: articles/active-directory-b2c/identity-provider-azure-ad-single-tenant.md

@@ -60,8 +60,8 @@ If you don't already have a Facebook account, sign up at [https://www.facebook.c
 
 ## Configure Facebook as an identity provider
 
-1. Sign in to the [Azure portal](https://portal.azure.com/) as the global administrator of your Azure AD B2C tenant.
-1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
+1. Sign in to the [Azure portal](https://portal.azure.com/) with an account that has at least [External Identity Provider Administrator](/entra/identity/role-based-access-control/permissions-reference#external-identity-provider-administrator) privileges.
+1. 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.
 1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**.
 1. Select **Identity providers**, then select **Facebook**.
 1. Enter a **Name**. For example, *Facebook*.