Merge pull request #5375 from MicrosoftDocs/main

10/01/2024 AM Publish

docs/external-id/customers/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: "What's new in Microsoft Entra External ID in external tenants"
 description: "New and updated documentation for Microsoft Entra External ID in external tenants."
-ms.date: 09/11/2024
+ms.date: 10/01/2024
 ms.service: entra-external-id
 ms.subservice: customers
 ms.topic: whats-new
@@ -16,6 +16,19 @@ manager: CelesteDG
 
 Welcome to what's new in documentation for Microsoft Entra External ID in external tenants. This article lists new docs that were added and docs that were significantly updated in the last three months.
 
+## September 2024
+
+### New articles
+
+- [Set up Azure Monitor in external tenants (preview)](how-to-azure-monitor.md)
+- [Microsoft Entra External ID training, live demo, and videos](reference-training-videos.md)
+
+### Updated articles
+
+- [Quickstart: Get started with the Microsoft Entra External ID extension for Visual Studio Code](visual-studio-code-extension.md) - Updated sign-in experience
+- [Service limits and restrictions](reference-service-limits.md) - Updated phone limits
+- [Tutorial: Prepare your iOS/macOS app for native authentication](tutorial-native-authentication-prepare-ios-macos-app.md) - MSAL framework update
+
 ## August 2024
 
 ### New article
@@ -41,10 +54,3 @@ Welcome to what's new in documentation for Microsoft Entra External ID in extern
 - [Sign in users in a sample Electron desktop application](how-to-desktop-app-electron-sample-sign-in.md) - Added user flow testing instructions
 - [Sign in users and edit profile in a sample Node.js web application](sample-web-app-node-sign-in-edit-profile.md) - Editorial updates
 
-## June 2024
-
-### Updated articles
-
-- [Add multifactor authentication (MFA) to an app](how-to-multifactor-authentication-customers.md) - Screenshots and instructions updated
-- [Sign in users and call a web API in sample Node.js web application](sample-web-app-node-sign-in-call-api.md) - Editorial updates
-- [Tutorial: Add sign-in in Android app by using native authentication](tutorial-native-authentication-android-sign-in-sign-out.md) - Updated sign in instructions

docs/external-id/whats-new-docs.md

@@ -1,7 +1,7 @@
 ---
 title: What's new in Microsoft Entra External ID
 description: New and updated documentation for the Microsoft Entra External ID.
-ms.date: 09/11/2024
+ms.date: 10/01/2024
 ms.service: entra-external-id
 ms.topic: whats-new
 
@@ -15,6 +15,13 @@ manager: CelesteDG
 
 Welcome to what's new in documentation for Microsoft Entra External ID in workforce tenants. This article lists new docs that were added and docs that were significantly updated in the last three months. To learn what's new with the Microsoft Entra ID service, see [What's new in Microsoft Entra ID](~/fundamentals/whats-new.md).
 
+## September 2024
+
+### Updated articles
+
+- [Configure cross-tenant access settings for B2B collaboration](cross-tenant-access-settings-b2b-collaboration.yml) - Microsoft SharePoint dependency update
+- [Leave an organization where you have a guest account](leave-the-organization.md) - Editorial updates
+
 ## August 2024
 
 ### Updated articles
@@ -28,11 +35,3 @@ Welcome to what's new in documentation for Microsoft Entra External ID in workfo
 
 - [Microsoft Entra External ID documentation](index.yml) - Editorial updates
 
-## June 2024
-
-### Updated articles
-
-- [Federation with SAML/WS-Fed identity providers for guest users](direct-federation.md) - Updated verified domain information and steps for adding new identity providers
-- [The elements of the B2B collaboration invitation email](invitation-email-elements.md) - Editorial updates
-- [How users in your organization can invite guest users to an app](add-users-information-worker.md) - Editorial updates
-- [Overview: Cross-tenant access with Microsoft Entra External ID](cross-tenant-access-overview.md) - Removed the [configurable redemption](cross-tenant-access-overview.md#configurable-redemption) SharePoint limitation for guest users who redeem invites with email one-time passcode

docs/id-governance/entitlement-management-access-package-approval-policy.md

@@ -164,10 +164,10 @@ For example, if you listed Alice and Bob as the first stage approver(s), list Ca
 
     ![Access package - Policy- Enable policy setting](./media/entitlement-management-access-package-approval-policy/enable-requests.png)
 
-1. When new requests are enabled, you can specify whether you want to **Allow managers to request on behalf of their employees (preview)**. Enabling this setting will also give you the option to **Bypass approval stage if manager is the requestor and the approver (preview)**. Bypassing an approval stage when the manager is both the requestor, and the approver for that stage, streamlines the request process by reducing redundancy. 
+1. When new requests are enabled, you can specify whether you want to **Allow managers to request on behalf of their employees (preview)**.
     :::image type="content" source="media/entitlement-management-access-package-approval-policy/manager-enable-approval.png" alt-text="Screenshot of manager approval of request options.":::
 1. Select **Next**.
-
+ 
 ## Collect additional requestor information for approval
 
 In order to make sure users are getting access to the right access packages, you can require requestors to answer custom text field or Multiple Choice questions at the time of request. The questions will then be shown to approvers to help them make a decision.

docs/id-governance/entitlement-management-request-approve.md

@@ -57,9 +57,6 @@ If you don't have the email, you can find the access requests pending your appro
 
 1. Based on the information the requestor provided, you can then approve or deny the request. See the steps in Approve or deny request for guidance.
 
-> [!NOTE]
-> If the manager of the user the request is for is the approver, and also the requestor, of the the access package then the approval stage might be bypassed depending on policy settings. For more information, see: [Configure an access package policy allowing on behalf of requests](entitlement-management-request-behalf.md).
-
 ## Approve or deny request
 
 After you open an access request pending approval, you can see details that will help you make an approve or deny decision.

docs/id-governance/entitlement-management-request-behalf.md

@@ -49,12 +49,10 @@ Follow these steps to edit the policies, allowing on behalf of requests, for an
 
 1. On the **Requests** tab, set **Enable new requests** to Yes. This should show you the option **Allow managers to request on behalf of employees (preview)**. Set that option to Yes.  
     :::image type="content" source="media/entitlement-management-request-behalf/edit-request-policy-behalf.png" lightbox="media/entitlement-management-request-behalf/edit-request-policy-behalf.png" alt-text="Screenshot of editing an access package;s request on behalf of policy.":::
-    > [!NOTE]
-    > If approval is required, you will also see the option to **Bypass approval stage if manager is the requestor and approver (preview)**.
 1. Save your policy. 
 
 ## Request an access package on behalf of an employee
-
+ 
 As a manager, you can request an access package for a direct report by doing the following steps:
 
 1. Sign in to the My Access portal at [https://myaccess.microsoft.com](https://myaccess.microsoft.com). For US Government, the domain in the My Access portal link is `myaccess.microsoft.us`.

docs/identity-platform/whats-new-docs.md

@@ -5,7 +5,7 @@ author: henrymbuguakiarie
 manager: CelesteDG
 ms.author: henrymbugua
 ms.custom: has-adal-ref
-ms.date: 09/02/2024
+ms.date: 10/01/2024
 ms.service: identity-platform
 
 ms.topic: whats-new
@@ -16,6 +16,18 @@ ms.topic: whats-new
 
 Welcome to what's new in the Microsoft identity platform documentation. This article lists new articles that were added or had significant updates in the last three months.
 
+## September 2024
+
+### New articles
+
+- [Set up an Android device in Shared Device Mode](tutorial-mobile-android-device-shared-mode.md)
+
+### Updated articles
+
+- [Overview of shared device mode](msal-shared-devices.md) - Added clarity to the content
+- [Shared device mode for Android devices](msal-android-shared-devices.md) - Added clarity to the content
+- [Tutorial: Add shared-device mode support to your Android application](tutorial-v2-shared-device-mode.md) - Added clarity to the content
+
 ## August 2024
 
 ### Updated articles
@@ -34,15 +46,3 @@ Welcome to what's new in the Microsoft identity platform documentation. This art
 - [Customize claims issued in the JSON web token (JWT) for enterprise applications](jwt-claims-customization.md) - Updating the script with a working version
 - [Troubleshoot publisher verification](troubleshoot-publisher-verification.md) - Removed reference to Postman
 - [Restrict a Microsoft Entra app to a set of users](howto-restrict-your-app-to-a-set-of-users.md) - Added clarity to the content
-
-
-## June 2024
-
-### Updated articles
-
-- [Microsoft identity platform code samples](sample-v2-code.md) - Removed archived samples from code sample page and articles
-- [Quickstart: Configure a client application to access a web API](quickstart-configure-app-access-web-apis.md) - Added clarity to the content
-- [Quickstart: Configure an application to expose a web API](quickstart-configure-app-expose-web-apis.md) - Added clarity to the content
-- [Quickstart: Sign in users and call Microsoft Graph from an Android app](quickstart-mobile-app-android-sign-in.md) - Added clarity to the content
-- [Redirect URI (reply URL) outline and restrictions](reply-url.md) - Added clarity to the content
-

docs/verified-id/did-web-path.md

@@ -23,7 +23,7 @@ In this article, we go over the steps to enable support for did:web:path to your
 
 ## What is did:web:path?
 
-Did:web:path is described in the [did:web Method Specification](https://w3c-ccg.github.io/did-method-web/#optional-path-considerations). If you have an environment where you're required to use a high number of authorities, acquiring domain names for them becomes a problem. Using one single domain and having the different authorities appear as paths under the domain may be a more favorable approach.  
+Did:web:path is described in the [did:web Method Specification](https://w3c-ccg.github.io/did-method-web/#optional-path-considerations). If you have an environment where you're required to use a high number of [authorities](admin-api.md#authorities), acquiring domain names for them becomes an administrative problem. Using one single domain and having the different authorities appear as paths under the domain may be a more favorable approach.  
 
 ## Enable domain for did:web:path support
 

docs/verified-id/get-started-request-api.md

@@ -308,15 +308,14 @@ Issuance request using the `idTokenHint` attestation flow:
 
 ```JSON
 {
-    "includeQRCode": false,
+    "authority": "did:web:verifiedid.contoso.com",
     "callback": {
         "url": "https://contoso.com/api/issuer/issuanceCallback",
         "state": "de19cb6b-36c1-45fe-9409-909a51292a9c",
         "headers": {
             "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS"
         }
     },
-    "authority": "did:web:verifiedid.contoso.com",
     "registration": {
         "clientName": "Verifiable Credential Expert Sample"
     },
@@ -338,15 +337,15 @@ Issuance request using the `idTokenHint` attestation flow:
 Issuance request using the `idTokenHint` attestation flow that [sets the expiry date](issuance-request-api.md#issuance-request-payload):
 
 ```JSON
-    "includeQRCode": false,
+{
+    "authority": "did:web:verifiedid.contoso.com",
     "callback": {
         "url": "https://contoso.com/api/issuer/issuanceCallback",
         "state": "de19cb6b-36c1-45fe-9409-909a51292a9c",
         "headers": {
             "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS"
         }
     },
-    "authority": "did:web:verifiedid.contoso.com",
     "registration": {
         "clientName": "Verifiable Credential Expert Sample"
     },
@@ -390,15 +389,14 @@ Presentation request for a credential with a certain type and issuer:
 
 ```JSON
 {
-  "includeQRCode": true,
+  "authority": "did:web:verifiedid.contoso.com",
   "callback": {
     "url": "https://contoso.com/api/verifier/presentationCallback",
     "state": "92d076dd-450a-4247-aa5b-d2e75a1a5d58",
     "headers": {
       "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS"
     }
   },
-  "authority": "did:web:verifiedid.contoso.com",
   "registration": {
     "clientName": "Veritable Credential Expert Verifier"
   },
@@ -428,7 +426,6 @@ Presentation request with [claims constraints](presentation-request-api.md#const
 ```JSON
 {
   "authority": "did:web:verifiedid.contoso.com",
-  "includeQRCode": false,
   "includeReceipt": false,
   "registration": {
     "clientName": "Contoso Job Application Center",
@@ -473,7 +470,6 @@ Presentation request with FaceCheck. When using FaceCheck, the `includeReceipt`
 ```JSON
 {
   "authority": "did:web:verifiedid.contoso.com",
-  "includeQRCode": false,
   "includeReceipt": false,
   "registration": {
     "clientName": "Contoso Job Application Center",

docs/verified-id/issuance-request-api.md

@@ -48,7 +48,6 @@ Content-Type: application/json
 Authorization: Bearer <token>
 
 {
-    "includeQRCode": true,
     "callback": {
         "url": "https://contoso.com/api/issuer/issuanceCallback",
         "state": "Aaaabbbb11112222",
@@ -72,15 +71,14 @@ The issuance request payload contains information about your verifiable credenti
 
 ```json
 {
-  "includeQRCode": false,
+  "authority": "did:web:verifiedid.contoso.com",
   "callback": {
     "url": "https://contoso.com/api/issuer/issuanceCallback",
     "state": "de19cb6b-36c1-45fe-9409-909a51292a9c",
     "headers": {
       "api-key": "OPTIONAL API-KEY for CALLBACK EVENTS"
     }
   },
-  "authority": "did:web:verifiedid.contoso.com",
   "registration": {
     "clientName": "Verifiable Credential Expert Sample"
   },
@@ -102,7 +100,7 @@ The payload contains the following properties:
 
 |Parameter |Type  | Description |
 |---------|---------|---------|
-| `includeQRCode` |  Boolean |   Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this issuance request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link.  |
+| `includeQRCode` |  Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this issuance request. Possible values are `true` or `false` (default). When you set the value to `false`, use the return `url` property to render a deep link.  |
 |`callback`|  [Callback](#callback-type)| Mandatory. Allows the developer to asynchronously get information on the flow during the verifiable credential issuance process. For example, the developer might want a call when the user has scanned the QR code or if the issuance request succeeds or fails.|
 | `authority` | string|  The issuer's decentralized identifier (DID). For more information, see [Gather credentials and environment details to set up your sample application](verifiable-credentials-configure-issuer.md).|
 | `registration` | [RequestRegistration](#requestregistration-type)|  Provides information about the issuer that can be displayed in the authenticator app. |

docs/verified-id/presentation-request-api.md

@@ -49,7 +49,6 @@ Content-Type: application/json
 Authorization: Bearer  <token>
 
 {
-    "includeQRCode": true,
     "callback": {
       "url": "https://contoso.com/api/verifier/presentationCallback",
       "state": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee",
@@ -73,9 +72,8 @@ The presentation request payload contains information about your verifiable cred
 
 ```json
 {
-  "includeQRCode": true,
-  "includeReceipt": true,
   "authority": "did:web:verifiedid.contoso.com",
+  "includeReceipt": true,
   "registration": {
     "clientName": "Veritable Credential Expert Verifier"
   },
@@ -108,7 +106,7 @@ The payload contains the following properties.
 
 |Parameter |Type  | Description |
 |---------|---------|---------|
-| `includeQRCode` |  Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` (default) or `false`. When you set the value to `false`, use the return `url` property to render a deep link.  |
+| `includeQRCode` |  Boolean | Optional. Determines whether a QR code is included in the response of this request. Present the QR code and ask the user to scan it. Scanning the QR code launches the authenticator app with this presentation request. Possible values are `true` or `false` (default). When you set the value to `false`, use the return `url` property to render a deep link.  |
 | `includeReceipt` |  Boolean | Optional. Determines whether a receipt should be included in the response of this request. Possible values are `true` or `false` (default). The receipt contains the original payload sent from the authenticator to the Verifiable Credentials service. The receipt is useful for troubleshooting or if you have the need to ge the full details of the payload. There's otherwise no need be set this value to `true `by default. In the `OpenId Connect SIOP` request, the receipt contains the ID token from the original request. |
 | `authority` | string|  Your decentralized identifier (DID) of your verifier Microsoft Entra tenant. For more information, see [Gather tenant details to set up your sample application](verifiable-credentials-configure-verifier.md#gather-tenant-details-to-set-up-your-sample-application).|
 | `registration` | [RequestRegistration](#requestregistration-type)|  Provides information about the verifier. |