etherscan-io
diff --git a/‎articles/active-directory-b2c/active-directory-b2c-tutorials-spa.md
Lines changed: 67 additions & 41 deletions b/‎articles/active-directory-b2c/active-directory-b2c-tutorials-spa.md
Lines changed: 67 additions & 41 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/whats-new.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/insperityexpensable-tutorial.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/saas-apps/insperityexpensable-tutorial.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/aks/istio-install.md
Lines changed: 8 additions & 3 deletions b/‎articles/aks/istio-install.md
Lines changed: 8 additions & 3 deletions
diff --git a/‎articles/azure-monitor/app/export-stream-analytics.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-monitor/app/export-stream-analytics.md
Lines changed: 1 addition & 1 deletion
@@ -1,12 +1,12 @@
 ---
-title: Tutorial - Enable authentication in a single-page application  - Azure Active Directory B2C | Microsoft Docs
-description: Tutorial on how to use Azure Active Directory B2C to provide user login for a single page application (JavaScript).
+title: Tutorial - Enable authentication in a single-page application - Azure Active Directory B2C
+description: Learn how to use Azure Active Directory B2C to provide user login for a single page application (JavaScript).
 services: active-directory-b2c
 author: mmacy
 manager: celestedg
 
 ms.author: marsma
-ms.date: 02/04/2019
+ms.date: 07/08/2019
 ms.custom: mvc
 ms.topic: tutorial
 ms.service: active-directory
@@ -28,88 +28,112 @@ In this tutorial, you learn how to:
 
 ## Prerequisites
 
-* [Create user flows](tutorial-create-user-flows.md) to enable user experiences in your application. 
-* Install [Visual Studio 2019](https://www.visualstudio.com/downloads/) with the **ASP.NET and web development** workload.
-* Install the [.NET Core 2.0.0 SDK](https://www.microsoft.com/net/core) or later
-* Install [Node.js](https://nodejs.org/en/download/)
+You need the following Azure AD B2C resources in place before continuing with the steps in this tutorial:
+
+* [Azure AD B2C tenant](tutorial-create-tenant.md)
+* [Application registered](tutorial-register-applications.md) in your tenant
+* [User flows created](tutorial-create-user-flows.md) in your tenant
+
+Additionally, you need the following in your local development environment:
+
+* Code editor, for example [Visual Studio Code](https://code.visualstudio.com/) or [Visual Studio 2019](https://www.visualstudio.com/downloads/)
+* [.NET Core SDK 2.0.0](https://www.microsoft.com/net/core) or later
+* [Node.js](https://nodejs.org/en/download/)
 
 ## Update the application
 
-In the tutorial that you completed as part of the prerequisites, you added a web application in Azure AD B2C. To enable communication with the sample in the tutorial, you need to add a redirect URI to the application in Azure AD B2C.
+In the second tutorial that you completed as part of the prerequisites, you registered a web application in Azure AD B2C. To enable communication with the sample in the tutorial, you need to add a redirect URI to the application in Azure AD B2C.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
-3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
-4. Select **Applications**, and then select the *webapp1* application.
-5. Under **Reply URL**, add `http://localhost:6420`.
-6. Select **Save**.
-7. On the properties page, record the application ID that you'll use when you configure the web application.
-8. Select **Keys**, select **Generate key**, and select **Save**. Record the key that you'll use when you configure the web application.
+1. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
+1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
+1. Select **Applications**, and then select the *webapp1* application.
+1. Under **Reply URL**, add `http://localhost:6420`.
+1. Select **Save**.
+1. On the properties page, record the **Application ID**. You use the app ID in a later step when you update the code in the single-page web application.
 
-## Configure the sample
+## Get the sample code
 
-In this tutorial, you configure a sample that you can download from GitHub. The sample demonstrates how a single-page application can use Azure AD B2C for user sign-up, sign-in, and call a protected web API.
+In this tutorial, you configure a code sample that you download from GitHub. The sample demonstrates how a single-page application can use Azure AD B2C for user sign up and sign in, and to call a protected web API.
 
 [Download a zip file](https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp/archive/master.zip) or clone the sample from GitHub.
 
 ```
 git clone https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp.git
 ```
 
-To change the settings:
+## Update the sample
+
+Now that you've obtained the sample, update the code with your Azure AD B2C tenant name and the application ID you recorded in an earlier step.
 
-1. Open the `index.html` file in the sample.
-2. Configure the sample with the application ID and key that you recorded earlier. Change the following lines of code by replacing the values with the names of your directory and APIs:
+1. Open the `index.html` file in the root of the sample directory.
+1. In the `msalConfig` definition, modify the **clientId** value with the Application ID you recorded in an earlier step. Next, update the **authority** URI value with your Azure AD B2C tenant name. Also update the URI with the name of the sign-up/sign-in user flow you created in one of the prerequisites (for example, *B2C_1_signupsignin1*).
 
     ```javascript
-    // The current application coordinates were pre-registered in a B2C directory.
-    var applicationConfig = {
-        clientID: '<Application ID>',
-        authority: "https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1_signupsignin1",
-        b2cScopes: ["https://contoso.onmicrosoft.com/demoapi/demo.read"],
-        webApi: 'https://contosohello.azurewebsites.net/hello',
+    var msalConfig = {
+        auth: {
+            clientId: "00000000-0000-0000-0000-000000000000", //This is your client ID
+            authority: "https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi", //This is your tenant info
+            validateAuthority: false
+        },
+        cache: {
+            cacheLocation: "localStorage",
+            storeAuthStateInCookie: true
+        }
     };
     ```
 
-    The name of the user flow used in this tutorial is **B2C_1_signupsignin1**. If you're using a different user flow name, use your user flow name in `authority` value.
+    The name of the user flow used in this tutorial is **B2C_1_signupsignin1**. If you're using a different user flow name, specify that name in the `authority` value.
 
 ## Run the sample
 
-1. Launch a Node.js command prompt.
-2. Change to the directory containing the Node.js sample. For example `cd c:\active-directory-b2c-javascript-msal-singlepageapp`
-3. Run the following commands:
+1. Open a console window and change to the directory containing the sample. For example:
+
+    ```console
+    cd active-directory-b2c-javascript-msal-singlepageapp
+    ```
+1. Run the following commands:
 
     ```
     npm install && npm update
     node server.js
     ```
 
-    The console window displays the port number of where the app is hosted.
-    
+    The console window displays the port number of the locally running Node.js server:
+
     ```
     Listening on port 6420...
     ```
 
-4. Use a browser to navigate to the address `http://localhost:6420` to view the application.
+1. Navigate to `http://localhost:6420` in your browser to view the application.
 
 The sample supports sign-up, sign-in, profile editing, and password reset. This tutorial highlights how a user signs up using an email address.
 
 ### Sign up using an email address
 
-1. Click **Login** to sign up as a user of the application. This uses the **B2C_1_signupsignin1** user flow you defined in a previous step.
-2. Azure AD B2C presents a sign-in page with a sign-up link. Since you don't have an account yet, click the **Sign up now** link. 
-3. The sign-up workflow presents a page to collect and verify the user's identity using an email address. The sign-up workflow also collects the user's password and the requested attributes defined in the user flow.
+1. Click **Login** to sign up as a user of the application. This uses the **B2C_1_signupsignin1** user flow you specified in a previous step.
+1. Azure AD B2C presents a sign-in page with a sign-up link. Since you don't have an account yet, click the **Sign up now** link.
+1. The sign-up workflow presents a page to collect and verify the user's identity using an email address. The sign-up workflow also collects the user's password and the requested attributes defined in the user flow.
 
-    Use a valid email address and validate using the verification code. Set a password. Enter values for the requested attributes. 
+    Use a valid email address and validate using the verification code. Set a password. Enter values for the requested attributes.
 
     ![Sign-up workflow](media/active-directory-b2c-tutorials-desktop-app/sign-up-workflow.png)
 
-4. Click **Create** to create a local account in the Azure AD B2C directory.
+1. Click **Create** to create a local account in the Azure AD B2C directory.
 
-Now, the user can use an email address to sign in and use the SPA app.
+When you click **Create**, the sign up page closes and the sign in page reappears.
 
-> [!NOTE]
-> After login, the app displays an "insufficient permissions" error. You receive this error because you are attempting to access a resource from the demo directory. Since your access token is only valid for your Azure AD directory, the API call is unauthorized. Continue with the next tutorial to create a protected web API for your directory.
+You can now use your email address and password to sign in to the application.
+
+### Error: insufficient permissions
+
+After you sign in, the app displays an insufficient permissions error - this is **expected**:
+
+`ServerError: AADB2C90205: This application does not have sufficient permissions against this web resource to perform the operation.`
+
+You receive this error because you're attempting to access a resource from the demo directory, but your access token is valid only for your Azure AD directory. The API call is therefore unauthorized.
+
+Continue with the next tutorial in the series (see [Next steps](#next-steps)) to create a protected web API for your directory.
 
 ## Next steps
 
@@ -120,5 +144,7 @@ In this article, you learned how to:
 > * Configure the sample to use the application
 > * Sign up using the user flow
 
+Now move on to the next tutorial in the series to grant access to a protected web API from the SPA:
+
 > [!div class="nextstepaction"]
 > [Tutorial: Grant access to an ASP.NET Core web API from a single-page app using Azure Active Directory B2C](active-directory-b2c-tutorials-spa-webapi.md)
@@ -57,7 +57,7 @@ For more information, see the [Risk detection API reference documentation](https
 
 In June 2019, we've added these 22 new apps with Federation support to the app gallery:
 
-[Azure AD SAML Toolkit](https://docs.microsoft.com/azure/active-directory/saas-apps/saml-toolkit-tutorial), [Otsuka Shokai (大塚商会)](https://docs.microsoft.com/azure/active-directory/saas-apps/otsuka-shokai-tutorial), [ANAQUA](https://docs.microsoft.com/azure/active-directory/saas-apps/anaqua-tutorial), [Azure VPN Client](https://portal.azure.com/), [ExpenseIn](https://docs.microsoft.com/azure/active-directory/saas-apps/expensein-tutorial), [Helper Helper](https://docs.microsoft.com/azure/active-directory/saas-apps/helper-helper-tutorial), [Costpoint](https://docs.microsoft.com/azure/active-directory/saas-apps/costpoint-tutorial), [GlobalOne](https://docs.microsoft.com/azure/active-directory/saas-apps/globalone-tutorial), [Mercedes-Benz In-Car Office](https://me.secure.mercedes-benz.com/), [Skore](https://app.justskore.it/), [Oracle Cloud Infrastructure Console](https://docs.microsoft.com/azure/active-directory/saas-apps/oracle-cloud-tutorial), [CyberArk SAML Authentication](https://docs.microsoft.com/azure/active-directory/saas-apps/cyberark-saml-authentication-tutorial), [Scrible Edu](https://www.scrible.com/sign-in/#/create-account), [PandaDoc](https://docs.microsoft.com/azure/active-directory/saas-apps/pandadoc-tutorial), [Perceptyx](https://apexdata.azurewebsites.net/docs.microsoft.com/azure/active-directory/saas-apps/perceptyx-tutorial), [Proptimise OS](https://proptimise.co.uk/property-software/), [Vtiger CRM (SAML)](https://docs.microsoft.com/azure/active-directory/saas-apps/vtiger-crm-saml-tutorial), Oracle Access Manager for Oracle Retail Merchandising, Oracle Access Manager for Oracle E-Business Suite, Oracle IDCS for E-Business Suite, Oracle IDCS for PeopleSoft, Oracle IDCS for JD Edwards
+[Azure AD SAML Toolkit](https://docs.microsoft.com/azure/active-directory/saas-apps/saml-toolkit-tutorial), [Otsuka Shokai (大塚商会)](https://docs.microsoft.com/azure/active-directory/saas-apps/otsuka-shokai-tutorial), [ANAQUA](https://docs.microsoft.com/azure/active-directory/saas-apps/anaqua-tutorial), [Azure VPN Client](https://portal.azure.com/), [ExpenseIn](https://docs.microsoft.com/azure/active-directory/saas-apps/expensein-tutorial), [Helper Helper](https://docs.microsoft.com/azure/active-directory/saas-apps/helper-helper-tutorial), [Costpoint](https://docs.microsoft.com/azure/active-directory/saas-apps/costpoint-tutorial), [GlobalOne](https://docs.microsoft.com/azure/active-directory/saas-apps/globalone-tutorial), [Mercedes-Benz In-Car Office](https://me.secure.mercedes-benz.com/), [Skore](https://app.justskore.it/), [Oracle Cloud Infrastructure Console](https://docs.microsoft.com/azure/active-directory/saas-apps/oracle-cloud-tutorial), [CyberArk SAML Authentication](https://docs.microsoft.com/azure/active-directory/saas-apps/cyberark-saml-authentication-tutorial), [Scrible Edu](https://www.scrible.com/sign-in/#/create-account), [PandaDoc](https://docs.microsoft.com/azure/active-directory/saas-apps/pandadoc-tutorial), [Perceptyx](https://apexdata.azurewebsites.net/docs.microsoft.com/azure/active-directory/saas-apps/perceptyx-tutorial), [Proptimise OS](https://proptimise.co.uk/software/), [Vtiger CRM (SAML)](https://docs.microsoft.com/azure/active-directory/saas-apps/vtiger-crm-saml-tutorial), Oracle Access Manager for Oracle Retail Merchandising, Oracle Access Manager for Oracle E-Business Suite, Oracle IDCS for E-Business Suite, Oracle IDCS for PeopleSoft, Oracle IDCS for JD Edwards
 
 For more information about the apps, see [SaaS application integration with Azure Active Directory](https://aka.ms/appstutorial). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](https://aka.ms/azureadapprequest).
 
 
@@ -105,7 +105,7 @@ To configure Azure AD single sign-on with Insperity ExpensAble, perform the foll
     `https://server.expensable.com/esapp/Authenticate?companyId=<company ID>`
 
 	> [!NOTE]
-	> The value is not real. Update the value with the actual Sign-On URL. Contact [Insperity ExpensAble Client support team](http://expensable.com/support/support-overview) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+	> The value is not real. Update the value with the actual Sign-On URL. Contact [Insperity ExpensAble Client support team](https://www.insperity.com/products/expense-management/support/express/) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
 
 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
 
@@ -123,7 +123,7 @@ To configure Azure AD single sign-on with Insperity ExpensAble, perform the foll
 
 ### Configure Insperity ExpensAble Single Sign-On
 
-To configure single sign-on on **Insperity ExpensAble** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Insperity ExpensAble support team](http://expensable.com/support/support-overview). They set this setting to have the SAML SSO connection set properly on both sides.
+To configure single sign-on on **Insperity ExpensAble** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to [Insperity ExpensAble support team](https://www.insperity.com/products/expense-management/support/express/). They set this setting to have the SAML SSO connection set properly on both sides.
 
 ### Create an Azure AD test user
 
@@ -178,7 +178,7 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting
 
 ### Create Insperity ExpensAble test user
 
-In this section, you create a user called Britta Simon in Insperity ExpensAble. Work with [Insperity ExpensAble support team](http://expensable.com/support/support-overview) to add the users in the Insperity ExpensAble platform. Users must be created and activated before you use single sign-on.
+In this section, you create a user called Britta Simon in Insperity ExpensAble. Work with [Insperity ExpensAble support team](https://www.insperity.com/products/expense-management/support/express/) to add the users in the Insperity ExpensAble platform. Users must be created and activated before you use single sign-on.
 
 ### Test single sign-on
 
 
@@ -148,14 +148,19 @@ Now move on to the next section to [Install the Istio CRDs on AKS](#install-the-
 
 ### Windows
 
-To install the Istio `istioctl` client binary in a **Powershell**-based shell on Windows, use the following commands. These commands copy the `istioctl` client binary to an Istio folder and make it permanently available via your `PATH`. You don't need elevated (Admin) privileges to run these commands.
+To install the Istio `istioctl` client binary in a **Powershell**-based shell on Windows, use the following commands. These commands copy the `istioctl` client binary to an Istio folder and then make it available both immediately (in current shell) and permanently (across shell restarts) via your `PATH`. You don't need elevated (Admin) privileges to run these commands and you don't need to restart your shell.
 
 ```powershell
+# Copy istioctl.exe to C:\Istio
 cd istio-$ISTIO_VERSION
 New-Item -ItemType Directory -Force -Path "C:\Istio"
 Copy-Item -Path .\bin\istioctl.exe -Destination "C:\Istio\"
-$PATH = [environment]::GetEnvironmentVariable("PATH", "User")
-[environment]::SetEnvironmentVariable("PATH", $PATH + "; C:\Istio\", "User")
+
+# Add C:\Istio to PATH. 
+# Make the new PATH permanently available for the current User, and also immediately available in the current shell.
+$PATH = [environment]::GetEnvironmentVariable("PATH", "User") + "; C:\Istio\"
+[environment]::SetEnvironmentVariable("PATH", $PATH, "User") 
+[environment]::SetEnvironmentVariable("PATH", $PATH)
 ```
 
 Now move on to the next section to [Install the Istio CRDs on AKS](#install-the-istio-crds-on-aks).
 
@@ -142,7 +142,7 @@ Paste this query:
 
 * export-input is the alias we gave to the stream input
 * pbi-output is the output alias we defined
-* We use [OUTER APPLY GetElements](https://msdn.microsoft.com/library/azure/dn706229.aspx) because the event name is in a nested JSON array. Then the Select picks the event name, together with a count of the number of instances with that name in the time period. The [Group By](https://msdn.microsoft.com/library/azure/dn835023.aspx) clause groups the elements into time periods of one minute.
+* We use [OUTER APPLY GetElements](https://docs.microsoft.com/stream-analytics-query/apply-azure-stream-analytics) because the event name is in a nested JSON array. Then the Select picks the event name, together with a count of the number of instances with that name in the time period. The [Group By](https://docs.microsoft.com/stream-analytics-query/group-by-azure-stream-analytics) clause groups the elements into time periods of one minute.
 
 ### Query to display metric values
 ```SQL