diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 3735bff..60a419f 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -9,8 +9,8 @@
```console
- - [ ] 1-1) Sign-in with Azure AD
- - [ ] 1-2) Sign-in with Azure AD B2C
+ - [ ] 1-1) Sign-in with Microsoft Entra ID
+ - [ ] 1-2) Sign-in with Azure Active Directory B2C
- [ ] 2-1) Acquire a Token and call Microsoft Graph
- [ ] 3) Deploy to Azure Storage and App Service
- [ ] 4-1) Use App Roles for Role-based Access Control
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 04d6796..39faf32 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -47,4 +47,4 @@ ex: verify that the following are valid:
* ...
## Other Information
-
\ No newline at end of file
+
diff --git a/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md b/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md
index 624c702..b56d506 100644
--- a/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md
+++ b/1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md
@@ -4,7 +4,7 @@
### Quick summary
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
```PowerShell
cd .\AppCreationScripts\
@@ -28,25 +28,25 @@
### Presentation of the scripts
-This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
+This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
- `Configure.ps1` which:
- - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
+ - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
+ - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created:
- the identifier of the application
- the AppId of the application
- - the url of its registration in the [Azure portal](https://portal.azure.com).
+ - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com).
-- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
+- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
### Usage pattern for tests and DevOps scenarios
-The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
+The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
## How to use the app creation scripts?
@@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications,
if you want to create the apps in a particular tenant, you can use the following option:
-- Open the [Azure portal](https://portal.azure.com)
-- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
+- Open the [Microsoft Entra admin center](https://entra.microsoft.com)
+- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
- Then use the full syntax to run the scripts:
diff --git a/1-Authentication/1-sign-in/README-use-certificate.md b/1-Authentication/1-sign-in/README-use-certificate.md
index 28bc87e..22caf53 100644
--- a/1-Authentication/1-sign-in/README-use-certificate.md
+++ b/1-Authentication/1-sign-in/README-use-certificate.md
@@ -39,7 +39,7 @@ Alternatively, download and build **OpenSSL** for your **OS** following the guid
- **Step 1: [Create a self-signed certificate](#create-a-self-signed-certificate)**
- Option 1: [create self-signed certificate on local machine](#create-self-signed-certificate-on-local-machine)
- Option 2: [create self-signed certificate on Key Vault](#create-self-signed-certificate-on-key-vault)
-- **Step 2: [Configure an Azure AD app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
+- **Step 2: [Configure a Microsoft Entra app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
- **Step 3: [Configure your app(s) to use a certificate](#configure-your-apps-to-use-a-certificate)**
- Option 1: [using an existing certificate from local machine](#using-an-existing-certificate-from-local-machine)
- Option 2: [using an existing certificate from Key Vault](#using-an-existing-certificate-from-key-vault)
@@ -96,9 +96,9 @@ You can use Azure Key Vault to generate a self-signed certificate for you. Doing
> ```
-Click here to use Azure Portal
+Click here to use Microsoft Entra admin center
-Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Azure portal](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
+Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Microsoft Entra admin center](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a-certificate).
@@ -113,13 +113,13 @@ Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a
-### Configure an Azure AD app registration to use a certificate
+### Configure a Microsoft Entra app registration to use a certificate
-Now you must associate your Azure AD app registration with the certificate you will use in your application.
+Now you must associate your Microsoft Entra app registration with the certificate you will use in your application.
> :information_source: If you have the certificate locally available, you can follow the steps below. If your certificate(s) is on Azure Key Vault, you must first export and download them to your computer, and delete the local copy after following the steps below. See: [Export certificates from Azure Key Vault](https://learn.microsoft.com/azure/key-vault/certificates/how-to-export-certificate)
-1. Navigate to [Azure portal](https://portal.azure.com) and select your Azure AD app registration.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select your Microsoft Entra app registration.
1. Select **Certificates & secrets** blade on the left.
1. Click on **Upload** certificate and select the certificate file to upload (e.g. *msal-node-webapp*).
1. Click **Add**. Once the certificate is uploaded, the *thumbprint*, *start date*, and *expiration* values are displayed. Record the *thumbprint* value as you will make use of it later in your app's configuration file.
@@ -255,7 +255,7 @@ Once you deploy your app(s) to Azure App Service, you can assign a managed ident
### Create a system-assigned identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service instance you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -266,7 +266,7 @@ For more information, see [Add a system-assigned identity](https://docs.microsof
Now that your app deployed to App Service has a managed identity, in this step you grant it access to your key vault.
-1. Go to the [Azure portal](https://portal.azure.com) and search for your Key Vault.
+1. Go to the [Microsoft Entra admin center](https://entra.microsoft.com) and search for your Key Vault.
1. Select **Overview** > **Access policies** blade on the left.
1. Click on **Add Access Policy** > **Certificate permissions** > **Get**
1. Click on **Add Access Policy** > **Secret permissions** > **Get**
@@ -281,7 +281,7 @@ Finally, you need to add environment variables to the App Service where you depl
> :warning: Make sure your application is able to read environment variables. Alternatively, you can hardcode the key vault URL and certificate name in your applications configuration file.
-1. In the [Azure portal](https://portal.azure.com), search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (key-value pairs):
1. **KEY_VAULT_URL**: the URL of the key vault you've created, e.g. `https://example.vault.azure.net`
diff --git a/1-Authentication/1-sign-in/README.md b/1-Authentication/1-sign-in/README.md
index a9bcdbd..b5329d7 100644
--- a/1-Authentication/1-sign-in/README.md
+++ b/1-Authentication/1-sign-in/README.md
@@ -1,4 +1,4 @@
-# A Node.js & Express web app authenticating users against Azure AD with MSAL Node
+# A Node.js & Express web app authenticating users against Microsoft Entra ID with MSAL Node
1. [Overview](#overview)
1. [Scenario](#scenario)
@@ -14,12 +14,12 @@
## Overview
-This sample demonstrates a Node.js & Express web application that authenticates users against Azure AD, with the help of [Microsoft Authentication Library for Node.js](https://aka.ms/msalnode) (MSAL Node). In doing so, it illustrates authentication concepts such as [OpenID scopes](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes), [ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens), securing routes and more.
+This sample demonstrates a Node.js & Express web application that authenticates users against Microsoft Entra ID, with the help of [Microsoft Authentication Library for Node.js](https://aka.ms/msalnode) (MSAL Node). In doing so, it illustrates authentication concepts such as [OpenID scopes](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes), [ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens), securing routes and more.
## Scenario
-1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to obtain an ID Token from **Azure AD**.
-2. The **ID Token** proves that the user has successfully authenticated against **Azure AD**.
+1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to obtain an ID Token from **Microsoft Entra ID**.
+2. The **ID Token** proves that the user has successfully authenticated against **Microsoft Entra ID**.
@@ -37,8 +37,8 @@ This sample demonstrates a Node.js & Express web application that authenticates
- [Node.js](https://nodejs.org/en/download/) must be installed to run this sample.
- [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample.
- A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**.
-- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-- A user account in your **Azure AD** tenant.
+- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+- A user account in your **Microsoft Entra ID** tenant.
## Setup
@@ -69,7 +69,7 @@ There is one project in this sample. To register it, you can:
- follow the steps below for manually register your apps
- or use PowerShell scripts that:
- - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
+ - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you.
- modify the projects' configuration files.
@@ -78,7 +78,7 @@ There is one project in this sample. To register it, you can:
> :warning: If you have never used **Microsoft Graph PowerShell** before, we recommend you go through the [App Creation Scripts Guide](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
1. Ensure that you have [PowerShell 7](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.3) or later.
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
1. For interactive process -in PowerShell, run:
```PowerShell
@@ -88,20 +88,20 @@ There is one project in this sample. To register it, you can:
> Other ways of running the scripts are described in [App Creation Scripts guide](./AppCreationScripts/AppCreationScripts.md). The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
-> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register an Azure AD application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
+> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register a Microsoft Entra application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
-### Choose the Azure AD tenant where you want to create your applications
+### Choose the Microsoft Entra tenant where you want to create your applications
As a first step you'll need to:
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.
### Register the client app (msal-node-webapp)
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then select **New registration**.
1. In the **Register an application page** that appears, enter your application's registration information:
- In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-webapp`.
@@ -115,7 +115,7 @@ As a first step you'll need to:
- Type a key description (for instance `app secret`),
- Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
- The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
- - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
+ - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Microsoft Entra admin center before navigating to any other screen or blade.
> :warning: For enhanced security, consider using **certificates** instead of client secrets. See: [How to use certificates instead of secrets](./README-use-certificate.md).
#### Configure Optional Claims
@@ -134,9 +134,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
1. Open the `App/authConfig.js` file.
-1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Azure portal.
-1. Find the key `tenantId` and replace the existing value with your Azure AD tenant ID.
-1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Azure portal.
+1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Microsoft Entra admin center.
+1. Find the key `tenantId` and replace the existing value with your Microsoft Entra tenant ID.
+1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Microsoft Entra admin center.
1. Find the key `redirectUri` and replace the existing value with the Redirect URI for `msal-node-webapp`. (by default `http://localhost:4000/redirect`).
> :information_source: For `redirectUri`, you can simply enter the path component of the URI instead of the full URI. For example, instead of `http://localhost:4000/redirect`, you can simply enter `/redirect`. This may come in handy in deployment scenarios.
@@ -179,14 +179,14 @@ Configure your application:
Learn more about the Microsoft identity platform:
-- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
+- [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
-- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
- [Microsoft identity platform and OpenID Connect protocol](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc)
- [Microsoft Identity Platform ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens)
-For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
## Community Help and Support
@@ -196,10 +196,10 @@ Make sure that your questions or comments are tagged with [`azure-active-directo
If you find a bug in the sample, raise the issue on [GitHub Issues](../../../../issues).
-To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
+To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
## Contributing
If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
\ No newline at end of file
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/2-Authorization/1-call-graph/AppCreationScripts/AppCreationScripts.md b/2-Authorization/1-call-graph/AppCreationScripts/AppCreationScripts.md
index 624c702..b56d506 100644
--- a/2-Authorization/1-call-graph/AppCreationScripts/AppCreationScripts.md
+++ b/2-Authorization/1-call-graph/AppCreationScripts/AppCreationScripts.md
@@ -4,7 +4,7 @@
### Quick summary
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
```PowerShell
cd .\AppCreationScripts\
@@ -28,25 +28,25 @@
### Presentation of the scripts
-This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
+This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
- `Configure.ps1` which:
- - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
+ - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
+ - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created:
- the identifier of the application
- the AppId of the application
- - the url of its registration in the [Azure portal](https://portal.azure.com).
+ - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com).
-- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
+- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
### Usage pattern for tests and DevOps scenarios
-The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
+The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
## How to use the app creation scripts?
@@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications,
if you want to create the apps in a particular tenant, you can use the following option:
-- Open the [Azure portal](https://portal.azure.com)
-- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
+- Open the [Microsoft Entra admin center](https://entra.microsoft.com)
+- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
- Then use the full syntax to run the scripts:
diff --git a/2-Authorization/1-call-graph/README-use-certificate.md b/2-Authorization/1-call-graph/README-use-certificate.md
index 28bc87e..22caf53 100644
--- a/2-Authorization/1-call-graph/README-use-certificate.md
+++ b/2-Authorization/1-call-graph/README-use-certificate.md
@@ -39,7 +39,7 @@ Alternatively, download and build **OpenSSL** for your **OS** following the guid
- **Step 1: [Create a self-signed certificate](#create-a-self-signed-certificate)**
- Option 1: [create self-signed certificate on local machine](#create-self-signed-certificate-on-local-machine)
- Option 2: [create self-signed certificate on Key Vault](#create-self-signed-certificate-on-key-vault)
-- **Step 2: [Configure an Azure AD app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
+- **Step 2: [Configure a Microsoft Entra app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
- **Step 3: [Configure your app(s) to use a certificate](#configure-your-apps-to-use-a-certificate)**
- Option 1: [using an existing certificate from local machine](#using-an-existing-certificate-from-local-machine)
- Option 2: [using an existing certificate from Key Vault](#using-an-existing-certificate-from-key-vault)
@@ -96,9 +96,9 @@ You can use Azure Key Vault to generate a self-signed certificate for you. Doing
> ```
-Click here to use Azure Portal
+Click here to use Microsoft Entra admin center
-Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Azure portal](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
+Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Microsoft Entra admin center](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a-certificate).
@@ -113,13 +113,13 @@ Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a
-### Configure an Azure AD app registration to use a certificate
+### Configure a Microsoft Entra app registration to use a certificate
-Now you must associate your Azure AD app registration with the certificate you will use in your application.
+Now you must associate your Microsoft Entra app registration with the certificate you will use in your application.
> :information_source: If you have the certificate locally available, you can follow the steps below. If your certificate(s) is on Azure Key Vault, you must first export and download them to your computer, and delete the local copy after following the steps below. See: [Export certificates from Azure Key Vault](https://learn.microsoft.com/azure/key-vault/certificates/how-to-export-certificate)
-1. Navigate to [Azure portal](https://portal.azure.com) and select your Azure AD app registration.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select your Microsoft Entra app registration.
1. Select **Certificates & secrets** blade on the left.
1. Click on **Upload** certificate and select the certificate file to upload (e.g. *msal-node-webapp*).
1. Click **Add**. Once the certificate is uploaded, the *thumbprint*, *start date*, and *expiration* values are displayed. Record the *thumbprint* value as you will make use of it later in your app's configuration file.
@@ -255,7 +255,7 @@ Once you deploy your app(s) to Azure App Service, you can assign a managed ident
### Create a system-assigned identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service instance you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -266,7 +266,7 @@ For more information, see [Add a system-assigned identity](https://docs.microsof
Now that your app deployed to App Service has a managed identity, in this step you grant it access to your key vault.
-1. Go to the [Azure portal](https://portal.azure.com) and search for your Key Vault.
+1. Go to the [Microsoft Entra admin center](https://entra.microsoft.com) and search for your Key Vault.
1. Select **Overview** > **Access policies** blade on the left.
1. Click on **Add Access Policy** > **Certificate permissions** > **Get**
1. Click on **Add Access Policy** > **Secret permissions** > **Get**
@@ -281,7 +281,7 @@ Finally, you need to add environment variables to the App Service where you depl
> :warning: Make sure your application is able to read environment variables. Alternatively, you can hardcode the key vault URL and certificate name in your applications configuration file.
-1. In the [Azure portal](https://portal.azure.com), search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (key-value pairs):
1. **KEY_VAULT_URL**: the URL of the key vault you've created, e.g. `https://example.vault.azure.net`
diff --git a/2-Authorization/1-call-graph/README.md b/2-Authorization/1-call-graph/README.md
index e227609..68ea3e6 100644
--- a/2-Authorization/1-call-graph/README.md
+++ b/2-Authorization/1-call-graph/README.md
@@ -14,7 +14,7 @@
## Overview
-This sample demonstrates a Node.js & Express web application that authenticates users against [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) and obtains [access tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) to call [Microsoft Graph](https://docs.microsoft.com/graph/overview) (MS Graph) and [Azure Resource Manager API](https://docs.microsoft.com/azure/azure-resource-manager/management/overview) (ARM API), with the help of [Microsoft Authentication Library for Node.js](https://aka.ms/msalnode) (MSAL Node). In doing so, it illustrates authorization concepts such as [OAuth 2.0 Authorization Code Grant](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow), [dynamic scopes and incremental consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent), **working with multiple resources** and more.
+This sample demonstrates a Node.js & Express web application that authenticates users against [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) and obtains [access tokens](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) to call [Microsoft Graph](https://docs.microsoft.com/graph/overview) (MS Graph) and [Azure Resource Manager API](https://docs.microsoft.com/azure/azure-resource-manager/management/overview) (ARM API), with the help of [Microsoft Authentication Library for Node.js](https://aka.ms/msalnode) (MSAL Node). In doing so, it illustrates authorization concepts such as [OAuth 2.0 Authorization Code Grant](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow), [dynamic scopes and incremental consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent), **working with multiple resources** and more.
This sample also demonstrates how to use the [Microsoft Graph JavaScript SDK](https://github.com/microsoftgraph/msgraph-sdk-javascript) for working with the Microsoft Graph API.
@@ -22,7 +22,7 @@ This sample also demonstrates how to use the [Microsoft Graph JavaScript SDK](ht
## Scenario
-1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain a JWT **Access Token** from **Azure AD**.
+1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain a JWT **Access Token** from **Microsoft Entra ID**.
1. The **Access Token** is used as a *bearer* token to authorize the user to access the **resource server** ([MS Graph](https://aka.ms/graph) or [Azure REST API](https://docs.microsoft.com/rest/api/azure/)).
1. The **resource server** responds with the resource that the user has access to.
@@ -44,8 +44,8 @@ This sample also demonstrates how to use the [Microsoft Graph JavaScript SDK](ht
- [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample.
- [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface.
- A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**.
-- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-- A user account in your **Azure AD** tenant.
+- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+- A user account in your **Microsoft Entra ID** tenant.
## Setup
@@ -76,7 +76,7 @@ There is one project in this sample. To register it, you can:
- follow the steps below for manually register your apps
- or use PowerShell scripts that:
- - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
+ - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you.
- modify the projects' configuration files.
@@ -85,7 +85,7 @@ There is one project in this sample. To register it, you can:
> :warning: If you have never used **Microsoft Graph PowerShell** before, we recommend you go through the [App Creation Scripts Guide](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
1. Ensure that you have [PowerShell 7](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.3) or later.
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
1. For interactive process -in PowerShell, run:
```PowerShell
@@ -95,18 +95,18 @@ There is one project in this sample. To register it, you can:
> Other ways of running the scripts are described in [App Creation Scripts guide](./AppCreationScripts/AppCreationScripts.md). The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
-> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register an Azure AD application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
+> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register a Microsoft Entra application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
-### Choose the Azure AD tenant where you want to create your applications
+### Choose the Microsoft Entra tenant where you want to create your applications
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.
### Register the client app (msal-node-webapp)
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then select **New registration**.
1. In the **Register an application page** that appears, enter your application's registration information:
- In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-webapp`.
@@ -120,7 +120,7 @@ There is one project in this sample. To register it, you can:
- Type a key description (for instance `app secret`),
- Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
- The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
- - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
+ - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Microsoft Entra admin center before navigating to any other screen or blade.
> :warning: For enhanced security, consider using **certificates** instead of client secrets. See: [How to use certificates instead of secrets](./README-use-certificate.md).
1. In the app's registration screen, select the **API permissions** blade in the left to open the page where we add access to the APIs that your application needs.
- Select the **Add a permission** button and then:
@@ -150,9 +150,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
1. Open the `App/authConfig.js` file.
-1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Azure portal.
-1. Find the key `tenantId` and replace the existing value with your Azure AD tenant ID.
-1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Azure portal.
+1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Microsoft Entra admin center.
+1. Find the key `tenantId` and replace the existing value with your Microsoft Entra tenant ID.
+1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Microsoft Entra admin center.
1. Find the key `redirectUri` and replace the existing value with the Redirect URI for `msal-node-webapp`. (by default `http://localhost:4000/redirect`).
> :information_source: For `redirectUri`, you can simply enter the path component of the URI instead of the full URI. For example, instead of `http://localhost:4000/redirect`, you can simply enter `/redirect`. This may come in handy in deployment scenarios.
@@ -196,14 +196,14 @@ Configure your application:
Learn more about the Microsoft identity platform:
-- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
+- [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
-- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
- [Microsoft identity platform and OpenID Connect protocol](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc)
- [Microsoft Identity Platform ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens)
-For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
## Community Help and Support
@@ -213,10 +213,10 @@ Make sure that your questions or comments are tagged with [`azure-active-directo
If you find a bug in the sample, raise the issue on [GitHub Issues](../../../../issues).
-To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
+To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
## Contributing
If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
\ No newline at end of file
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/3-Deployment/README.md b/3-Deployment/README.md
index 852b008..319cccb 100644
--- a/3-Deployment/README.md
+++ b/3-Deployment/README.md
@@ -13,13 +13,13 @@
## Overview
-This sample demonstrates how to deploy a Node.js & Express web application to **Azure Cloud** using the [Azure App Service](https://docs.microsoft.com/azure/app-service/). The application used in this sample is a slightly modified version of the web app from [**chapter 2-1**](../2-Authorization/1-call-graph/README.md). The steps here apply similarly to Azure AD and Azure AD B2C apps.
+This sample demonstrates how to deploy a Node.js & Express web application to **Azure Cloud** using the [Azure App Service](https://docs.microsoft.com/azure/app-service/). The application used in this sample is a slightly modified version of the web app from [**chapter 2-1**](../2-Authorization/1-call-graph/README.md). The steps here apply similarly to Microsoft Entra ID and Azure Active Directory B2C apps.
One of the principles of security is to place credentials like secrets and certificates out of your code and use it in a manner that allows them to be replaced or rotated without incurring a downtime. As such, this sample also uses the [Azure Key Vault](https://docs.microsoft.com/azure/key-vault/general/about-keys-secrets-certificates) to store client secrets safely on the cloud.
## Scenario
-1. The client application uses the **MSAL Node** (via [microsoft-identity-express](https://github.com/Azure-Samples/microsoft-identity-express)) to sign-in a user and obtain a JWT **Access Token** from **Azure AD**.
+1. The client application uses the **MSAL Node** (via [microsoft-identity-express](https://github.com/Azure-Samples/microsoft-identity-express)) to sign-in a user and obtain a JWT **Access Token** from **Microsoft Entra ID**.
1. The **Access Token** is used as a *bearer* token to authorize the user to access the **resource** (MS Graph).
1. The **resource server** responds with the resource that the user has access to.
@@ -28,8 +28,8 @@ One of the principles of security is to place credentials like secrets and certi
## Prerequisites
- [VS Code Azure Tools Extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with **Azure** through VS Code interface.
-- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/)
-- A user account in your **Azure AD** tenant.
+- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://azure.microsoft.com/documentation/articles/active-directory-howto-tenant/)
+- A user account in your **Microsoft Entra ID** tenant.
- An **Azure subscription**. This sample uses **Azure App Service** and **Azure Key Vault**.
## Setup
@@ -66,7 +66,7 @@ Use the same app registration credentials that you've obtained during [**chapter
There are basically **2** stages that you will have to go through in order to deploy your projects and enable authentication:
1. Upload your project files to **Azure** services and obtain published website URIs
-1. Update **Azure AD** **App Registration** with URIs you have just obtained
+1. Update **Microsoft Entra ID** **App Registration** with URIs you have just obtained
There are various ways to upload your files to **Azure App Service**. Here we provide steps for uploading via **VS Code Azure Tools Extension**.
@@ -92,9 +92,9 @@ There are various ways to upload your files to **Azure App Service**. Here we pr
-#### Step 2: Update Azure AD App Registration
+#### Step 2: Update Microsoft Entra app Registration
-Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
+Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then find and select the web app that you have registered in the previous tutorial (`example-express-webapp1`).
1. Navigate to the **Authentication** blade. There, in **Redirect URI** section, enter the published URL website, for instance: `https://example-express-webapp1.azurewebsites.net/redirect`.
@@ -106,7 +106,7 @@ To achieve this we'll place our application's credentials in [Azure Key Vault](h
#### Set up your Managed Identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -124,7 +124,7 @@ Before starting here, make sure:
##### Upload your secret to KeyVault
-1. Navigate to your new key vault in the Azure portal.
+1. Navigate to your new key vault in the Microsoft Entra admin center.
1. On the Key Vault settings pages, select **Secrets**.
1. Click on **Generate/Import**.
1. On the **Create a secret** screen choose the following values:
@@ -146,7 +146,7 @@ Before starting here, make sure:
Finally, you need to add a few environment variables to the App Service where you deployed your web app.
-1. In the [Azure portal](https://portal.azure.com) , search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com) , search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (name-value):
1. **KEY_VAULT_URI**: the name of the key vault you've created, e.g. `example-key-vault`
@@ -184,7 +184,7 @@ In [app.js](./App/app.js), we instantiate an **MsalWebAppAuthClient** object asy
- [Azure Key Vault](https://docs.microsoft.com/azure/key-vault/general/about-keys-secrets-certificates)
- [Azure Managed Identity](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
-For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
## Community Help and Support
diff --git a/4-AccessControl/1-app-roles/AppCreationScripts/AppCreationScripts.md b/4-AccessControl/1-app-roles/AppCreationScripts/AppCreationScripts.md
index 624c702..b56d506 100644
--- a/4-AccessControl/1-app-roles/AppCreationScripts/AppCreationScripts.md
+++ b/4-AccessControl/1-app-roles/AppCreationScripts/AppCreationScripts.md
@@ -4,7 +4,7 @@
### Quick summary
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
```PowerShell
cd .\AppCreationScripts\
@@ -28,25 +28,25 @@
### Presentation of the scripts
-This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
+This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
- `Configure.ps1` which:
- - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
+ - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
+ - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created:
- the identifier of the application
- the AppId of the application
- - the url of its registration in the [Azure portal](https://portal.azure.com).
+ - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com).
-- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
+- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
### Usage pattern for tests and DevOps scenarios
-The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
+The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
## How to use the app creation scripts?
@@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications,
if you want to create the apps in a particular tenant, you can use the following option:
-- Open the [Azure portal](https://portal.azure.com)
-- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
+- Open the [Microsoft Entra admin center](https://entra.microsoft.com)
+- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
- Then use the full syntax to run the scripts:
diff --git a/4-AccessControl/1-app-roles/README-use-certificate.md b/4-AccessControl/1-app-roles/README-use-certificate.md
index 28bc87e..22caf53 100644
--- a/4-AccessControl/1-app-roles/README-use-certificate.md
+++ b/4-AccessControl/1-app-roles/README-use-certificate.md
@@ -39,7 +39,7 @@ Alternatively, download and build **OpenSSL** for your **OS** following the guid
- **Step 1: [Create a self-signed certificate](#create-a-self-signed-certificate)**
- Option 1: [create self-signed certificate on local machine](#create-self-signed-certificate-on-local-machine)
- Option 2: [create self-signed certificate on Key Vault](#create-self-signed-certificate-on-key-vault)
-- **Step 2: [Configure an Azure AD app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
+- **Step 2: [Configure a Microsoft Entra app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
- **Step 3: [Configure your app(s) to use a certificate](#configure-your-apps-to-use-a-certificate)**
- Option 1: [using an existing certificate from local machine](#using-an-existing-certificate-from-local-machine)
- Option 2: [using an existing certificate from Key Vault](#using-an-existing-certificate-from-key-vault)
@@ -96,9 +96,9 @@ You can use Azure Key Vault to generate a self-signed certificate for you. Doing
> ```
-Click here to use Azure Portal
+Click here to use Microsoft Entra admin center
-Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Azure portal](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
+Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Microsoft Entra admin center](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a-certificate).
@@ -113,13 +113,13 @@ Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a
-### Configure an Azure AD app registration to use a certificate
+### Configure a Microsoft Entra app registration to use a certificate
-Now you must associate your Azure AD app registration with the certificate you will use in your application.
+Now you must associate your Microsoft Entra app registration with the certificate you will use in your application.
> :information_source: If you have the certificate locally available, you can follow the steps below. If your certificate(s) is on Azure Key Vault, you must first export and download them to your computer, and delete the local copy after following the steps below. See: [Export certificates from Azure Key Vault](https://learn.microsoft.com/azure/key-vault/certificates/how-to-export-certificate)
-1. Navigate to [Azure portal](https://portal.azure.com) and select your Azure AD app registration.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select your Microsoft Entra app registration.
1. Select **Certificates & secrets** blade on the left.
1. Click on **Upload** certificate and select the certificate file to upload (e.g. *msal-node-webapp*).
1. Click **Add**. Once the certificate is uploaded, the *thumbprint*, *start date*, and *expiration* values are displayed. Record the *thumbprint* value as you will make use of it later in your app's configuration file.
@@ -255,7 +255,7 @@ Once you deploy your app(s) to Azure App Service, you can assign a managed ident
### Create a system-assigned identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service instance you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -266,7 +266,7 @@ For more information, see [Add a system-assigned identity](https://docs.microsof
Now that your app deployed to App Service has a managed identity, in this step you grant it access to your key vault.
-1. Go to the [Azure portal](https://portal.azure.com) and search for your Key Vault.
+1. Go to the [Microsoft Entra admin center](https://entra.microsoft.com) and search for your Key Vault.
1. Select **Overview** > **Access policies** blade on the left.
1. Click on **Add Access Policy** > **Certificate permissions** > **Get**
1. Click on **Add Access Policy** > **Secret permissions** > **Get**
@@ -281,7 +281,7 @@ Finally, you need to add environment variables to the App Service where you depl
> :warning: Make sure your application is able to read environment variables. Alternatively, you can hardcode the key vault URL and certificate name in your applications configuration file.
-1. In the [Azure portal](https://portal.azure.com), search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (key-value pairs):
1. **KEY_VAULT_URL**: the URL of the key vault you've created, e.g. `https://example.vault.azure.net`
diff --git a/4-AccessControl/1-app-roles/README.md b/4-AccessControl/1-app-roles/README.md
index 169e43e..dccb2b1 100644
--- a/4-AccessControl/1-app-roles/README.md
+++ b/4-AccessControl/1-app-roles/README.md
@@ -14,15 +14,15 @@
## Overview
-This sample demonstrates a Node.js & Express web app that is secured with the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) (MSAL Node). The app implements **Role-based Access Control** (RBAC) by using Azure AD [App Roles](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps). In the sample, users in **TaskUser** role can perform CRUD operations on their todo list, while users in **TaskAdmin** role can see all other users' tasks.
+This sample demonstrates a Node.js & Express web app that is secured with the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) (MSAL Node). The app implements **Role-based Access Control** (RBAC) by using Microsoft Entra ID [App Roles](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps). In the sample, users in **TaskUser** role can perform CRUD operations on their todo list, while users in **TaskAdmin** role can see all other users' tasks.
-Access control in Azure AD can be done with **Security Groups** as well, as we will cover in the [next tutorial](../2-security-groups/README.md). **Security Groups** and **App Roles** in Azure AD are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
+Access control in Microsoft Entra ID can be done with **Security Groups** as well, as we will cover in the [next tutorial](../2-security-groups/README.md). **Security Groups** and **App Roles** in Microsoft Entra ID are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
> :information_source: Check out the recorded session on this topic: [Implement Authorization in your Applications with Microsoft identity platform](https://www.youtube.com/watch?v=LRoc-na27l0)
## Scenario
-1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain an **ID Token** from **Azure AD**.
+1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain an **ID Token** from **Microsoft Entra ID**.
2. The **ID Token** contains the [roles claim](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps#declare-roles-for-an-application) that is used to control access to protected routes.
@@ -42,8 +42,8 @@ Access control in Azure AD can be done with **Security Groups** as well, as we w
- [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample.
- [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface.
- A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**.
-- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-- A user account in your **Azure AD** tenant.
+- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+- A user account in your **Microsoft Entra ID** tenant.
## Setup
@@ -72,7 +72,7 @@ There is one project in this sample. To register it, you can:
- follow the steps below for manually register your apps
- or use PowerShell scripts that:
- - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
+ - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you.
- modify the projects' configuration files.
@@ -81,7 +81,7 @@ There is one project in this sample. To register it, you can:
> :warning: If you have never used **Microsoft Graph PowerShell** before, we recommend you go through the [App Creation Scripts Guide](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
1. Ensure that you have [PowerShell 7](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.3) or later.
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
1. For interactive process -in PowerShell, run:
```PowerShell
@@ -91,18 +91,18 @@ There is one project in this sample. To register it, you can:
> Other ways of running the scripts are described in [App Creation Scripts guide](./AppCreationScripts/AppCreationScripts.md). The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
-> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register an Azure AD application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
+> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register a Microsoft Entra application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
-### Choose the Azure AD tenant where you want to create your applications
+### Choose the Microsoft Entra tenant where you want to create your applications
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.
### Register the client app (msal-node-webapp)
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then select **New registration**.
1. In the **Register an application page** that appears, enter your application's registration information:
- In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-webapp`.
@@ -115,7 +115,7 @@ There is one project in this sample. To register it, you can:
- Type a key description (for instance `app secret`),
- Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
- The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
- - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
+ - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Microsoft Entra admin center before navigating to any other screen or blade.
> :warning: For enhanced security, consider using **certificates** instead of client secrets. See: [How to use certificates instead of secrets](./README-use-certificate.md).
#### Configure Optional Claims
@@ -142,7 +142,7 @@ To add users to this app role, follow the guidelines here: [Assign users and gro
> :bulb: **Important security tip**
>
-> When you set **User assignment required?** to **Yes**, Azure AD will check that only users assigned to your application in the **Users and groups** blade are able to sign-in to your app.To enable this, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/manage-apps/assign-user-or-group-access-portal#configure-an-application-to-require-user-assignment). You can assign users directly or by assigning security groups they belong to.
+> When you set **User assignment required?** to **Yes**, Microsoft Entra ID will check that only users assigned to your application in the **Users and groups** blade are able to sign-in to your app.To enable this, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/manage-apps/assign-user-or-group-access-portal#configure-an-application-to-require-user-assignment). You can assign users directly or by assigning security groups they belong to.
For more information, see: [How to: Add app roles in your application and receive them in the token](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps)
@@ -153,9 +153,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
1. Open the `App/authConfig.js` file.
-1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Azure portal.
-1. Find the key `tenantId` and replace the existing value with your Azure AD tenant ID.
-1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Azure portal.
+1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Microsoft Entra admin center.
+1. Find the key `tenantId` and replace the existing value with your Microsoft Entra tenant ID.
+1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Microsoft Entra admin center.
1. Find the key `redirectUri` and replace the existing value with the Redirect URI for `msal-node-webapp`. (by default `http://localhost:4000/redirect`).
> :information_source: For `redirectUri`, you can simply enter the path component of the URI instead of the full URI. For example, instead of `http://localhost:4000/redirect`, you can simply enter `/redirect`. This may come in handy in deployment scenarios.
@@ -197,14 +197,14 @@ Configure your application:
Learn more about the Microsoft identity platform:
-- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
+- [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
-- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
- [Microsoft identity platform and OpenID Connect protocol](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc)
- [Microsoft Identity Platform ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens)
-For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
## Community Help and Support
@@ -214,10 +214,10 @@ Make sure that your questions or comments are tagged with [`azure-active-directo
If you find a bug in the sample, raise the issue on [GitHub Issues](../../../../issues).
-To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
+To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
## Contributing
If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
\ No newline at end of file
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/4-AccessControl/2-security-groups/AppCreationScripts/AppCreationScripts.md b/4-AccessControl/2-security-groups/AppCreationScripts/AppCreationScripts.md
index 624c702..b56d506 100644
--- a/4-AccessControl/2-security-groups/AppCreationScripts/AppCreationScripts.md
+++ b/4-AccessControl/2-security-groups/AppCreationScripts/AppCreationScripts.md
@@ -4,7 +4,7 @@
### Quick summary
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
```PowerShell
cd .\AppCreationScripts\
@@ -28,25 +28,25 @@
### Presentation of the scripts
-This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
+This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
- `Configure.ps1` which:
- - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
+ - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
+ - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created:
- the identifier of the application
- the AppId of the application
- - the url of its registration in the [Azure portal](https://portal.azure.com).
+ - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com).
-- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
+- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
### Usage pattern for tests and DevOps scenarios
-The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
+The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
## How to use the app creation scripts?
@@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications,
if you want to create the apps in a particular tenant, you can use the following option:
-- Open the [Azure portal](https://portal.azure.com)
-- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
+- Open the [Microsoft Entra admin center](https://entra.microsoft.com)
+- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
- Then use the full syntax to run the scripts:
diff --git a/4-AccessControl/2-security-groups/README-use-certificate.md b/4-AccessControl/2-security-groups/README-use-certificate.md
index 28bc87e..22caf53 100644
--- a/4-AccessControl/2-security-groups/README-use-certificate.md
+++ b/4-AccessControl/2-security-groups/README-use-certificate.md
@@ -39,7 +39,7 @@ Alternatively, download and build **OpenSSL** for your **OS** following the guid
- **Step 1: [Create a self-signed certificate](#create-a-self-signed-certificate)**
- Option 1: [create self-signed certificate on local machine](#create-self-signed-certificate-on-local-machine)
- Option 2: [create self-signed certificate on Key Vault](#create-self-signed-certificate-on-key-vault)
-- **Step 2: [Configure an Azure AD app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
+- **Step 2: [Configure a Microsoft Entra app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
- **Step 3: [Configure your app(s) to use a certificate](#configure-your-apps-to-use-a-certificate)**
- Option 1: [using an existing certificate from local machine](#using-an-existing-certificate-from-local-machine)
- Option 2: [using an existing certificate from Key Vault](#using-an-existing-certificate-from-key-vault)
@@ -96,9 +96,9 @@ You can use Azure Key Vault to generate a self-signed certificate for you. Doing
> ```
-Click here to use Azure Portal
+Click here to use Microsoft Entra admin center
-Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Azure portal](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
+Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Microsoft Entra admin center](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a-certificate).
@@ -113,13 +113,13 @@ Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a
-### Configure an Azure AD app registration to use a certificate
+### Configure a Microsoft Entra app registration to use a certificate
-Now you must associate your Azure AD app registration with the certificate you will use in your application.
+Now you must associate your Microsoft Entra app registration with the certificate you will use in your application.
> :information_source: If you have the certificate locally available, you can follow the steps below. If your certificate(s) is on Azure Key Vault, you must first export and download them to your computer, and delete the local copy after following the steps below. See: [Export certificates from Azure Key Vault](https://learn.microsoft.com/azure/key-vault/certificates/how-to-export-certificate)
-1. Navigate to [Azure portal](https://portal.azure.com) and select your Azure AD app registration.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select your Microsoft Entra app registration.
1. Select **Certificates & secrets** blade on the left.
1. Click on **Upload** certificate and select the certificate file to upload (e.g. *msal-node-webapp*).
1. Click **Add**. Once the certificate is uploaded, the *thumbprint*, *start date*, and *expiration* values are displayed. Record the *thumbprint* value as you will make use of it later in your app's configuration file.
@@ -255,7 +255,7 @@ Once you deploy your app(s) to Azure App Service, you can assign a managed ident
### Create a system-assigned identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service instance you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -266,7 +266,7 @@ For more information, see [Add a system-assigned identity](https://docs.microsof
Now that your app deployed to App Service has a managed identity, in this step you grant it access to your key vault.
-1. Go to the [Azure portal](https://portal.azure.com) and search for your Key Vault.
+1. Go to the [Microsoft Entra admin center](https://entra.microsoft.com) and search for your Key Vault.
1. Select **Overview** > **Access policies** blade on the left.
1. Click on **Add Access Policy** > **Certificate permissions** > **Get**
1. Click on **Add Access Policy** > **Secret permissions** > **Get**
@@ -281,7 +281,7 @@ Finally, you need to add environment variables to the App Service where you depl
> :warning: Make sure your application is able to read environment variables. Alternatively, you can hardcode the key vault URL and certificate name in your applications configuration file.
-1. In the [Azure portal](https://portal.azure.com), search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (key-value pairs):
1. **KEY_VAULT_URL**: the URL of the key vault you've created, e.g. `https://example.vault.azure.net`
diff --git a/4-AccessControl/2-security-groups/README.md b/4-AccessControl/2-security-groups/README.md
index 9b001f3..60857fd 100644
--- a/4-AccessControl/2-security-groups/README.md
+++ b/4-AccessControl/2-security-groups/README.md
@@ -14,15 +14,15 @@
## Overview
-This sample demonstrates a Node.js & Express web app that is secured with the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) (MSAL Node). The app implements **Role-based Access Control** (RBAC) by using Azure AD [Security Groups](https://docs.microsoft.com/microsoft-365/community/all-about-groups). In the sample, users in **TaskUser** role can perform CRUD operations on their todo list, while users in **TaskAdmin** role can see all other users' tasks.
+This sample demonstrates a Node.js & Express web app that is secured with the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) (MSAL Node). The app implements **Role-based Access Control** (RBAC) by using Microsoft Entra ID [Security Groups](https://docs.microsoft.com/microsoft-365/community/all-about-groups). In the sample, users in **TaskUser** role can perform CRUD operations on their todo list, while users in **TaskAdmin** role can see all other users' tasks.
-Access control in Azure AD can be done with **App Roles** as well, as we covered in the [previous tutorial](../1-app-roles/README.md). **Security Groups** and **App Roles** in Azure AD are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
+Access control in Microsoft Entra ID can be done with **App Roles** as well, as we covered in the [previous tutorial](../1-app-roles/README.md). **Security Groups** and **App Roles** in Microsoft Entra ID are by no means mutually exclusive - they can be used in tandem to provide even finer grained access control.
> :information_source: Check out the recorded session on this topic: [An introduction to Microsoft Graph for developers](https://www.youtube.com/watch?v=EBbnpFdB92A)
## Scenario
-1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain an **ID Token** from **Azure AD**.
+1. The client application uses **MSAL Node** (via [msal-node-wrapper](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/Common/msal-node-wrapper)) to sign-in a user and obtain an **ID Token** from **Microsoft Entra ID**.
2. The **ID Token** contains the [groups claim](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-fed-group-claims) that is used to control access to protected routes.
@@ -42,8 +42,8 @@ Access control in Azure AD can be done with **App Roles** as well, as we covered
- [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample.
- [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface.
- A modern web browser. This sample uses **ES6** conventions and will not run on **Internet Explorer**.
-- An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
-- A user account in your **Azure AD** tenant.
+- An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
+- A user account in your **Microsoft Entra ID** tenant.
## Setup
@@ -72,7 +72,7 @@ There is one project in this sample. To register it, you can:
- follow the steps below for manually register your apps
- or use PowerShell scripts that:
- - **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
+ - **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you.
- modify the projects' configuration files.
@@ -81,7 +81,7 @@ There is one project in this sample. To register it, you can:
> :warning: If you have never used **Microsoft Graph PowerShell** before, we recommend you go through the [App Creation Scripts Guide](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
1. Ensure that you have [PowerShell 7](https://learn.microsoft.com/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.3) or later.
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
1. For interactive process -in PowerShell, run:
```PowerShell
@@ -91,18 +91,18 @@ There is one project in this sample. To register it, you can:
> Other ways of running the scripts are described in [App Creation Scripts guide](./AppCreationScripts/AppCreationScripts.md). The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
-> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register an Azure AD application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
+> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register a Microsoft Entra application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
-### Choose the Azure AD tenant where you want to create your applications
+### Choose the Microsoft Entra tenant where you want to create your applications
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.
### Register the client app (msal-node-webapp)
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then select **New registration**.
1. In the **Register an application page** that appears, enter your application's registration information:
- In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-webapp`.
@@ -116,7 +116,7 @@ There is one project in this sample. To register it, you can:
- Type a key description (for instance `app secret`),
- Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
- The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
- - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
+ - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Microsoft Entra admin center before navigating to any other screen or blade.
> :warning: For enhanced security, consider using **certificates** instead of client secrets. See: [How to use certificates instead of secrets](./README-use-certificate.md).
1. In the app's registration screen, select the **API permissions** blade in the left to open the page where we add access to the APIs that your application needs.
- Select the **Add a permission** button and then,
@@ -142,9 +142,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
1. Open the `App/authConfig.js` file.
-1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Azure portal.
-1. Find the key `tenantId` and replace the existing value with your Azure AD tenant ID.
-1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Azure portal.
+1. Find the key `clientId` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Microsoft Entra admin center.
+1. Find the key `tenantId` and replace the existing value with your Microsoft Entra tenant ID.
+1. Find the key `clientSecret` and replace the existing value with the key you saved during the creation of `msal-node-webapp` copied from the Microsoft Entra admin center.
1. Find the key `redirectUri` and replace the existing value with the Redirect URI for `msal-node-webapp`. (by default `http://localhost:4000/redirect`).
> :information_source: For `redirectUri`, you can simply enter the path component of the URI instead of the full URI. For example, instead of `http://localhost:4000/redirect`, you can simply enter `/redirect`. This may come in handy in deployment scenarios.
@@ -156,7 +156,7 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> :warning: You may already have security groups with the names defined below in your tenant and/or you may not have permissions to create new security groups. In that case, skip the steps below and update the configuration files in your project(s) with the desired names/IDs of existing groups in your tenant.
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select **Groups** blade on the left.
1. In the **Groups** blade, select **New Group**.
1. For **Group Type**, select **Security**
@@ -172,30 +172,30 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
1. Select **Create**.
1. Assign the user accounts that you plan to work with to these security groups.
-For more information, visit: [Create a basic group and add members using Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
+For more information, visit: [Create a basic group and add members using Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
### Configure Security Groups
You have two different options available to you on how you can further configure your application to receive the `groups` claim.
-1. [Receive **all the groups** that the signed-in user is assigned to in an Azure AD tenant, included nested groups](#configure-your-application-to-receive-all-the-groups-the-signed-in-user-is-assigned-to-including-nested-groups).
-2. [Receive the **groups** claim values from a **filtered set of groups** that your application is programmed to work with](#configure-your-application-to-receive-the-groups-claim-values-from-a-filtered-set-of-groups-a-user-may-be-assigned-to) (Not available in the [Azure AD Free edition](https://azure.microsoft.com/pricing/details/active-directory/)).
+1. [Receive **all the groups** that the signed-in user is assigned to in a Microsoft Entra tenant, included nested groups](#configure-your-application-to-receive-all-the-groups-the-signed-in-user-is-assigned-to-including-nested-groups).
+2. [Receive the **groups** claim values from a **filtered set of groups** that your application is programmed to work with](#configure-your-application-to-receive-the-groups-claim-values-from-a-filtered-set-of-groups-a-user-may-be-assigned-to) (Not available in the [Microsoft Entra ID Free edition](https://azure.microsoft.com/pricing/details/active-directory/)).
-> To get the on-premise group's `samAccountName` or `On Premises Group Security Identifier` instead of Group ID, please refer to the document [Configure group claims for applications with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-fed-group-claims#prerequisites-for-using-group-attributes-synchronized-from-active-directory).
+> To get the on-premise group's `samAccountName` or `On Premises Group Security Identifier` instead of Group ID, please refer to the document [Configure group claims for applications with Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-fed-group-claims#prerequisites-for-using-group-attributes-synchronized-from-active-directory).
#### Configure your application to receive **all the groups** the signed-in user is assigned to, including nested groups
1. In the app's registration screen, select the **Token Configuration** blade in the left to open the page where you can configure the claims provided tokens issued to your application.
1. Select the **Add groups claim** button on top to open the **Edit Groups Claim** screen.
1. Select `Security groups` **or** the `All groups (includes distribution lists but not groups assigned to the application)` option. Choosing both negates the effect of `Security Groups` option.
-1. Under the **ID** section, select `Group ID`. This will result in Azure AD sending the [object id](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the **groups** claim of the [ID Token](https://docs.microsoft.com/azure/active-directory/develop/id-tokens) that your app receives after signing-in a user.
+1. Under the **ID** section, select `Group ID`. This will result in Microsoft Entra ID sending the [object id](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the **groups** claim of the [ID Token](https://docs.microsoft.com/azure/active-directory/develop/id-tokens) that your app receives after signing-in a user.
#### Configure your application to receive the `groups` claim values from a **filtered set of groups** a user may be assigned to
##### Prerequisites, benefits and limitations of using this option
1. This option is useful when your application is interested in a selected set of groups that a signing-in user may be assigned to and not every security group this user is assigned to in the tenant. This option also saves your application from running into the [overage](#groups-overage-claim) issue.
-1. This feature is not available in the [Azure AD Free edition](https://azure.microsoft.com/pricing/details/active-directory/).
+1. This feature is not available in the [Microsoft Entra ID Free edition](https://azure.microsoft.com/pricing/details/active-directory/).
1. **Nested group assignments** are not available when this option is utilized.
##### Steps to enable this option in your app
@@ -204,8 +204,8 @@ You have two different options available to you on how you can further configure
1. Select the **Add groups claim** button on top to open the **Edit Groups Claim** screen.
1. Select `Groups assigned to the application`.
1. Choosing additional options like `Security Groups` or `All groups (includes distribution lists but not groups assigned to the application)` will negate the benefits your app derives from choosing to use this option.
-1. Under the **ID** section, select `Group ID`. This will result in Azure AD sending the object [id](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the `groups` claim of the [ID Token](https://docs.microsoft.com/azure/active-directory/develop/id-tokens) that your app receives after signing-in a user.
-1. If you are exposing a Web API using the **Expose an API** option, then you can also choose the `Group ID` option under the **Access** section. This will result in Azure AD sending the [Object ID](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the `groups` claim of the [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) issued to the client applications of your API.
+1. Under the **ID** section, select `Group ID`. This will result in Microsoft Entra ID sending the object [id](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the `groups` claim of the [ID Token](https://docs.microsoft.com/azure/active-directory/develop/id-tokens) that your app receives after signing-in a user.
+1. If you are exposing a Web API using the **Expose an API** option, then you can also choose the `Group ID` option under the **Access** section. This will result in Microsoft Entra ID sending the [Object ID](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0) of the groups the user is assigned to in the `groups` claim of the [Access Token](https://docs.microsoft.com/azure/active-directory/develop/access-tokens) issued to the client applications of your API.
1. In the app's registration screen, select on the **Overview** blade in the left to open the Application overview screen. Select the hyperlink with the name of your application in **Managed application in local directory** (note this field title can be truncated for instance `Managed application in ...`). When you select this link you will navigate to the **Enterprise Application Overview** page associated with the service principal for your application in the tenant where you created it. You can navigate back to the app registration page by using the *back* button of your browser.
1. Select the **Users and groups** blade in the left to open the page where you can assign users and groups to your application.
1. Select the **Add user** button on the top row.
@@ -218,7 +218,7 @@ You have two different options available to you on how you can further configure
> :bulb: **Important security tip**
>
-> When you set **User assignment required?** to **Yes**, Azure AD will check that only users assigned to your application in the **Users and groups** blade are able to sign-in to your app. You can assign users directly or by assigning security groups they belong to.
+> When you set **User assignment required?** to **Yes**, Microsoft Entra ID will check that only users assigned to your application in the **Users and groups** blade are able to sign-in to your app. You can assign users directly or by assigning security groups they belong to.
## Running the sample
@@ -507,14 +507,14 @@ Configure your application:
Learn more about the Microsoft identity platform:
-- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
+- [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
-- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
- [Microsoft identity platform and OpenID Connect protocol](https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc)
- [Microsoft Identity Platform ID Tokens](https://docs.microsoft.com/azure/active-directory/develop/id-tokens)
-For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
## Community Help and Support
@@ -524,10 +524,10 @@ Make sure that your questions or comments are tagged with [`azure-active-directo
If you find a bug in the sample, raise the issue on [GitHub Issues](../../../../issues).
-To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
+To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
## Contributing
If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
\ No newline at end of file
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/5-AdvancedScenarios/1-call-graph-bff/AppCreationScripts/AppCreationScripts.md b/5-AdvancedScenarios/1-call-graph-bff/AppCreationScripts/AppCreationScripts.md
index 624c702..b56d506 100644
--- a/5-AdvancedScenarios/1-call-graph-bff/AppCreationScripts/AppCreationScripts.md
+++ b/5-AdvancedScenarios/1-call-graph-bff/AppCreationScripts/AppCreationScripts.md
@@ -4,7 +4,7 @@
### Quick summary
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
```PowerShell
cd .\AppCreationScripts\
@@ -28,25 +28,25 @@
### Presentation of the scripts
-This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
+This sample comes with two PowerShell scripts, which automate the creation of the Microsoft Entra applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test.
These scripts are:
- `Configure.ps1` which:
- - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles),
+ - creates Microsoft Entra applications and their related objects (permissions, dependencies, secrets, app roles),
- changes the configuration files in the sample projects.
- - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created:
+ - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Microsoft Entra application it created:
- the identifier of the application
- the AppId of the application
- - the url of its registration in the [Azure portal](https://portal.azure.com).
+ - the url of its registration in the [Microsoft Entra admin center](https://entra.microsoft.com).
-- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
+- `Cleanup.ps1` which cleans-up the Microsoft Entra objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`).
> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets.
### Usage pattern for tests and DevOps scenarios
-The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
+The `Configure.ps1` will stop if it tries to create a Microsoft Entra application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below.
## How to use the app creation scripts?
@@ -108,8 +108,8 @@ Note that the script will choose the tenant in which to create the applications,
if you want to create the apps in a particular tenant, you can use the following option:
-- Open the [Azure portal](https://portal.azure.com)
-- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window)
+- Open the [Microsoft Entra admin center](https://entra.microsoft.com)
+- Select the Microsoft Entra ID you are interested in (in the combo-box below your name on the top right of the browser window)
- Find the "Active Directory" object in this tenant
- Go to **Properties** and copy the content of the **Directory Id** property
- Then use the full syntax to run the scripts:
diff --git a/5-AdvancedScenarios/1-call-graph-bff/README-use-certificate.md b/5-AdvancedScenarios/1-call-graph-bff/README-use-certificate.md
index aebe14b..6af6e59 100644
--- a/5-AdvancedScenarios/1-call-graph-bff/README-use-certificate.md
+++ b/5-AdvancedScenarios/1-call-graph-bff/README-use-certificate.md
@@ -39,7 +39,7 @@ Alternatively, download and build **OpenSSL** for your **OS** following the guid
- **Step 1: [Create a self-signed certificate](#create-a-self-signed-certificate)**
- Option 1: [create self-signed certificate on local machine](#create-self-signed-certificate-on-local-machine)
- Option 2: [create self-signed certificate on Key Vault](#create-self-signed-certificate-on-key-vault)
-- **Step 2: [Configure an Azure AD app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
+- **Step 2: [Configure a Microsoft Entra app registration to use a certificate](#configure-an-azure-ad-app-registration-to-use-a-certificate)**
- **Step 3: [Configure your app(s) to use a certificate](#configure-your-apps-to-use-a-certificate)**
- Option 1: [using an existing certificate from local machine](#using-an-existing-certificate-from-local-machine)
- Option 2: [using an existing certificate from Key Vault](#using-an-existing-certificate-from-key-vault)
@@ -96,9 +96,9 @@ You can use Azure Key Vault to generate a self-signed certificate for you. Doing
> ```
-Click here to use Azure Portal
+Click here to use Microsoft Entra admin center
-Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Azure portal](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
+Follow the guide: [Set and retrieve a certificate from Azure Key Vault using the Microsoft Entra admin center](https://learn.microsoft.com/azure/key-vault/certificates/quick-create-portal)
Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a-certificate).
@@ -113,13 +113,13 @@ Afterwards, proceed to [Step 2](#configure-an-azure-ad-app-registration-to-use-a
-### Configure an Azure AD app registration to use a certificate
+### Configure a Microsoft Entra app registration to use a certificate
-Now you must associate your Azure AD app registration with the certificate you will use in your application.
+Now you must associate your Microsoft Entra app registration with the certificate you will use in your application.
> :information_source: If you have the certificate locally available, you can follow the steps below. If your certificate(s) is on Azure Key Vault, you must first export and download them to your computer, and delete the local copy after following the steps below. See: [Export certificates from Azure Key Vault](https://learn.microsoft.com/azure/key-vault/certificates/how-to-export-certificate)
-1. Navigate to [Azure portal](https://portal.azure.com) and select your Azure AD app registration.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select your Microsoft Entra app registration.
1. Select **Certificates & secrets** blade on the left.
1. Click on **Upload** certificate and select the certificate file to upload (e.g. *msal-node-webapp*).
1. Click **Add**. Once the certificate is uploaded, the *thumbprint*, *start date*, and *expiration* values are displayed. Record the *thumbprint* value as you will make use of it later in your app's configuration file.
@@ -267,7 +267,7 @@ Once you deploy your app(s) to Azure App Service, you can assign a managed ident
### Create a system-assigned identity
-1. Navigate to [Azure portal](https://portal.azure.com) and select the **Azure App Service**.
+1. Navigate to [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Azure App Service**.
1. Find and select the App Service instance you've created previously.
1. On App Service portal, select **Identity**.
1. Within the **System assigned** tab, switch **Status** to **On**. Click **Save**.
@@ -278,7 +278,7 @@ For more information, see [Add a system-assigned identity](https://docs.microsof
Now that your app deployed to App Service has a managed identity, in this step you grant it access to your key vault.
-1. Go to the [Azure portal](https://portal.azure.com) and search for your Key Vault.
+1. Go to the [Microsoft Entra admin center](https://entra.microsoft.com) and search for your Key Vault.
1. Select **Overview** > **Access policies** blade on the left.
1. Click on **Add Access Policy** > **Certificate permissions** > **Get**
1. Click on **Add Access Policy** > **Secret permissions** > **Get**
@@ -293,7 +293,7 @@ Finally, you need to add environment variables to the App Service where you depl
> :warning: Make sure your application is able to read environment variables. Alternatively, you can hardcode the key vault URL and certificate name in your applications configuration file.
-1. In the [Azure portal](https://portal.azure.com), search for and select **App Service**, and then select your app.
+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **App Service**, and then select your app.
1. Select **Configuration** blade on the left, then select **New Application Settings**.
1. Add the following variables (key-value pairs):
1. **KEY_VAULT_URL**: the URL of the key vault you've created, e.g. `https://example.vault.azure.net`
diff --git a/5-AdvancedScenarios/1-call-graph-bff/README.md b/5-AdvancedScenarios/1-call-graph-bff/README.md
index b9d1dc6..0923051 100644
--- a/5-AdvancedScenarios/1-call-graph-bff/README.md
+++ b/5-AdvancedScenarios/1-call-graph-bff/README.md
@@ -1,11 +1,11 @@
---
page_type: sample
-name: A React SPA with a Node.Js (Express) back-end using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Azure AD and calling Microsoft Graph
-description: A React SPA with a Node.Js (Express) back-end using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Azure AD and calling Microsoft Graph on the user's behalf
+name: A React SPA with a Node.Js (Express) back-end using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Microsoft Entra ID and calling Microsoft Graph
+description: A React SPA with a Node.Js (Express) back-end using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Microsoft Entra ID and calling Microsoft Graph on the user's behalf
languages:
- javascript
products:
- - azure-active-directory
+ - microsoft-entra-id
- msal-js
- msal-node
- ms-graph
@@ -13,13 +13,13 @@ urlFragment: ms-identity-javascript-nodejs-tutorial
extensions:
- services: ms-identity
- platform: JavaScript
-- endpoint: AAD v2.0
+- endpoint: Microsoft Entra ID v2.0
- level: 300
- client: React SPA with Express backend
- service: MS Graph
---
-# A React SPA with a Node.js (Express) web app using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Azure AD and call Microsoft Graph
+# A React SPA with a Node.js (Express) web app using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Microsoft Entra ID and call Microsoft Graph
* [Overview](#overview)
* [Scenario](#scenario)
@@ -42,19 +42,19 @@ This sample demonstrates a React single-page application (SPA) with an Node.js E
## Scenario
1. The client-side React SPA initiates token acquisition by calling the login endpoint of the Express web app.
-1. Express web app uses **MSAL Node** to sign-in a user and obtain a JWT [ID Token](https://aka.ms/id-tokens) and an [Access Token](https://aka.ms/access-tokens) from **Azure AD**.
-1. Express web app uses the **access token** as a *bearer* token to authorize the user to call the Microsoft Graph API protected by **Azure AD**.
+1. Express web app uses **MSAL Node** to sign-in a user and obtain a JWT [ID Token](https://aka.ms/id-tokens) and an [Access Token](https://aka.ms/access-tokens) from **Microsoft Entra ID**.
+1. Express web app uses the **access token** as a *bearer* token to authorize the user to call the Microsoft Graph API protected by **Microsoft Entra ID**.
1. Express web app returns the Microsoft Graph `/me` endpoint response back to the React SPA.
```mermaid
sequenceDiagram
participant Frontend
participant Backend
- participant Azure AD
+ participant Microsoft Entra ID
participant Graph
Frontend-)+Backend: /login
- Backend-)+Azure AD: login.microsoftonline.com
- Azure AD--)-Backend: token response
+ Backend-)+Microsoft Entra ID: login.microsoftonline.com
+ Microsoft Entra ID--)-Backend: token response
Backend--)-Frontend: /login response (auth state)
Frontend-)+Backend: /profile
Backend-)+Graph: graph.microsoft.com/v1.0/me
@@ -79,8 +79,8 @@ sequenceDiagram
* [Visual Studio Code](https://code.visualstudio.com/download) is recommended for running and editing this sample.
* [VS Code Azure Tools](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) extension is recommended for interacting with Azure through VS Code Interface.
* A modern web browser.
-* An **Azure AD** tenant. For more information, see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant)
-* A user account in your **Azure AD** tenant.
+* An **Microsoft Entra ID** tenant. For more information, see: [How to get a Microsoft Entra tenant](https://docs.microsoft.com/azure/active-directory/develop/test-setup-environment#get-a-test-tenant)
+* A user account in your **Microsoft Entra ID** tenant.
## Setup the sample
@@ -109,7 +109,7 @@ There is one project in this sample. To register it, you can:
* follow the steps below for manually register your apps
* or use PowerShell scripts that:
- * **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
+ * **automatically** creates the Microsoft Entra applications and related objects (passwords, permissions, dependencies) for you.
* modify the projects' configuration files.
@@ -118,7 +118,7 @@ There is one project in this sample. To register it, you can:
> :warning: If you have never used **Microsoft Graph PowerShell** before, we recommend you go through the [App Creation Scripts Guide](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
1. Ensure that you have PowerShell 7 or later.
-1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
+1. Run the script to create your Microsoft Entra application and configure the code of the sample application accordingly.
1. For interactive process -in PowerShell, run:
```PowerShell
@@ -128,20 +128,20 @@ There is one project in this sample. To register it, you can:
Other ways of running the scripts are described in [App Creation Scripts guide](./AppCreationScripts/AppCreationScripts.md). The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
-> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register an Azure AD application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
+> :information_source: This sample can make use of client certificates. You can use **AppCreationScripts** to register a Microsoft Entra application with certificates. See: [How to use certificates instead of client secrets](./README-use-certificate.md)
-#### Choose the Azure AD tenant where you want to create your applications
+#### Choose the Microsoft Entra tenant where you want to create your applications
To manually register the apps, as a first step you'll need to:
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
+1. If your account is present in more than one Microsoft Entra tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Microsoft Entra tenant.
#### Register the service app (msal-node-webapp)
-1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure Active Directory** service.
+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) and select the **Microsoft Entra ID** service.
1. Select the **App Registrations** blade on the left, then select **New registration**.
1. In the **Register an application page** that appears, enter your application's registration information:
1. In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `msal-node-webapp`.
@@ -158,7 +158,7 @@ To manually register the apps, as a first step you'll need to:
1. Type a key description (for instance `app secret`).
1. Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
1. The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
- 1. You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
+ 1. You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Microsoft Entra admin center before navigating to any other screen or blade.
> :warning: For enhanced security, consider using **certificates** instead of client secrets. See: [How to use certificates instead of secrets](./README-use-certificate.md).
1. Since this app signs-in users, we will now proceed to select **delegated permissions**, which is is required by apps signing-in users.
1. In the app's registration screen, select the **API permissions** blade in the left to open the page where we add access to the APIs that your application needs:
@@ -184,9 +184,9 @@ Open the project in your IDE (like Visual Studio or Visual Studio Code) to confi
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
1. Open the `APP\authConfig.js` file.
-1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Azure portal.
-1. Find the key `Enter_the_Tenant_Id_Here` and replace the existing value with your Azure AD tenant/directory ID.
-1. Find the key `Enter_the_Client_Secret_Here` and replace the existing value with the generated secret that you saved during the creation of `msal-node-webapp` copied from the Azure portal.
+1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `msal-node-webapp` app copied from the Microsoft Entra admin center.
+1. Find the key `Enter_the_Tenant_Id_Here` and replace the existing value with your Microsoft Entra tenant/directory ID.
+1. Find the key `Enter_the_Client_Secret_Here` and replace the existing value with the generated secret that you saved during the creation of `msal-node-webapp` copied from the Microsoft Entra admin center.
1. Open the `App/app.js` file.
1. Find the string `ENTER_YOUR_SECRET_HERE` and replace it with a secret that will be used when encrypting your app's session using the [express-session](https://www.npmjs.com/package/express-session) package.
@@ -221,7 +221,7 @@ Were we successful in addressing your learning objective? Consider taking a mome
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [`msal-node` `node` `ms-identity` `adal` `msal-js` `msal`].
-To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4).
+To provide feedback on or suggest features for Microsoft Entra ID, visit [User Voice page](https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4).
## About the code
@@ -277,7 +277,7 @@ login = (postLoginRedirectUri) => {
}
```
-The controller in [authController.js](./App/controllers/authController.js) processes the request and initiates a token request against Azure AD, using the [AuthProvider](./App/auth/AuthProvider.js) class which wraps MSAL Node for simplicity:
+The controller in [authController.js](./App/controllers/authController.js) processes the request and initiates a token request against Microsoft Entra ID, using the [AuthProvider](./App/auth/AuthProvider.js) class which wraps MSAL Node for simplicity:
```javascript
exports.loginUser = async (req, res, next) => {
@@ -435,15 +435,15 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
## Learn More
-* [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
-* [Azure AD code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code)
+* [Microsoft identity platform (Microsoft Entra ID for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
+* [Microsoft Entra ID code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code)
* [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
* [Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app)
* [Configure a client application to access web APIs](https://docs.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis)
-* [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+* [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
* [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
-* [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals)
-* [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios)
+* [Application and service principal objects in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals)
+* [Authentication Scenarios for Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios)
* [Building Zero Trust ready apps](https://aka.ms/ztdevsession)
* [National Clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud#app-registration-endpoints)
* [Initialize client applications using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-initializing-client-applications)
@@ -452,4 +452,4 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope
* [Logging in MSAL.js applications](https://docs.microsoft.com/azure/active-directory/develop/msal-logging?tabs=javascript)
* [Pass custom state in authentication requests using MSAL.js](https://docs.microsoft.com/azure/active-directory/develop/msal-js-pass-custom-state-authentication-request)
* [Prompt behavior in MSAL.js interactive requests](https://docs.microsoft.com/azure/active-directory/develop/msal-js-prompt-behavior)
-* [Use MSAL.js to work with Azure AD B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview)
+* [Use MSAL.js to work with Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory/develop/msal-b2c-overview)
diff --git a/Common/msal-node-wrapper/README.md b/Common/msal-node-wrapper/README.md
index c29757f..c84c31a 100644
--- a/Common/msal-node-wrapper/README.md
+++ b/Common/msal-node-wrapper/README.md
@@ -7,7 +7,7 @@ This is an open source project. [Suggestions](https://github.com/Azure-Samples/m
## Features
* Simple API for authN/authZ with the [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview)
-* Handle role-based access with Azure AD [App Roles](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) and [Security Groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
+* Handle role-based access with Microsoft Entra ID [App Roles](https://docs.microsoft.com/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) and [Security Groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
* Token persistence via sessions.
## Prerequisites
@@ -115,7 +115,7 @@ You can access the current authentication context via `req.authContext` variable
#### Authentication
-Add [login()](https://azure-samples.github.io/ms-identity-javascript-nodejs-tutorial/classes/AuthContext.html#login) and [logout()](https://azure-samples.github.io/ms-identity-javascript-nodejs-tutorial/classes/AuthContext.html#logout) middleware to routes that you want to trigger a login/logout with Azure AD:
+Add [login()](https://azure-samples.github.io/ms-identity-javascript-nodejs-tutorial/classes/AuthContext.html#login) and [logout()](https://azure-samples.github.io/ms-identity-javascript-nodejs-tutorial/classes/AuthContext.html#logout) middleware to routes that you want to trigger a login/logout with Microsoft Entra ID:
```javascript
app.get(
diff --git a/LICENSE.md b/LICENSE.md
index 7965606..9e841e7 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -18,4 +18,4 @@
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- SOFTWARE
\ No newline at end of file
+ SOFTWARE
diff --git a/README.md b/README.md
index a85e2b8..101b6e9 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ products:
- azure-app-service
- azure-key-vault
- azure-resource-manager
-- azure-active-directory
+- microsoft-entra-id
- azure-active-directory-b2c
- microsoft-identity-platform
description: "Tutorial: Enable your Node.js & Express web app to sign-in users and call APIs with the Microsoft identity platform"
@@ -25,14 +25,14 @@ urlFragment: "ms-identity-javascript-nodejs-tutorial"
-The [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview), along with [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Azure AD) and [Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) (Azure AD B2C) are central to the **Azure** cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication with Node.js, using the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL Node).
+The [Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-overview), along with [Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) (Microsoft Entra ID) and [Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) (Azure Active Directory B2C) are central to the **Azure** cloud ecosystem. This tutorial aims to take you through the fundamentals of modern authentication with Node.js, using the [Microsoft Authentication Library for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js) (MSAL Node).
This tutorial also features a simple wrapper around **MSAL Node** [ConfidentialClientApplication](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts) class in order to streamline routine authentication tasks such as login, logout, token acquisition. You can find the wrapper here: [msal-node-wrapper](./Shared/msal-node-wrapper). Fork it and customize as you need. Suggestions and contributions are welcome!
> :warning: [msal-node-wrapper](./Shared/msal-node-wrapper) is for demo purposes only and is not recommended for production applications. If you're looking for using MSAL Node directly in your web app, please refer to:
>
-> - [Express.js web app using MSAL Node to authenticate users with Azure AD and call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-node)
-> - [A React SPA on an Express.js web app using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Azure AD and call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/5-AdvancedScenarios/1-call-graph-bff)
+> - [Express.js web app using MSAL Node to authenticate users with Microsoft Entra ID and call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-node)
+> - [A React SPA on an Express.js web app using the Backend For Frontend (BFF) Proxy architecture to authenticate users with Microsoft Entra ID and call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/tree/main/5-AdvancedScenarios/1-call-graph-bff)
We recommend following the chapters in successive order. However, the code samples are self-contained, so feel free to pick samples by topics that you may need at the moment.
@@ -53,7 +53,7 @@ Please refer to each chapter's README for sample-specific prerequisites.
- [jwt.ms](https://jwt.ms) for inspecting your tokens
- [Fiddler](https://www.telerik.com/fiddler) for monitoring your network activity and troubleshooting
- Check the [MSAL Node FAQ](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/faq.md) for your questions first
-- Follow the [Azure AD Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity) to stay up-to-date with the latest developments
+- Follow the [Microsoft Entra ID Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity) to stay up-to-date with the latest developments
Please refer to each chapter's README for sample-specific recommendations.
@@ -63,14 +63,14 @@ Please refer to each chapter's README for sample-specific recommendations.
| | |
|---------------|---------------|
-| 
| [**Sign-in with Azure AD**](./1-Authentication/1-sign-in/README.md) Sign-in your users with **Azure AD** and learn to work with **ID Tokens**. |
-| 
| [**Sign-in with Azure AD B2C**](./1-Authentication/2-sign-in-b2c/README.md) Sign-in your customers with **Azure AD B2C**. Learn to integrate with **external social identity providers**. Learn how to use **user-flows** and **custom policies**. |
+| | [**Sign-in with Microsoft Entra ID**](./1-Authentication/1-sign-in/README.md) Sign-in your users with **Microsoft Entra ID** and learn to work with **ID Tokens**. |
+| | [**Sign-in with Azure Active Directory B2C**](./1-Authentication/2-sign-in-b2c/README.md) Sign-in your customers with **Azure Active Directory B2C**. Learn to integrate with **external social identity providers**. Learn how to use **user-flows** and **custom policies**. |
### Chapter 2: Sign-in a user and get an Access Token for Microsoft Graph
| | |
|----------------|---------------|
-| 
| [**Get an Access Token from Azure AD and call Microsoft Graph**](./2-Authorization/1-call-graph/README.md) Authenticate your users and acquire an **Access Token** for Microsoft Graph and then call the **Microsoft Graph API**. |
+| | [**Get an Access Token from Microsoft Entra ID and call Microsoft Graph**](./2-Authorization/1-call-graph/README.md) Authenticate your users and acquire an **Access Token** for Microsoft Graph and then call the **Microsoft Graph API**. |
### Chapter 3: Deploy your app to Azure
@@ -103,9 +103,9 @@ Learn more about the **Microsoft identity platform**:
- [Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/)
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
- [Application types for Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/v2-app-types)
-- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
+- [Understanding Microsoft Entra application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
-- [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals)
+- [Application and service principal objects in Microsoft Entra ID](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals)
- [Microsoft identity platform best practices and recommendations](https://docs.microsoft.com/azure/active-directory/develop/identity-platform-integration-checklist)
See more code samples: