This issue focuses on developing a comprehensive documentation strategy to better integrate ASP.NET Core authentication content with existing Microsoft Entra ID and MFA documentation on the Entra ID doc site. The primary deliverable is a content plan created in collaboration with stakeholders that will:
- Eliminate content duplication between ASP.NET Core and Entra ID as well as MFA documentation
- Create clear entry points in ASP.NET Core docs that guide users to appropriate resources
- Establish a logical content flow where users start with ASP.NET Core prerequisites and then transition to Entra ID and MFA docs for specific setup and testing procedures
- The plan will improve user experience by maintaining ASP.NET Core as the starting point while strategically directing users to authoritative Entra ID content. This approach ensures comprehensive coverage without redundancy.
Implementation will likely include: ( All content changes resulting from this plan will be tracked in separate follow-up issues. )
- Revising overview topics to clarify the relationship between ASP.NET Core and Entra ID and MFA
- Replacing duplicated content with strategic links to Entra ID and MFA documentation
- Restructuring tutorials to maintain a seamless user journey between documentation sets
We want to reduce overlap Microsoft Entra documenation in the aspnetcore.docs repo and point instead to Microsoft Entra documents here instead where we can:
https://learn.microsoft.com/entra/
That Microsoft Entra documenation is kept up to date.
Microsoft Entra includes:
• Microsoft Entra ID (formerly Azure Active Directory)
• Microsoft Entra ID External ID (formerly Azure AD B2C)
• Microsoft Entra ID Governance
• Other identity and access management services
What previous names changed to Entra parts:
• Azure Active Directory (Azure AD) → Microsoft Entra ID
• Azure AD B2C → Microsoft Entra External ID
• Various other identity and access management services are now part of the Entra family
• Azure AD Privileged Identity Management (PIM) and Azure AD Identity Governance. -> Microsoft Entra ID Governance
Articles in the aspnetcore.docs reop that Wade found as candidates to address:
Non-Blazor Articles with Microsoft Entra Scenarios
High relevance — articles primarily or substantially about Entra
- [x] security/authentication/azure-active-directory/index.md
- [x] -security/authentication/azure-ad-b2c.md
-
Tracking issues or PR's:
-
"Cloud authentication with Azure Active Directory B2C in ASP.NET Core" — 147 lines, 35 Entra/B2C hits. The article walks through B2C tenant and policy configuration steps that are fully covered in the Azure AD B2C documentation. The ASP.NET Core-specific portions are relatively thin, and the article already carries an EOL/tip notice pointing to Microsoft Entra External ID.
- [ ] security/authentication/social/microsoft-logins.md
- Tracking issues or PR's:
- "Microsoft Account external login setup with ASP.NET Core" — 147 lines, 10 Entra mentions. The bulk of the article is step-by-step Entra admin center app registration and client secret creation — content that is already documented in the Entra identity platform quickstart the article cites. The ASP.NET Core–specific code is a small fraction.
- [ ] security/authentication/ws-federation.md
- "Authenticate users with WS-Federation in ASP.NET Core" — Contains a full "Microsoft Entra ID" subsection with step-by-step portal screenshots (app registration, endpoints blade, Expose an API, etc.) for configuring Entra as the WS-Federation provider. Those steps belong in Entra documentation, not ASP.NET Core docs.
Medium relevance — Entra is a significant part of the article but not the sole focus:
- [ ] security/key-vault-configuration.md
- "Azure Key Vault configuration provider in ASP.NET Core" — 777 lines, 17 Entra mentions. Includes detailed instructions for registering an app with Microsoft Entra ID (App registrations, uploading certificates, etc.) to enable Key Vault access from outside Azure. Those Entra registration steps duplicate what the Azure Key Vault and Entra documentation already cover.
- [ ] security/authorization/limitingidentitybyscheme.md
- "Authorize with a specific scheme in ASP.NET Core" — Uses Azure Active Directory + Azure AD B2C as the primary end-to-end code example throughout the article. The Entra/B2C configuration assumed by the sample is not explained here and is borrowed implicitly from those services' own docs.
- [ ] security/authentication/configure-jwt-bearer-authentication.md
- "Configure JWT bearer authentication in ASP.NET Core" — 338 lines, 5 Entra mentions. Explicitly recommends Microsoft Identity Web for Entra scenarios and points to Entra docs for further reading, but the Entra-specific code path (MetadataAddress, tenant config) diverges into Entra territory that could simply be a crosslink.
- [ ] security/authentication/configure-oidc-web-authentication.md
- "Configure OpenID Connect Web (UI) authentication in ASP.NET Core" — 386 lines, 5 Entra mentions. Already does the right thing in the intro by explicitly pointing readers to the Entra quickstart and Entra External ID samples. Still, a section at the bottom lists Entra ID and Entra External ID as OIDC providers with notes that could just be Entra doc links.
- [ ] security/authentication/individual.md
- "Articles based on ASP.NET Core projects created with individual accounts" — A table of dotnet new authentication templates includes IndividualB2C, SingleOrg (Entra External ID), and MultiOrg rows with links to Entra documentation. Those rows are already pointing to Entra docs but the table context is ASP.NET Core templates.
Lower relevance or — Entra appears only as a brief example or pointer
- [ ] grpc/authn-and-authz.md
- Lists "Microsoft Entra ID" in a bullet point as one bearer token identity provider option. Could simply link out to Entra docs rather than implying configuration coverage.
- [ ] signalr/authn-and-authz.md
- Uses a Microsoft Entra ID multi-tenant hub authorization scenario as a code example. The Entra-specific setup is implied but not explained.
- [ ] security/data-protection/implementation/key-storage-providers.md
- References "Entra or Azure portal" for Key Vault key identifiers; configuration steps belong in Azure Key Vault/Entra documentation.
- [ ] host-and-deploy/scaling-aspnet-apps/scaling-aspnet-apps.md
- Mentions Entra-backed managed identities for Key Vault access in an Azure scaling context. The Entra managed identity setup could be a crosslink to Entra docs.
- [ ] security/authentication/mfa.md
- Contains one note that "Microsoft Entra ID provides support for passkeys/FIDO2 and passwordless flows" with a link to Entra docs — already the right pattern, just a minimal mention.
Here is a more extensive list of Microsoft Entra documenation to check against:
Fundamentals documentation
What is Microsoft Entra?
What is the Microsoft Entra admin center?
Introduction to identity and access management (IAM)
Create a tenant
Add a custom domain name
Associate an Azure subscription
Add your privacy info
Add company branding
Create or delete users
Assign roles to users
Default user permissions
Manage user profile info
Reset a user's password
Restore a deleted user
Learn about groups
Manage groups
Group-based licensing
Resolve group license assignment problems
Microsoft Entra ID preview program
Microsoft Entra licensing
License usage insights
Sign up for Microsoft Entra ID P1 or P2
Trial user guide for Microsoft Entra Suite
Configure security recommendations using Zero Trust
Protect identities and secrets
Protect tenants and isolate systems
Protect networks
Protect engineering systems
Monitor and detect cyberthreats
Accelerate response and remediation
Identity secure score
Integrate your apps with Microsoft Entra ID
Security defaults
Manage 'Stay signed in?' prompt
Find your tenant ID
Get support for Microsoft Entra ID
How to use Self-Service Support (Preview)
Quarantine unsanctioned tenants
Inaccessible tenant due to inactivity
Frequently asked questions
Company branding CSS template reference guide
Bulk operations
Bulk operations in Microsoft Entra ID (Preview)
New name for Azure AD
Rename Azure AD
Microsoft Entra ID and data residency
Data operational considerations
Data protection considerations
Customer data storage and processing for Europe
Identity data storage for Australia and New Zealand
Customer data storage for Australia and New Zealand
Customer data storage for Japan
Compare Microsoft Entra ID with AD DS
What are custom security attributes
Add or deactivate attribute definitions
Manage access to attributes
Assign attributes to users
Assign attributes to applications
Troubleshoot attributes
Microsoft Graph API reference
Microsoft Graph extensions
Frontline worker management
Associated WorkItem - 537565
This issue focuses on developing a comprehensive documentation strategy to better integrate ASP.NET Core authentication content with existing Microsoft Entra ID and MFA documentation on the Entra ID doc site. The primary deliverable is a content plan created in collaboration with stakeholders that will:
Implementation will likely include: ( All content changes resulting from this plan will be tracked in separate follow-up issues. )
We want to reduce overlap Microsoft Entra documenation in the aspnetcore.docs repo and point instead to Microsoft Entra documents here instead where we can:
https://learn.microsoft.com/entra/
That Microsoft Entra documenation is kept up to date.
Microsoft Entra includes:
• Microsoft Entra ID (formerly Azure Active Directory)
• Microsoft Entra ID External ID (formerly Azure AD B2C)
• Microsoft Entra ID Governance
• Other identity and access management services
What previous names changed to Entra parts:
• Azure Active Directory (Azure AD) → Microsoft Entra ID
• Azure AD B2C → Microsoft Entra External ID
• Various other identity and access management services are now part of the Entra family
• Azure AD Privileged Identity Management (PIM) and Azure AD Identity Governance. -> Microsoft Entra ID Governance
Articles in the aspnetcore.docs reop that Wade found as candidates to address:
Non-Blazor Articles with Microsoft Entra Scenarios
High relevance — articles primarily or substantially about Entra
- [x] security/authentication/azure-active-directory/index.md
- [x] -security/authentication/azure-ad-b2c.md
Tracking issues or PR's:
"Cloud authentication with Azure Active Directory B2C in ASP.NET Core" — 147 lines, 35 Entra/B2C hits. The article walks through B2C tenant and policy configuration steps that are fully covered in the Azure AD B2C documentation. The ASP.NET Core-specific portions are relatively thin, and the article already carries an EOL/tip notice pointing to Microsoft Entra External ID.
- [ ] security/authentication/social/microsoft-logins.md
- [ ] security/authentication/ws-federation.md
Medium relevance — Entra is a significant part of the article but not the sole focus:
- [ ] security/key-vault-configuration.md
- [ ] security/authorization/limitingidentitybyscheme.md
- [ ] security/authentication/configure-jwt-bearer-authentication.md
- [ ] security/authentication/configure-oidc-web-authentication.md
- [ ] security/authentication/individual.md
Lower relevance or — Entra appears only as a brief example or pointer
- [ ] grpc/authn-and-authz.md
- [ ] signalr/authn-and-authz.md
- [ ] security/data-protection/implementation/key-storage-providers.md
- [ ] host-and-deploy/scaling-aspnet-apps/scaling-aspnet-apps.md
- [ ] security/authentication/mfa.md
Here is a more extensive list of Microsoft Entra documenation to check against:
Fundamentals documentation
What is Microsoft Entra?
What is the Microsoft Entra admin center?
Introduction to identity and access management (IAM)
Create a tenant
Add a custom domain name
Associate an Azure subscription
Add your privacy info
Add company branding
Create or delete users
Assign roles to users
Default user permissions
Manage user profile info
Reset a user's password
Restore a deleted user
Learn about groups
Manage groups
Group-based licensing
Resolve group license assignment problems
Microsoft Entra ID preview program
Microsoft Entra licensing
License usage insights
Sign up for Microsoft Entra ID P1 or P2
Trial user guide for Microsoft Entra Suite
Configure security recommendations using Zero Trust
Protect identities and secrets
Protect tenants and isolate systems
Protect networks
Protect engineering systems
Monitor and detect cyberthreats
Accelerate response and remediation
Identity secure score
Integrate your apps with Microsoft Entra ID
Security defaults
Manage 'Stay signed in?' prompt
Find your tenant ID
Get support for Microsoft Entra ID
How to use Self-Service Support (Preview)
Quarantine unsanctioned tenants
Inaccessible tenant due to inactivity
Frequently asked questions
Company branding CSS template reference guide
Bulk operations
Bulk operations in Microsoft Entra ID (Preview)
New name for Azure AD
Rename Azure AD
Microsoft Entra ID and data residency
Data operational considerations
Data protection considerations
Customer data storage and processing for Europe
Identity data storage for Australia and New Zealand
Customer data storage for Australia and New Zealand
Customer data storage for Japan
Compare Microsoft Entra ID with AD DS
What are custom security attributes
Add or deactivate attribute definitions
Manage access to attributes
Assign attributes to users
Assign attributes to applications
Troubleshoot attributes
Microsoft Graph API reference
Microsoft Graph extensions
Frontline worker management
Associated WorkItem - 537565