From ababda2c198e4313e3d91bec32e48996801adaba Mon Sep 17 00:00:00 2001
From: gkomatsu <gkomatsu@microsoft.com>
Date: Tue, 22 Mar 2022 08:11:33 -0700
Subject: [PATCH 1/2] Added notes to use AAD v2 Tokens

AAD has made platform change to only support AAD v2 Tokens. Added instructions in multi-app MDM app creation steps to clarify v2 Token is a hard requirement.
---
 .../mdm/azure-active-directory-integration-with-mdm.md       | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index 634025c4b9..c8a55e1c7f 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -114,7 +114,10 @@ The MDM vendor must first register the application in their home tenant and mark
 > [!NOTE]
 > For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal.
 
-The MDM application uses keys to request access tokens from Azure AD. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, whatever the customer tenent the managed device belongs.
+The MDM application uses keys to request access tokens from Azure AD. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, whatever the customer tenant the managed device belongs.
+
+> [!NOTE]
+> All MDM apps must implement AAD V2 tokens before we certify that integration works. Due to changes in AAD app platform, it is a hard requirement. More info is available in [Microsoft identity platform access tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#token-formats-and-ownership).
 
 Use the following steps to register a cloud-based MDM application with Azure AD. At this time, you need to work with the Azure AD engineering team to expose this application through the Azure AD app gallery.
 

From 1712200957c80799e2c295ea71e54a76bb1bd77f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 22 Mar 2022 12:47:45 -0700
Subject: [PATCH 2/2] Update azure-active-directory-integration-with-mdm.md

---
 .../mdm/azure-active-directory-integration-with-mdm.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index c8a55e1c7f..323d3f6d8e 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -117,7 +117,7 @@ The MDM vendor must first register the application in their home tenant and mark
 The MDM application uses keys to request access tokens from Azure AD. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, whatever the customer tenant the managed device belongs.
 
 > [!NOTE]
-> All MDM apps must implement AAD V2 tokens before we certify that integration works. Due to changes in AAD app platform, it is a hard requirement. More info is available in [Microsoft identity platform access tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#token-formats-and-ownership).
+> All MDM apps must implement Azure AD V2 tokens before we certify that integration works. Due to changes in the Azure AD app platform, using Azure AD V2 tokens is a hard requirement. For more information, see [Microsoft identity platform access tokens](/azure/active-directory/develop/access-tokens#token-formats-and-ownership).
 
 Use the following steps to register a cloud-based MDM application with Azure AD. At this time, you need to work with the Azure AD engineering team to expose this application through the Azure AD app gallery.