MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/concept-authentication-methods-manage.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/authentication/concept-authentication-methods-manage.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/authentication/how-to-authentication-methods-manage.md
Lines changed: 6 additions & 6 deletions b/‎articles/active-directory/authentication/how-to-authentication-methods-manage.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/active-directory/conditional-access/workload-identity.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/workload-identity.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/governance/index.yml
Lines changed: 4 additions & 5 deletions b/‎articles/active-directory/governance/index.yml
Lines changed: 4 additions & 5 deletions
diff --git a/‎articles/active-directory/identity-protection/TOC.yml
Lines changed: 5 additions & 1 deletion b/‎articles/active-directory/identity-protection/TOC.yml
Lines changed: 5 additions & 1 deletion
diff --git a/‎articles/active-directory/identity-protection/concept-workload-identity-risk.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/identity-protection/concept-workload-identity-risk.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/aks/azure-files-csi.md
Lines changed: 2 additions & 4 deletions b/‎articles/aks/azure-files-csi.md
Lines changed: 2 additions & 4 deletions
diff --git a/‎articles/azure-app-configuration/media/azure-app-configuration-push-parameters.png
3.61 KB b/‎articles/azure-app-configuration/media/azure-app-configuration-push-parameters.png
3.61 KB
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/17/2022
+ms.date: 12/06/2022
 
 ms.author: justinha
 author: justinha
@@ -27,7 +27,7 @@ The Authentication methods policy is the recommended way to manage authenticatio
 
 Methods enabled in the Authentication methods policy can typically be used anywhere in Azure AD - for both authentication and password reset scenarios. The exception is that some methods are inherently limited to use in authentication, such as FIDO2 and Windows Hello for Business, and others are limited to use in password reset, such as security questions. For more control over which methods are usable in a given authentication scenario, consider using the **Authentication Strengths** feature.
 
-Most methods also have configuration parameters to more precisely control how that method can be used. For example, if you enable **Phone call**, you can also specify whether an office phone can be used in addition to a mobile phone.
+Most methods also have configuration parameters to more precisely control how that method can be used. For example, if you enable **Voice calls**, you can also specify whether an office phone can be used in addition to a mobile phone.
 
 Or let's say you want to enable passwordless authentication with Microsoft Authenticator. You can set extra parameters like showing the user sign-in location or the name of the app being signed into. These options provide more context for users when they sign-in and help prevent accidental MFA approvals.
 
@@ -51,7 +51,7 @@ To manage the legacy MFA policy, click **Security** > **Multifactor Authenticati
 
 :::image type="content" border="true" source="./media/concept-authentication-methods-manage/service-settings.png" alt-text="Screenshot of MFA service settings.":::
 
-To manage authentication methods for self-service password reset (SSPR), click **Password reset** > **Authentication methods**. The **Mobile phone** option in this policy allows either voice call or SMS to be sent to a mobile phone. The **Office phone** option allows only voice call. 
+To manage authentication methods for self-service password reset (SSPR), click **Password reset** > **Authentication methods**. The **Mobile phone** option in this policy allows either voice calls or SMS to be sent to a mobile phone. The **Office phone** option allows only voice calls. 
 
 :::image type="content" border="true" source="./media/concept-authentication-methods-manage/password-reset.png" alt-text="Screenshot of password reset settings.":::
 
@@ -71,9 +71,9 @@ If the user can't register Microsoft Authenticator based on either of those poli
 - **Mobile app notification**
 - **Mobile app code**
 
-For users who are enabled for **Mobile phone** for SSPR, the independent control between policies can impact sign-in behavior. Where the other policies have separate options for SMS and voice call, the **Mobile phone** for SSPR enables both options. As a result, anyone who uses **Mobile phone** for SSPR can also use voice call for password reset, even if the other policies don't allow phone calls. 
+For users who are enabled for **Mobile phone** for SSPR, the independent control between policies can impact sign-in behavior. Where the other policies have separate options for SMS and voice calls, the **Mobile phone** for SSPR enables both options. As a result, anyone who uses **Mobile phone** for SSPR can also use voice calls for password reset, even if the other policies don't allow voice calls. 
 
-Similarly, let's suppose you enable **Phone call** for a group. After you enable it, you find that even users who aren't group members can sign-in with a voice call. In this case, it's likely those users are enabled for **Mobile phone** in the legacy SSPR policy or **Call to phone** in the legacy MFA policy.  
+Similarly, let's suppose you enable **Voice calls** for a group. After you enable it, you find that even users who aren't group members can sign-in with a voice call. In this case, it's likely those users are enabled for **Mobile phone** in the legacy SSPR policy or **Call to phone** in the legacy MFA policy.  
 
 ## Migration between policies
 
@@ -100,7 +100,7 @@ Tenants are set to either Pre-migration or Migration in Progress by default, dep
 
 ## Known issues
 
-* Currently, all users must be enabled for at least one MFA method that isn't passwordless and the user can register in interrupt mode. Possible methods include Microsoft Authenticator, SMS, voice call, and software OATH/mobile app code. The method(s) can be enabled in any policy. If a user is not eligible for at least one of those methods, the user will see an error during registration and when visiting My Security Info. We're working to improve this experience to enable fully passwordless configurations. 
+* Currently, all users must be enabled for at least one MFA method that isn't passwordless and the user can register in interrupt mode. Possible methods include Microsoft Authenticator, SMS, voice calls, and software OATH/mobile app code. The method(s) can be enabled in any policy. If a user is not eligible for at least one of those methods, the user will see an error during registration and when visiting My Security Info. We're working to improve this experience to enable fully passwordless configurations. 
 
 ## Next steps
 
 
@@ -45,7 +45,7 @@ For each method, note whether or not it's enabled for the tenant. The following
 
 | Multifactor authentication policy | Authentication method policy |
 |-----------------------------------|------------------------------|
-| Call to phone                     | Phone calls                   |
+| Call to phone                     | Voice calls                   |
 | Text message to phone             | SMS<br>Microsoft Authenticator      |
 | Notification through mobile app   | Microsoft Authenticator             |
 | Verification code from mobile app or hardware token   | Third party software OATH tokens<br>Hardware OATH tokens (not yet available)<br>Microsoft Authenticator |
@@ -63,8 +63,8 @@ Record which users are in scope for SSPR (either all users, one specific group,
 | Mobile app notification     | Microsoft Authenticator      |
 | Mobile app code             | Microsoft Authenticator<br>Software OATH tokens  |
 | Email                       | Email OTP                    |
-| Mobile phone                | Phone calls<br>SMS            |
-| Office phone                | Phone calls                   |
+| Mobile phone                | Voice calls<br>SMS            |
+| Office phone                | Voice calls                   |
 | Security questions          | Not yet available; copy questions for later use  |
 
 ### Authentication methods policy
@@ -99,7 +99,7 @@ Where the policies match, you can easily match your current state. Where there's
 
 In the Authentication methods policy, you'll then need to choose whether to enable **Microsoft Authenticator** for both SSPR and MFA or disable it (we recommend enabling Microsoft Authenticator). 
 
-As you update each method in the Authentication methods policy, some methods have configurable parameters that allow you to control how that method can be used. For example, if you enable **Phone calls** as authentication method, you can choose to allow both office phone and mobile phones, or mobile only. Step through the process to configure each authentication method from your audit. 
+As you update each method in the Authentication methods policy, some methods have configurable parameters that allow you to control how that method can be used. For example, if you enable **Voice calls** as authentication method, you can choose to allow both office phone and mobile phones, or mobile only. Step through the process to configure each authentication method from your audit. 
 
 You aren't required to match your existing policy! It's a great opportunity to review your enabled methods and choose a new policy that maximizes security and usability for your tenant. Just note that disabling methods for users who are already using them may require those users to register new authentication methods and prevent them from using previously registered methods.
 
@@ -121,11 +121,11 @@ If **Verification code from mobile app or hardware token** is enabled in the leg
 
 :::image type="content" border="true" source="./media/how-to-authentication-methods-manage/one-time-password.png" alt-text="Screenshot of Microsoft Authenticator OTP.":::
 
-### SMS and phone calls
+### SMS and voice calls
 
 The legacy MFA policy has separate controls for **SMS** and **Phone calls**. But there's also a **Mobile phone** control that enables mobile phones for both SMS and voice calls. And another control for **Office phone** enables an office phone only for voice call.
 
-The Authentication methods policy has controls for **SMS** and **Phone calls**, matching the legacy MFA policy. If your tenant is using SSPR and **Mobile phone** is enabled, you'll want to enable both **SMS** and **Phone calls** in the Authentication methods policy. If your tenant is using SSPR and **Office phone** is enabled, you'll want to enable **Phone calls** in the Authentication methods policy, and ensure that the **Office phone** option is enabled. 
+The Authentication methods policy has controls for **SMS** and **Voice calls**, matching the legacy MFA policy. If your tenant is using SSPR and **Mobile phone** is enabled, you'll want to enable both **SMS** and **Voice calls** in the Authentication methods policy. If your tenant is using SSPR and **Office phone** is enabled, you'll want to enable **Voice calls** in the Authentication methods policy, and ensure that the **Office phone** option is enabled. 
 
 ### OATH tokens
 
 
@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 ---
 # Conditional Access for workload identities 
 
-Conditional Access policies have histroically applied only to users when they access apps and services like SharePoint online or the Azure portal. We are now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability  Conditional Access for workload identities. 
+Conditional Access policies have historically applied only to users when they access apps and services like SharePoint online or the Azure portal. We are now extending support for Conditional Access policies to be applied to service principals owned by the organization. We call this capability  Conditional Access for workload identities. 
 
 A [workload identity](../develop/workload-identities-overview.md) is an identity that allows an application or service principal access to resources, sometimes in the context of a user. These workload identities differ from traditional user accounts as they:
 
 
@@ -1,17 +1,16 @@
 ### YamlMime:Landing
 
-title: Microsoft Entra Identity Governance Identity Governance documentation
+title: Microsoft Entra Identity Governance documentation
 summary: Microsoft Entra Identity Governance helps you to protect, monitor, and audit access to critical assets while ensuring employee productivity.
 
 metadata: 
   author: owinfreyatl
   description: "Learn how to protect, monitor, and audit access to critical assets while ensuring employee productivity."
   manager: amycolannino
   ms.author: owinfreyatl
-  ms.collection: na
-  ms.date: 09/14/2019
+  ms.date: 12/06/2022
   ms.service: active-directory
-  ms.subservice: na
+  ms.subservice: compliance
   ms.topic: landing-page
   services: active-directory
 
@@ -96,4 +95,4 @@ landingContent:
       - linkListType: how-to-guide
         links:
           - text: Require users to agree to a terms of use when using an app
-            url: ../conditional-access/terms-of-use.md
+            url: ../conditional-access/terms-of-use.md
@@ -48,14 +48,18 @@
     href: troubleshooting-identity-protection-faq.yml
 - name: Reference
   items:
-  - name: Graph APIs
+  - name: Microsoft Graph APIs
     items: 
     - name: riskDetection API
       href: /graph/api/resources/riskdetection
     - name: riskyUsers API
       href: /graph/api/resources/riskyuser
     - name: signIn API
       href: /graph/api/resources/signin
+    - name: servicePrincipalRiskDetection API
+      href: /graph/api/resources/serviceprincipalriskdetection
+    - name: riskyServicePrincipal API
+      href: /graph/api/resources/riskyserviceprincipal
   - name: Glossary
     href: reference-identity-protection-glossary.md
 - name: Resources
 
@@ -68,9 +68,9 @@ Organizations can find workload identities that have been flagged for risk in on
 
 :::image type="content" source="media/concept-workload-identity-risk/workload-identity-detections-in-risk-detections-report.png" alt-text="Screenshot showing risks detected against workload identities in the report." lightbox="media/concept-workload-identity-risk/workload-identity-detections-in-risk-detections-report.png":::
 
-### Graph APIs
+### Microsoft Graph APIs
 
-You can also query risky workload identities [using the Microsoft Graph API](/graph/use-the-api). There are two new collections in the [Identity Protection APIs](/graph/api/resources/identityprotection-root?view=graph-rest-beta&preserve-view=true) 
+You can also query risky workload identities [using the Microsoft Graph API](/graph/use-the-api). There are two new collections in the [Identity Protection APIs](/graph/api/resources/identityprotection-root). 
 
 - riskyServicePrincipals
 - servicePrincipalRiskDetections
 
@@ -3,7 +3,7 @@ title: Use Container Storage Interface (CSI) driver for Azure Files on Azure Kub
 description: Learn how to use the Container Storage Interface (CSI) driver for Azure Files in an Azure Kubernetes Service (AKS) cluster.
 services: container-service
 ms.topic: article
-ms.date: 12/02/2022
+ms.date: 12/06/2022
 author: palma21
 
 ---
@@ -360,8 +360,6 @@ provisioner: file.csi.azure.com
 allowVolumeExpansion: true
 parameters:
   protocol: nfs
-mountOptions:
-  - nconnect=8
 ```
 
 After editing and saving the file, create the storage class with the [kubectl apply][kubectl-apply] command:
@@ -495,4 +493,4 @@ The output of the commands resembles the following example:
 [share-snapshots-overview]: ../storage/files/storage-snapshots-files.md
 [zrs-account-type]: ../storage/common/storage-redundancy.md#zone-redundant-storage
 [access-tiers-overview]: ../storage/blobs/access-tiers-overview.md
-[tag-resources]: ../azure-resource-manager/management/tag-resources.md
+[tag-resources]: ../azure-resource-manager/management/tag-resources.md