Merge pull request #251583 from Justinha/steps-auth-12

prmerger-automator[bot] · web-flow · commit 101a596e23a8 · 2023-09-15T05:16:52.000Z
revised portal steps
diff --git a/articles/active-directory/authentication/concept-mfa-authprovider.md b/articles/active-directory/authentication/concept-mfa-authprovider.md
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 04/10/2023
+ms.date: 09/14/2023
 
 ms.author: justinha
 author: justinha
@@ -45,11 +45,11 @@ If your MFA provider isn't linked to an Azure AD tenant, or you link the new MFA
 > [!CAUTION]
 > There is no confirmation when deleting an authentication provider. Selecting **Delete** is a permanent process.
 
-Authentication providers can be found in the **Azure portal** > **Azure Active Directory** > **Security** > **MFA** > **Providers**. Click on listed providers to see details and configurations associated with that provider.
+Authentication providers can be found in the [Microsoft Entra admin center](https://entra.microsoft.com). Sign in as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator). Browse to **Protection** > **Multifactor authentication** > **Providers**. Click the listed providers to see details and configurations associated with that provider.
 
 Before removing an authentication provider, take note of any customized settings configured in your provider. Decide what settings need to be migrated to general MFA settings from your provider and complete the migration of those settings. 
 
-Azure MFA Servers linked to providers will need to be reactivated using credentials generated under **Azure portal** > **Azure Active Directory** > **Security** > **MFA** > **Server settings**. Before reactivating, the following files must be deleted from the `\Program Files\Multi-Factor Authentication Server\Data\` directory on Azure MFA Servers in your environment:
+Azure MFA Servers linked to providers will need to be reactivated using credentials generated under **Server settings**. Before reactivating, the following files must be deleted from the `\Program Files\Multi-Factor Authentication Server\Data\` directory on Azure MFA Servers in your environment:
 
 - caCert
 - cert
@@ -59,9 +59,9 @@ Azure MFA Servers linked to providers will need to be reactivated using credenti
 - licenseKey
 - pkey
 
-![Delete an auth provider from the Azure portal](./media/concept-mfa-authprovider/authentication-provider-removal.png)
+![Delete an authentication provider](./media/concept-mfa-authprovider/authentication-provider-removal.png)
 
-After you confirm that all settings are migrated, you can browse to the **Azure portal** > **Azure Active Directory** > **Security** > **MFA** > **Providers** and select the ellipses **...** and select **Delete**.
+After you confirm that all settings are migrated, browse to **Providers** and select the ellipses **...** and select **Delete**.
 
 > [!WARNING]
 > Deleting an authentication provider will delete any reporting information associated with that provider. You may want to save activity reports before deleting your provider.
diff --git a/articles/active-directory/authentication/concept-mfa-data-residency.md b/articles/active-directory/authentication/concept-mfa-data-residency.md
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 09/14/2023
 
 ms.author: justinha
 author: justinha
@@ -78,14 +78,14 @@ If you use MFA Server, the following personal data is stored.
 
 ## Organizational data stored by Azure AD multifactor authentication
 
-Organizational data is tenant-level information that can expose configuration or environment setup. Tenant settings from the following Azure portal multifactor authentication pages might store organizational data such as lockout thresholds or caller ID information for incoming phone authentication requests:
+Organizational data is tenant-level information that can expose configuration or environment setup. Tenant settings from the Multifactor authentication pages might store organizational data such as lockout thresholds or caller ID information for incoming phone authentication requests:
 
 * Account lockout
 * Fraud alert
 * Notifications
 * Phone call settings
 
-For MFA Server, the following Azure portal pages might contain organizational data:
+For MFA Server, the following pages might contain organizational data:
 
 * Server settings
 * One-time bypass
diff --git a/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md b/articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 05/03/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: justinha
@@ -130,7 +130,7 @@ To secure when and how users register for Azure AD Multi-Factor Authentication a
 
 An admin has enforced registration.
 
-A user has not set up all required security info and goes to the Azure portal. After the user enters the user name and password, the user is prompted to set up security info. The user then follows the steps shown in the wizard to set up the required security info. If your settings allow it, the user can choose to set up methods other than those shown by default. After users complete the wizard, they review the methods they set up and their default method for multifactor authentication. To complete the setup process, the user confirms the info and continues to the Azure portal.
+A user has not set up all required security info and goes to the Microsoft Entra admin center. After the user enters the user name and password, the user is prompted to set up security info. The user then follows the steps shown in the wizard to set up the required security info. If your settings allow it, the user can choose to set up methods other than those shown by default. After users complete the wizard, they review the methods they set up and their default method for multifactor authentication. To complete the setup process, the user confirms the info and continues to the Microsoft Entra admin center.
 
 ### Set up security info from My Account
 
@@ -161,7 +161,7 @@ For example, a user sets Microsoft Authenticator app push notification as the pr
 This user is also configured with SMS/Text option on a resource tenant. 
 If this user removes SMS/Text as one of the authentication options on their home tenant, they get confused when access to the resource tenant asks them to respond to SMS/Text message. 
 
-To switch the directory in the Azure portal, click the user account name in the upper right corner and click **Switch directory**.
+To switch the directory in the Microsoft Entra admin center, click the user account name in the upper right corner and click **Switch directory**.
 
 ![External users can switch directory.](media/concept-registration-mfa-sspr-combined/switch-directory.png)
 
diff --git a/articles/active-directory/authentication/concept-sspr-howitworks.md b/articles/active-directory/authentication/concept-sspr-howitworks.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 04/19/2023
+ms.date: 09/14/2023
 
 ms.author: justinha
 author: justinha
@@ -71,14 +71,14 @@ To get started with SSPR, complete the following tutorial:
 You can enable the option to require a user to complete the SSPR registration if they use modern authentication or web browser to sign in to any applications using Azure AD. This workflow includes the following applications:
 
 * Microsoft 365
-* Azure portal
+* Microsoft Entra admin center
 * Access Panel
 * Federated applications
 * Custom applications using Azure AD
 
 When you don't require registration, users aren't prompted during sign-in, but they can manually register. Users can either visit [https://aka.ms/ssprsetup](https://aka.ms/ssprsetup) or select the **Register for password reset** link under the **Profile** tab in the Access Panel.
 
-![Registration options for SSPR in the Azure portal][Registration]
+![Registration options for SSPR in the Microsoft Entra admin center][Registration]
 
 > [!NOTE]
 > Users can dismiss the SSPR registration portal by selecting **cancel** or by closing the window. However, they're prompted to register each time they sign in until they complete their registration.
@@ -109,7 +109,7 @@ Users can only reset their password if they have registered an authentication me
 > [!WARNING]
 > Accounts assigned Azure *administrator* roles are required to use methods as defined in the section [Administrator reset policy differences](concept-sspr-policy.md#administrator-reset-policy-differences).
 
-![Authentication methods selection in the Azure portal][Authentication]
+![Authentication methods selection in the Microsoft Entra admin center][Authentication]
 
 ### Number of authentication methods required
 
@@ -186,7 +186,7 @@ If you have a hybrid environment, you can configure Azure AD Connect to write pa
 
 ![Validating password writeback is enabled and working][Writeback]
 
-Azure AD checks your current hybrid connectivity and provides one of the following messages in the Azure portal:
+Azure AD checks your current hybrid connectivity and provides one of the following messages in the Microsoft Entra admin center:
 
 * Your on-premises writeback client is up and running.
 * Azure AD is online and is connected to your on-premises writeback client. However, it looks like the installed version of Azure AD Connect is out-of-date. Consider [Upgrading Azure AD Connect](../hybrid/connect/how-to-upgrade-previous-version.md) to ensure that you have the latest connectivity features and important bug fixes.
@@ -202,7 +202,7 @@ To get started with SSPR writeback, complete the following tutorial:
 
 ### Write back passwords to your on-premises directory
 
-You can enable password writeback using the Azure portal. You can also temporarily disable password writeback without having to reconfigure Azure AD Connect.
+You can enable password writeback using the Microsoft Entra admin center. You can also temporarily disable password writeback without having to reconfigure Azure AD Connect.
 
 * If the option is set to **Yes**, then writeback is enabled. Federated, pass-through authentication, or password hash synchronized users are able to reset their passwords.
 * If the option is set to **No**, then writeback is disabled. Federated, pass-through authentication, or password hash synchronized users aren't able to reset their passwords.
diff --git a/articles/active-directory/authentication/concept-sspr-writeback.md b/articles/active-directory/authentication/concept-sspr-writeback.md
@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/29/2023
+ms.date: 09/14/2023
 ms.author: justinha
 author: justinha
 manager: amycolannino
@@ -33,7 +33,7 @@ Password writeback provides the following features:
 * **Enforcement of on-premises Active Directory Domain Services (AD DS) password policies**: When a user resets their password, it's checked to ensure it meets your on-premises AD DS policy before committing it to that directory. This review includes checking the history, complexity, age, password filters, and any other password restrictions that you define in AD DS.
 * **Zero-delay feedback**: Password writeback is a synchronous operation. Users are notified immediately if their password doesn't meet the policy or can't be reset or changed for any reason.
 * **Supports password changes from the access panel and Microsoft 365**: When federated or password hash synchronized users come to change their expired or non-expired passwords, those passwords are written back to AD DS.
-* **Supports password writeback when an admin resets them from the Azure portal**: When an admin resets a user's password in the [Azure portal](https://portal.azure.com), if that user is federated or password hash synchronized, the password is written back to on-premises. This functionality is currently not supported in the Office admin portal.
+* **Supports password writeback when an admin resets them from the Microsoft Entra admin center**: When an admin resets a user's password in the [Microsoft Entra admin center](https://entra.microsoft.com), if that user is federated or password hash synchronized, the password is written back to on-premises. This functionality is currently not supported in the Office admin portal.
 * **Doesn't require any inbound firewall rules**: Password writeback uses an Azure Service Bus relay as an underlying communication channel. All communication is outbound over port 443.
 * **Supports side-by-side domain-level deployment** using [Azure AD Connect](tutorial-enable-sspr-writeback.md) or [cloud sync](tutorial-enable-cloud-sync-sspr-writeback.md) to target different sets of users depending on their needs, including users who are in disconnected domains.  
 
@@ -139,7 +139,7 @@ Passwords are written back in all the following situations:
    * Any administrator self-service voluntary change password operation.
    * Any administrator self-service force change password operation, for example, password expiration.
    * Any administrator self-service password reset that originates from the [password reset portal](https://passwordreset.microsoftonline.com).
-   * Any administrator-initiated end-user password reset from the [Azure portal](https://portal.azure.com).
+   * Any administrator-initiated end-user password reset from the Microsoft Entra admin center.
    * Any administrator-initiated end-user password reset from the [Microsoft Graph API](/graph/api/passwordauthenticationmethod-resetpassword).
 
 ## Unsupported writeback operations
diff --git a/articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md b/articles/active-directory/authentication/concept-system-preferred-multifactor-authentication.md
@@ -4,7 +4,7 @@ description: Learn how to use system-preferred multifactor authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/28/2023
+ms.date: 09/13/2023
 ms.author: justinha
 author: justinha
 manager: amycolannino
@@ -28,11 +28,12 @@ After system-preferred MFA is enabled, the authentication system does all the wo
 >[!NOTE]
 >System-preferred MFA is an important security enhancement for users authenticating by using telecom transports. Starting July 07, 2023, the Microsoft managed value of system-preferred MFA will change from **Disabled** to **Enabled**. If you don't want to enable system-preferred MFA, change the state from **Default** to **Disabled**, or exclude users and groups from the policy.
 
-## Enable system-preferred MFA in the Azure portal
+## Enable system-preferred MFA in the Microsoft Entra admin center
 
 By default, system-preferred MFA is Microsoft managed and disabled for all users. 
 
-1. In the Azure portal, click **Security** > **Authentication methods** > **Settings**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Settings**.
 1. For **System-preferred multifactor authentication**, choose whether to explicitly enable or disable the feature, and include or exclude any users. Excluded groups take precedence over include groups. 
 
    For example, the following screenshot shows how to make system-preferred MFA explicitly enabled for only the Engineering group. 
