Merge pull request #252777 from alexbuckgit/alexbuckgit/docutune-autopr-20230925-215651-9180931-ignore-build

[BULK] - DocuTune - Cleanup pass for Microsoft Entra rebrand (part 4)

Author: Stacyrch140

articles/active-directory/devices/troubleshoot-mac-sso-extension-plugin.md

@@ -249,7 +249,7 @@ By default, only MSAL apps invoke the SSO Extension, and then in turn the Extens
    |**1** |**All Items**|Shows all types of credentials across Keychain Access|
    |**2** |**Keychain Search Bar**|Allows filtering by credential. To filter for the Microsoft Entra PRT type **`primaryrefresh`**|
    |**3** |**Kind**|Refers to the type of credential. The Microsoft Entra PRT credential is an **Application Password** credential type|
-   |**4** |**Account**|Displays the Microsoft Entra User Account, which owns the PRT in the format: **`UserObjectId.TenantId-login.windows.net`**   |
+   |**4** |**Account**|Displays the Microsoft Entra user account, which owns the PRT in the format: **`UserObjectId.TenantId-login.windows.net`**   |
    |**5** |**Where**|Displays the full name of the credential. The Microsoft Entra PRT credential begins with the following format: **`primaryrefreshtoken-29d9ed98-a469-4536-ade2-f981bc1d605`** The **29d9ed98-a469-4536-ade2-f981bc1d605** is the Application ID for the **Microsoft Authentication Broker** service, responsible for handling PRT acquisition requests|
    |**6** |**Modified**|Shows when the credential was last updated. For the Microsoft Entra PRT credential, anytime the credential is bootstrapped or updated by an interactive sign-on event it updates the date/timestamp|
    |**7** |**Keychain**  |Indicates which Keychain the selected credential resides.  The Microsoft Entra PRT credential resides in the **Local Items** or **iCloud** Keychain. When iCloud is enabled on the macOS device, the **Local Items** Keychain will become the **iCloud** keychain|  

articles/active-directory/devices/troubleshoot-primary-refresh-token.md

@@ -17,11 +17,13 @@ ms.reviewer: gudlapreethi, bemey, filuz, robgarcia, v-leedennis
 
 This article discusses how to troubleshoot issues that involve the [primary refresh token](/azure/active-directory/devices/concept-primary-refresh-token) (PRT) when you authenticate on a Microsoft Entra joined Windows device by using your Microsoft Entra credentials.
 
+<!-- docutune:ignore AAD -->
+
 On devices that are joined to Microsoft Entra ID or hybrid Microsoft Entra ID, the main component of authentication is the PRT. You obtain this token by signing in to Windows 10 by using Microsoft Entra credentials on a Microsoft Entra joined device for the first time. The PRT is cached on that device. For subsequent sign-ins, the cached token is used to let you use the desktop.
 
 As part of the process of locking and unlocking the device or signing in again to Windows, a background network authentication attempt is made one time every four hours to refresh the PRT. If problems occur that prevent refreshing the token, the PRT eventually expires. Expiration affects single sign-on (SSO) to Microsoft Entra resources. It also causes sign-in prompts to be shown.
 
-If you suspect that a PRT problem exists, we recommend that you first collect Microsoft Entra ID logs, and follow the steps that are outlined in the troubleshooting checklist. Do this for any Microsoft Entra client issue first, ideally within a repro session. Complete this process before you file a support request.
+If you suspect that a PRT problem exists, we recommend that you first collect Microsoft Entra logs, and follow the steps that are outlined in the troubleshooting checklist. Do this for any Microsoft Entra client issue first, ideally within a repro session. Complete this process before you file a support request.
 
 ## Troubleshooting checklist
 

articles/active-directory/enterprise-users/clean-up-unmanaged-accounts.md

@@ -54,9 +54,9 @@ Some overtaken domains might not be updated. For example, a missing DNS TXT reco
 
 Use the sample application on [Azure-Samples/Remove-Unmanaged-Guests](https://github.com/Azure-Samples/Remove-Unmanaged-Guests).
 
-## Reset redemption using MSIdentityTools PowerShell Module
+## Reset redemption using `MSIdentityTools` PowerShell module
 
-MSIdentityTools PowerShell Module is a collection of cmdlets and scripts, which you use in the Microsoft identity platform and Microsoft Entra ID. Use the cmdlets and scripts to augment PowerShell SDK capabilities. See, [microsoftgraph/msgraph-sdk-powershell](https://github.com/microsoftgraph/msgraph-sdk-powershell).
+The `MSIdentityTools` PowerShell module is a collection of cmdlets and scripts, which you use in the Microsoft identity platform and Microsoft Entra ID. Use the cmdlets and scripts to augment PowerShell SDK capabilities. See, [microsoftgraph/msgraph-sdk-powershell](https://github.com/microsoftgraph/msgraph-sdk-powershell).
 
 Run the following cmdlets:
 

articles/active-directory/enterprise-users/domains-admin-takeover.md

@@ -117,7 +117,7 @@ The key and templates aren't moved over when the unmanaged organization is in a
 
 Although RMS for individuals is designed to support Microsoft Entra authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates weren't moved over, that content isn't accessible after the domain takeover.
 
-### Microsoft Entra ID PowerShell cmdlets for the ForceTakeover option
+### Azure AD PowerShell cmdlets for the ForceTakeover option
 
 You can see these cmdlets used in [PowerShell example](#powershell-example).
 

articles/active-directory/enterprise-users/groups-naming-policy.md

@@ -103,7 +103,7 @@ Some administrator roles are exempted from these policies, across all group work
 
 ## Install PowerShell cmdlets
 
-Be sure to uninstall any older version of the Azure Active Directory PowerShell for Graph Module for Windows PowerShell and install [Azure Active Directory PowerShell for Graph - Public Preview Release 2.0.0.137](https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.137) before you run the PowerShell commands.
+Be sure to uninstall any older version of the Azure Active Directory PowerShell for Graph module and install [Azure Active Directory PowerShell for Graph - Public Preview Release 2.0.0.137](https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.137) before you run the PowerShell commands.
 
 1. Open the Windows PowerShell app as an administrator.
 2. Uninstall any previous version of AzureADPreview.

articles/active-directory/enterprise-users/groups-settings-cmdlets.md

@@ -33,7 +33,7 @@ The cmdlets are part of the Azure Active Directory PowerShell V2 module. For ins
 
 ## Install PowerShell cmdlets
 
-Be sure to uninstall any older version of the Azure Active Directory PowerShell for Graph Module for Windows PowerShell and install [Azure Active Directory PowerShell for Graph - Public Preview Release (later than 2.0.0.137)](https://www.powershellgallery.com/packages/AzureADPreview) before you run the PowerShell commands.
+Be sure to uninstall any older version of the Azure Active Directory PowerShell for Graph module and install [Azure Active Directory PowerShell for Graph - Public Preview Release (later than 2.0.0.137)](https://www.powershellgallery.com/packages/AzureADPreview) before you run the PowerShell commands.
 
 1. Open the Windows PowerShell app as an administrator.
 2. Uninstall any previous version of AzureADPreview.

articles/active-directory/external-identities/allow-deny-list.md

@@ -90,12 +90,12 @@ If you switch from one policy to the other, this discards the existing policy co
 > [!Note]
 > The AzureADPreview Module is not a fully supported module as it is in preview. 
 
-To set the allow or blocklist by using PowerShell, you must install the preview version of the Azure AD PowerShell Module for Windows PowerShell. Specifically, install the AzureADPreview module version 2.0.0.98 or later.
+To set the allow or blocklist by using PowerShell, you must install the preview version of the Azure AD PowerShell module. Specifically, install the AzureADPreview module version 2.0.0.98 or later.
 
 To check the version of the module (and see if it's installed):
 
 1. Open Windows PowerShell as an elevated user (Run as Administrator). 
-2. Run the following command to see if you have any versions of the Azure AD PowerShell Module for Windows PowerShell installed on your computer:
+2. Run the following command to see if you have any versions of the Azure AD PowerShell module installed on your computer:
 
    ```powershell  
    Get-Module -ListAvailable AzureAD*

articles/active-directory/external-identities/b2b-quickstart-invite-powershell.md

@@ -22,7 +22,8 @@ If you don’t have an Azure subscription, create a [free account](https://azure
 
 ## Prerequisites
 
-### PowerShell Module
+### PowerShell module
+
 Install the [Microsoft Graph Identity Sign-ins module](/powershell/module/microsoft.graph.identity.signins/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Identity.SignIns) and the [Microsoft Graph Users module](/powershell/module/microsoft.graph.users/?view=graph-powershell-beta&preserve-view=true) (Microsoft.Graph.Users). You can use the `#Requires` statement to prevent running a script unless the required PowerShell modules are met.
 
 ```powershell

articles/active-directory/external-identities/customers/how-to-web-app-node-use-certificate.md

@@ -21,7 +21,7 @@ Microsoft Entra ID for customers supports two types of authentication for [confi
 
 In production, you should purchase a certificate signed by a well-known certificate authority, and use [Azure Key Vault](https://azure.microsoft.com/products/key-vault/) to manage certificate access and lifetime for you. However, for testing purposes, you can create a self-signed certificate and configure your apps to authenticate with it. 
 
-In this article, you learn to generate a self-signed certificate by using [Azure Key Vault](https://azure.microsoft.com/products/key-vault/) on the Azure portal, OpenSSL or Windows PowerShell. If you have a client secret already, you'll learn how to safely delete it.
+In this article, you learn to generate a self-signed certificate by using [Azure Key Vault](https://azure.microsoft.com/products/key-vault/) on the Azure portal, OpenSSL, or PowerShell. If you have a client secret already, you'll learn how to safely delete it.
 
 When needed, you can also create a self-signed certificate programmatically by using [.NET](/azure/key-vault/certificates/quick-create-net), [Node.js](/azure/key-vault/certificates/quick-create-node), [Go](/azure/key-vault/certificates/quick-create-go), [Python](/azure/key-vault/certificates/quick-create-python) or [Java](/azure/key-vault/certificates/quick-create-java) client libraries.
 

articles/active-directory/external-identities/direct-federation-adfs.md

@@ -112,7 +112,7 @@ An AD FS server must already be set up and functioning before you begin this pro
 
 ## Configure AD FS for WS-Fed federation
 
-Microsoft Entra B2B can be configured to federate with IdPs that use the WS-Fed protocol with the specific requirements listed below. Currently, the two WS-Fed providers have been tested for compatibility with Microsoft Entra External ID include AD FS and Shibboleth. Here, we’ll use Active Directory Federation Services (AD FS) as an example of the WS-Fed IdP. For more information about establishing a relying party trust between a WS-Fed compliant provider with Microsoft Entra External ID, download the Microsoft Azure AD Identity Provider Compatibility Docs.
+Microsoft Entra B2B can be configured to federate with IdPs that use the WS-Fed protocol with the specific requirements listed below. Currently, the two WS-Fed providers have been tested for compatibility with Microsoft Entra External ID include AD FS and Shibboleth. Here, we’ll use Active Directory Federation Services (AD FS) as an example of the WS-Fed IdP. For more information about establishing a relying party trust between a WS-Fed compliant provider with Microsoft Entra External ID, download the Microsoft Entra identity provider compatibility docs.
 
 To set up federation, the following attributes must be received in the WS-Fed message from the IdP. These attributes can be configured by linking to the online security token service XML file or by entering them manually. Step 12 in [Create a test AD FS instance](https://medium.com/in-the-weeds/create-a-test-active-directory-federation-services-3-0-instance-on-an-azure-virtual-machine-9071d978e8ed) describes how to find the AD FS endpoints or how to generate your metadata URL, for example `https://fs.iga.azure-test.net/federationmetadata/2007-06/federationmetadata.xml`.