[Azure] Conditional Access - Branding bulk update

Author: MicrosoftGuyJFlo

articles/active-directory-b2c/active-directory-b2c-faqs.md

@@ -23,7 +23,7 @@ There are two common reasons for why the Azure AD extension is not working for y
 Azure AD and Azure AD B2C are separate product offerings and cannot coexist in the same tenant.  An Azure AD tenant represents an organization.  An Azure AD B2C tenant represents a collection of identities to be used with relying party applications.  With custom policies (in public preview), Azure AD B2C can federate to Azure AD allowing authentication of employees in an organization.
 
 ### Can I use Azure AD B2C to provide social login (Facebook and Google+) into Office 365?
-Azure AD B2C can't be used to authenticate users for Microsoft Office 365.  Azure AD is Microsoft's solution for managing employee access to SaaS apps and it has features designed for this purpose such as licensing and conditional access.  Azure AD B2C provides an identity and access management platform for building web and mobile applications.  When Azure AD B2C is configured to federate to an Azure AD tenant, the Azure AD tenant manages employee access to applications that rely on Azure AD B2C.
+Azure AD B2C can't be used to authenticate users for Microsoft Office 365.  Azure AD is Microsoft's solution for managing employee access to SaaS apps and it has features designed for this purpose such as licensing and Conditional Access.  Azure AD B2C provides an identity and access management platform for building web and mobile applications.  When Azure AD B2C is configured to federate to an Azure AD tenant, the Azure AD tenant manages employee access to applications that rely on Azure AD B2C.
 
 ### What are local accounts in Azure AD B2C? How are they different from work or school accounts in Azure AD?
 In an Azure AD tenant, users that belong to the tenant sign-in with an email address of the form `<xyz>@<tenant domain>`.  The `<tenant domain>` is one of the verified domains in the tenant or the initial `<...>.onmicrosoft.com` domain. This type of account is a work or school account.

articles/azure-government/documentation-government-plan-security.md

@@ -69,7 +69,7 @@ Isolation in Azure US Government is achieved through the implementation of trust
 ### Environment isolation
 The Azure Government multitenant cloud platform environment (FedRAMP HIGH / DoD L4) is a physical instance that is an Internet standards-based autonomous system separately administered from the rest of Microsoft's networks. This Autonomous System (AS) as defined by IETF RFC 4271 is a set of switches and routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs though a single and clearly defined routing policy.  In addition, the specific DoD named region pairs (DoD L5) within Azure Government are geographically separated physical instances of compute, storage, SQL, and supporting services that store and/or process customer content (in accordance with DoD SRG 5.2.2.3 requirements).  
 
-The isolation of the Microsoft Azure Government environment is achieved through a series of physical and logical controls, and associated capabilities that include: physically isolated hardware, physical barriers to the hardware using biometric devices and cameras; conditional access (RBAC, workflow), specific credentials and multifactor authentication for logical access; infrastructure for Azure Government is located within the United States.
+The isolation of the Microsoft Azure Government environment is achieved through a series of physical and logical controls, and associated capabilities that include: physically isolated hardware, physical barriers to the hardware using biometric devices and cameras; Conditional Access (RBAC, workflow), specific credentials and multifactor authentication for logical access; infrastructure for Azure Government is located within the United States.
 
 Within the Microsoft Azure Government network, internal network system components are isolated from other system components through implementation of separate subnets and access control policies on management interfaces.  Azure Government does not directly peer with the public internet or with the Microsoft corporate network.  Microsoft Azure Government directly peers to the commercial Microsoft Azure network which has routing and transport capabilities to the Internet and the Microsoft Corporate network.  Azure Government limits its exposed surface area by leveraging additional protections and communications capabilities of our commercial Azure network.  In addition, Microsoft Azure Government Express Route (ER) leverages peering with our customer’s networks over non-Internet private circuits to route ER customer “DMZ” networks using specific Border Gateway Protocol (BGP)/AS peering as a trust boundary for application routing and associated policy enforcement. 
 

articles/data-lake-store/data-lake-store-overview.md

@@ -58,7 +58,7 @@ Data Lake Storage Gen1 uses Azure Active Directory (Azure AD) for authentication
 
 | Feature | Description |
 | --- | --- |
-| Authentication |Data Lake Storage Gen1 integrates with Azure AD for identity and access management for all the data stored in Data Lake Storage Gen1. Because of the integration, Data Lake Storage Gen1 benefits from all Azure AD feature such as multi-factor authentication, conditional access, role-based access control, application usage monitoring, security monitoring and alerting, and so on. Data Lake Storage Gen1 supports the OAuth 2.0 protocol for authentication within the REST interface. See [Data Lake Storage Gen1 authentication](data-lakes-store-authentication-using-azure-active-directory.md).|
+| Authentication |Data Lake Storage Gen1 integrates with Azure AD for identity and access management for all the data stored in Data Lake Storage Gen1. Because of the integration, Data Lake Storage Gen1 benefits from all Azure AD feature such as multi-factor authentication, Conditional Access, role-based access control, application usage monitoring, security monitoring and alerting, and so on. Data Lake Storage Gen1 supports the OAuth 2.0 protocol for authentication within the REST interface. See [Data Lake Storage Gen1 authentication](data-lakes-store-authentication-using-azure-active-directory.md).|
 | Access control |Data Lake Storage Gen1 provides access control by supporting POSIX-style permissions exposed by the WebHDFS protocol. You can enable ACLs on the root folder, on subfolders, and on individual files. For more information about how ACLs work in the context of Data Lake Storage Gen1, see [Access control in Data Lake Storage Gen1](data-lake-store-access-control.md). |
 | Encryption |Data Lake Storage Gen1 also provides encryption for data that's stored in the account. You specify the encryption settings while creating a Data Lake Storage Gen1 account. You can choose to have your data encrypted or opt for no encryption. For more information, see [Encryption in Data Lake Storage Gen1](data-lake-store-encryption.md). For instructions on how to provide encryption-related configuration, see [Get started with Data Lake Storage Gen1 using the Azure portal](data-lake-store-get-started-portal.md). |
 

articles/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds.md

@@ -21,7 +21,7 @@ In this article, you learn how to configure a HDInsight cluster with ESP by usin
 ## Enable Azure AD-DS
 
 > [!NOTE]  
-> Only tenant administrators have the privileges to enable Azure AD-DS. If the cluster storage is Azure Data Lake Storage (ADLS) Gen1 or Gen2, you must disable Multi-Factor Authentication (MFA) only for users who will need to access the cluster using basic Kerberos authentications. You can use [trusted IPs](../../active-directory/authentication/howto-mfa-mfasettings.md#trusted-ips) or [conditional access](../../active-directory/conditional-access/overview.md) to disable MFA for specific users ONLY when they are accessing the HDInsight cluster VNET IP range. If you are using conditional access please make sure that AD service endpoint in enabled on the HDInsight VNET.
+> Only tenant administrators have the privileges to enable Azure AD-DS. If the cluster storage is Azure Data Lake Storage (ADLS) Gen1 or Gen2, you must disable Multi-Factor Authentication (MFA) only for users who will need to access the cluster using basic Kerberos authentications. You can use [trusted IPs](../../active-directory/authentication/howto-mfa-mfasettings.md#trusted-ips) or [Conditional Access](../../active-directory/conditional-access/overview.md) to disable MFA for specific users ONLY when they are accessing the HDInsight cluster VNET IP range. If you are using Conditional Access please make sure that AD service endpoint in enabled on the HDInsight VNET.
 >
 > If the cluster storage is Azure Blob Storage (WASB), do not disable MFA.
 

articles/hdinsight/hdinsight-hadoop-compare-storage-options.md

@@ -211,7 +211,7 @@ Data Lake Storage Gen1 uses Azure Active Directory for authentication and uses a
 
 | **Feature** | **Description** |
 | --- | --- |
-| Authentication |Data Lake Storage Gen1 integrates with Azure Active Directory (Azure AD) for identity and access management for all the data stored in Data Lake Storage Gen1. Because of the integration, Data Lake Storage Gen1 benefits from all Azure AD features. These features include multifactor authentication, conditional access, role-based access control, application usage monitoring, security monitoring and alerting, and so on. Data Lake Storage Gen1 supports the OAuth 2.0 protocol for authentication within the REST interface. See [Authentication within Azure Data Lake Storage Gen1 using Azure Active Directory](../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)|
+| Authentication |Data Lake Storage Gen1 integrates with Azure Active Directory (Azure AD) for identity and access management for all the data stored in Data Lake Storage Gen1. Because of the integration, Data Lake Storage Gen1 benefits from all Azure AD features. These features include multifactor authentication, Conditional Access, role-based access control, application usage monitoring, security monitoring and alerting, and so on. Data Lake Storage Gen1 supports the OAuth 2.0 protocol for authentication within the REST interface. See [Authentication within Azure Data Lake Storage Gen1 using Azure Active Directory](../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)|
 | Access control |Data Lake Storage Gen1 provides access control by supporting POSIX-style permissions that are exposed by the WebHDFS protocol. ACLs can be enabled on the root folder, on subfolders, and on individual files. For more information on how ACLs work in the context of Data Lake Storage Gen1, see [Access control in Data Lake Storage Gen1](../data-lake-store/data-lake-store-access-control.md). |
 | Encryption |Data Lake Storage Gen1 also provides encryption for data that is stored in the account. You specify the encryption settings while creating a Data Lake Storage Gen1 account. You can choose to have your data encrypted or opt for no encryption. For more information, see [Encryption in Data Lake Storage Gen1](../data-lake-store/data-lake-store-encryption.md). For instructions on how to provide an encryption-related configuration, see [Get started with Azure Data Lake Storage Gen1 using the Azure portal](../data-lake-store/data-lake-store-get-started-portal.md). |
 

articles/role-based-access-control/TOC.yml

@@ -32,7 +32,7 @@
     href: role-definitions.md
   - name: PIM for Azure resources
     href: pim-azure-resource.md
-  - name: Conditional access for Azure management
+  - name: Conditional Access for Azure management
     href: conditional-access-azure-management.md
 - name: How-to guides
   items:

articles/role-based-access-control/conditional-access-azure-management.md

@@ -1,6 +1,6 @@
 ---
-title: Manage access to Azure management with conditional access in Azure Active Directory
-description: Learn about using conditional access in Azure AD to manage access to Azure management.
+title: Manage access to Azure management with Conditional Access in Azure Active Directory
+description: Learn about using Conditional Access in Azure AD to manage access to Azure management.
 services: active-directory
 documentationcenter: ''
 author: rolyon
@@ -17,19 +17,19 @@ ms.author: rolyon
 ms.reviewer: skwan
 ---
 
-# Manage access to Azure management with conditional access
+# Manage access to Azure management with Conditional Access
 
-Conditional access in Azure Active Directory (Azure AD) controls access to cloud apps based on specific conditions that you specify. To allow access, you create conditional access policies that allow or block access based on whether or not the requirements in the policy are met. 
+Conditional Access in Azure Active Directory (Azure AD) controls access to cloud apps based on specific conditions that you specify. To allow access, you create Conditional Access policies that allow or block access based on whether or not the requirements in the policy are met. 
 
-Typically, you use conditional access to control access to your cloud apps. You can also set up policies to control access to Azure management based on certain conditions (such as sign-in risk, location, or device) and to enforce requirements like multi-factor authentication.
+Typically, you use Conditional Access to control access to your cloud apps. You can also set up policies to control access to Azure management based on certain conditions (such as sign-in risk, location, or device) and to enforce requirements like multi-factor authentication.
 
 To create a policy for Azure management, you select **Microsoft Azure Management** under **Cloud apps** when choosing the app to which to apply the policy.
 
-![Conditional access for Azure management](./media/conditional-access-azure-management/conditional-access-azure-mgmt.png)
+![Conditional Access for Azure management](./media/conditional-access-azure-management/conditional-access-azure-mgmt.png)
 
 The policy you create applies to all Azure management endpoints, including Azure portal, Azure Resource Manager provider, classic Service Management APIs, Azure PowerShell, and Visual Studio subscriptions administrator portal. Note that the policy applies to Azure PowerShell, which calls the Azure Resource Manager API. It does not apply to [Azure AD PowerShell](/powershell/azure/active-directory/install-adv2), which calls Microsoft Graph.
 
 > [!CAUTION]
-> Make sure you understand how conditional access works before setting up a policy to manage access to Azure management. Make sure you don't create conditions that could block your own access to the portal.
+> Make sure you understand how Conditional Access works before setting up a policy to manage access to Azure management. Make sure you don't create conditions that could block your own access to the portal.
 
-For more information on how to set up and use conditional access, see [Conditional access in Azure Active Directory](../active-directory/active-directory-conditional-access-azure-portal.md).
+For more information on how to set up and use Conditional Access, see [Conditional Access in Azure Active Directory](../active-directory/active-directory-conditional-access-azure-portal.md).

articles/security-center/security-center-identity-access.md

@@ -119,7 +119,7 @@ Use the table below as a reference to help you understand the available Identity
 |Subscription|15|External accounts with read permissions should be removed  from your subscription|Remove external accounts with read privileges from your subscription in order to prevent unmonitored access.| 
 
 > [!NOTE]
-> If you created a conditional access policy that necessitates MFA but has exclusions set, the Security Center MFA recommendation assessment considers the policy non-compliant, because it enables some users to sign in to Azure without MFA.
+> If you created a Conditional Access policy that necessitates MFA but has exclusions set, the Security Center MFA recommendation assessment considers the policy non-compliant, because it enables some users to sign in to Azure without MFA.
 
 ## Next steps
 To learn more about recommendations that apply to other Azure resource types, see the following: