Merge pull request #95370 from MicrosoftDocs/master

11/08 AM Publish

Author: huypub

articles/active-directory/authentication/howto-mfa-getstarted.md

@@ -206,6 +206,9 @@ function Set-MfaState {
 Get-MsolUser -All | Set-MfaState -State Disabled
 ```
 
+> [!NOTE]
+> We recently changed the behavior and PowerShell script above accordingly. Previously, the script saved off the MFA methods, disabled MFA, and restored the methods. This is no longer necessary now that the default behavior for disable doesn't clear the methods.
+
 ## Plan Conditional Access policies
 
 To plan your Conditional Access policy strategy, which will determine when MFA and other controls are required, refer to [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md).

articles/active-directory/hybrid/how-to-connect-staged-rollout.md

@@ -6,7 +6,7 @@ manager: daveba
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 10/28/2019
+ms.date: 11/07/2019
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -113,18 +113,18 @@ Enable Seamless SSO on the AD forests using PowerShell. If you have more than
 
 2. Navigate to the %programfiles%\\Microsoft Azure Active Directory Connect folder.
 
-3. Import the Seamless SSO PowerShell module using this command: `Import-Module .\\AzureADSSO.psd1`.
+3. Import the Seamless SSO PowerShell module using this command: `Import-Module .\AzureADSSO.psd1`.
 
 4. Run PowerShell as an Administrator. In PowerShell, call `New-AzureADSSOAuthenticationContext`. This command should give you a dialog box where you can enter your tenant's Global Administrator credentials.
 
-5. Call `Get-AzureADSSOStatus \| ConvertFrom-Json`. This command provides you the list of AD forests (look at the \"Domains\" list) on which this feature has been enabled. By default, it is set to false at the tenant level.
+5. Call `Get-AzureADSSOStatus | ConvertFrom-Json`. This command provides you the list of AD forests (look at the \"Domains\" list) on which this feature has been enabled. By default, it is set to false at the tenant level.
 
    > **Example:**
    > ![Example of the Windows PowerShell output](./media/how-to-connect-staged-rollout/sr3.png)
 
-6. Call `\$creds = Get-Credential`. When prompted, enter the Domain Administrator credentials for the intended AD forest.
+6. Call `$creds = Get-Credential`. When prompted, enter the Domain Administrator credentials for the intended AD forest.
 
-7. Call `Enable-AzureADSSOForest -OnPremCredentials \$creds`. This command creates the AZUREADSSOACC computer account from the on-premises domain controller for this specific Active Directory forest that is required for Seamless SSO.
+7. Call `Enable-AzureADSSOForest -OnPremCredentials $creds`. This command creates the AZUREADSSOACC computer account from the on-premises domain controller for this specific Active Directory forest that is required for Seamless SSO.
 
 8. Seamless SSO requires URLs to be in the intranet zone. Please refer to the [seamless single sign-on quickstart](how-to-connect-sso-quick-start.md#step-3-roll-out-the-feature) to deploy those URL's using Group Policies.
 
@@ -236,7 +236,7 @@ Here is how you can track user sign-ins still happening on AD FS for selected st
 
 -   **Q: Can we use PowerShell to perform staged rollout?**
 
--   A: Yes, Please find the documentation to use PowerShell to perform staged rollout here.
+-   A: Yes, Please find the documentation to use PowerShell to perform staged rollout [here](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview#staged_rollout).
 
 ## Next Steps
 - [AzureAD 2.0 preview](https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0-preview#staged_rollout )

articles/active-directory/hybrid/reference-connect-sync-attributes-synchronized.md

@@ -59,7 +59,7 @@ In this case, start with the list of attributes in this topic and identify those
 | company |X |X | | |
 | countryCode |X |X | | |
 | department |X |X | | |
-| description |X |X |X | |
+| description | | |X | |
 | displayName |X |X |X | |
 | dLMemRejectPerms |X |X |X | |
 | dLMemSubmitPerms |X |X |X | |

articles/active-directory/hybrid/reference-connect-version-history.md

@@ -75,8 +75,8 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
 - Added a deprecation warning for the sync service manager on the connector properties page. This warning notifies the user that changes should be made through the AADC wizard.
 - Added new error for issues with a user's password policy.
 - Prevent misconfiguration of  group filtering by domain and OU filters. Group filtering will show an error when the domain/OU of the entered group is already filtered out and keep the user from moving forward until the issue is resolved.
-- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the old UI.
-- Fixed accessibility of custom UI controls in the Sync Service Manager
+- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the Synchronization Service Manager UI.
+- Fixed accessibility of custom UI controls in the Synchronization Service Manager.
 - Enabled six federation management tasks for all sign-in methods in Azure AD Connect.  (Previously, only the “Update AD FS SSL certificate” task was available for all sign-ins.)
 - Added a warning when changing the sign-in method from federation to PHS or PTA that all Azure AD domains and users will be converted to managed authentication.
 - Removed token-signing certificates from the “Reset Azure AD and AD FS trust” task and added a separate sub-task to update these certificates.
@@ -128,7 +128,7 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
 - Add support for Domain Refresh 
 - Exchange Mail Public Folders feature goes GA 
 - Improve wizard error handling for service failures 
-- Added warning link for old UI on connector properties page. 
+- Added warning link on Synchronization Service Manager UI in the connector properties page. 
 - The Unified Groups Writeback feature is now GA 
 - Improved SSPR error message when the DC is missing an LDAP control 
 - Added diagnostics for DCOM registry errors during install  
@@ -154,7 +154,7 @@ Under certain circumstances, servers that were auto upgraded to version 1.4.18.0
 - Fix VSS Errors with LocalDB  
 - Fix misleading error message when object type is not in scope 
 - Corrected an issue where installation of Azure AD PowerShell on a server could potentially cause an assembly conflict with Azure AD Connect. 
-- Fixed PHS bug on Staging Server when Connector Credentials are updated in the old UI. 
+- Fixed PHS bug on Staging Server when Connector Credentials are updated in the Synchronization Service Manager UI. 
 - Fixed some memory leaks 
 - Miscellaneous Autoupgrade fixes 
 - Miscellaneous fixes to Export and Unconfirmed Import Processing 

articles/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow.md

@@ -1,5 +1,5 @@
 ---
-title: Approve or deny requests for Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
+title: Approve or deny requests for Azure AD roles in PIM - Azure AD | Microsoft Docs
 description: Learn how to approve or deny requests for Azure AD roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
@@ -13,7 +13,7 @@ ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 04/09/2019
+ms.date: 11/08/2019
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management

articles/active-directory/privileged-identity-management/azure-pim-resource-rbac.md

@@ -1,5 +1,5 @@
 ---
-title: View activity and audit history for Azure resource roles in PIM - Azure Active Directory | Microsoft Docs
+title: View audit report for Azure resource roles in PIM - Azure AD | Microsoft Docs
 description: View activity and audit history for Azure resource roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
@@ -14,7 +14,7 @@ ms.topic: article
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 04/09/2019
+ms.date: 11/08/2019
 ms.author: curtand
 
 ms.collection: M365-identity-device-management

articles/active-directory/privileged-identity-management/pim-how-to-perform-security-review.md

@@ -1,10 +1,10 @@
 ---
-title: Review access to Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
-description: Learn how to review access of Azure AD roles in Azure AD Privileged Identity Management (PIM).
+title: Review access to Azure AD roles in PIM - Azure AD | Microsoft Docs
+description: Learn how to review access of Azure Active Directory roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
 author: curtand
-manager: mtillman
+manager: daveba
 editor: ''
 
 ms.service: active-directory

articles/active-directory/privileged-identity-management/pim-how-to-start-security-review.md

@@ -1,10 +1,10 @@
 ---
-title: Create an access review of Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
+title: Create an access review of Azure AD roles in PIM - Azure AD | Microsoft Docs
 description: Learn how to create an access review of Azure AD roles in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
 author: curtand
-manager: mtillman
+manager: daveba
 editor: ''
 
 ms.service: active-directory
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 # Create an access review of Azure AD roles in Privileged Identity Management
 
-Requirements for users to obtain access to privileged Azure Active Directory (Azure AD) roles can change over time. To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically.
+To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically.
 
 This article describes how to create one or more access reviews for privileged Azure AD roles.
 

articles/active-directory/privileged-identity-management/pim-resource-roles-custom-role-policy.md

@@ -1,17 +1,17 @@
 ---
-title: Use custom roles for Azure resources in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+title: Use custom roles for Azure resources in PIM - Azure AD | Microsoft Docs
 description: Learn how to use custom roles for Azure resources in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
 author: curtand
-manager: mtillman
+manager: daveba
 ms.service: active-directory
 ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: pim
-ms.date: 10/23/2019
+ms.date: 11/08/2019
 ms.author: curtand
 ms.collection: M365-identity-device-management
 ---

articles/active-directory/privileged-identity-management/pim-resource-roles-overview-dashboards.md

@@ -1,18 +1,18 @@
 ---
-title: Use a resource dashboard to perform an access review in Privileged Identity Management - Azure Active Directory | Microsoft Docs
+title: Resource dashboards for access reviews in PIM - Azure AD | Microsoft Docs
 description: Describes how to use a resource dashboard to perform an access review in Azure AD Privileged Identity Management (PIM).
 services: active-directory
 documentationcenter: ''
 author: curtand
-manager: mtillman
+manager: daveba
 editor: markwahl-msft
 ms.service: active-directory
 ms.workload: identity
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
 ms.subservice: pim
-ms.date: 10/23/2019
+ms.date: 11/08/2019
 ms.author: curtand
 ms.custom: pim
 ms.collection: M365-identity-device-management