Merge pull request #25 from MicrosoftDocs/master

update fork

Author: ajlam

.openpublishing.publish.config.json

@@ -194,7 +194,7 @@
     {
       "path_to_root": "samples-cognitive-services-speech-sdk",
       "url": "https://github.com/Azure-Samples/cognitive-services-speech-sdk",
-      "branch": "rhurey/quickstart.refactor"
+      "branch": "release-ignite-cogserv-speech-service"
     },
     {
       "path_to_root": "media-services-v3-dotnet-quickstarts",

.openpublishing.redirection.json

@@ -90,7 +90,7 @@ Update the settings in the Web.config file to work with your user flow:
 1. In the **TaskWebApp** project, open the **Web.config** file.
     1. Update the value of `ida:Tenant` and `ida:AadInstance` with the name of the Azure AD B2C tenant that you created. For example, replace `fabrikamb2c` with `contoso`.
     1. Replace the value of `ida:ClientId` with the application ID that you recorded.
-    1. Replace the value of `ida:ClientSecret` with the key that you recorded. You must XML-encode the client secret before adding it to your Web.config.
+    1. Replace the value of `ida:ClientSecret` with the key that you recorded. If the client secret contains any predefined XML entities, for example less than (`<`), greater than (`>`), ampersand (`&`), or double quote (`"`), you must escape those characters by XML-encoding the client secret before adding it to your Web.config.
     1. Replace the value of `ida:SignUpSignInPolicyId` with `b2c_1_signupsignin1`.
     1. Replace the value of `ida:EditProfilePolicyId` with `b2c_1_profileediting1`.
     1. Replace the value of `ida:ResetPasswordPolicyId` with `b2c_1_passwordreset1`.

articles/active-directory-b2c/active-directory-b2c-tutorials-web-app.md

@@ -89,7 +89,7 @@ For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migr
 
 If you're using [MSAL.NET][msal-dotnet] v2 or earlier, set the **ValidateAuthority** property to `false` on client instantiation to allow redirects to *b2clogin.com*. This setting is not required for MSAL.NET v3 and above.
 
-```CSharp
+```csharp
 ConfidentialClientApplication client = new ConfidentialClientApplication(...); // Can also be PublicClientApplication
 client.ValidateAuthority = false; // MSAL.NET v2 and earlier **ONLY**
 ```

articles/active-directory-b2c/b2clogin.md

@@ -105,7 +105,7 @@ This flowchart describes which methods are shown to a user when interrupted to r
 
 If you have both Multi-Factor Authentication and SSPR enabled, we recommend that you enforce Multi-Factor Authentication registration.
 
-If the SSPR policy requires users to review their security info at regular intervals, users are interrupted during sign-in and shown all their registered methods. They can confirm the current info if it's up-to-date, or they can make changes if they need to.
+If the SSPR policy requires users to review their security info at regular intervals, users are interrupted during sign-in and shown all their registered methods. They can confirm the current info if it's up-to-date, or they can make changes if they need to. Users must perform multi-factor authentication when accessing this page.
 
 ### Manage mode
 

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -50,15 +50,15 @@ The two-gate policy requires two pieces of authentication data, such as an **ema
   * Privileged Authentication administrator
 
 * If 30 days have elapsed in a trial subscription; or
-* A vanity domain is present, such as contoso.com; or
+* A custom domain has been configured for your Azure AD tenant, such as *contoso.com*; or
 * Azure AD Connect is synchronizing identities from your on-premises directory
 
 ### Exceptions
 
 A one-gate policy requires one piece of authentication data, such as an email address *or* phone number. A one-gate policy applies in the following circumstances:
 
 * It's within the first 30 days of a trial subscription; or
-* A vanity domain isn't present (*.onmicrosoft.com); and
+* A custom domain hasn't been configured for your Azure AD tenant so is using the default **.onmicrosoft.com*. Note that the default **.onmicrosoft.com* domain isn't recommended for production use; and
 * Azure AD Connect isn't synchronizing identities
 
 ## UserPrincipalName policies that apply to all user accounts

articles/active-directory/authentication/concept-sspr-policy.md

@@ -93,6 +93,10 @@ If you encounter one of these errors, we recommend that you [contact support](#c
 
 If your users are [Having trouble with two-step verification](../user-help/multi-factor-authentication-end-user-troubleshoot.md), help them self-diagnose problems.
 
+### Health check script
+
+The [Azure MFA NPS Extension health check script](https://gallery.technet.microsoft.com/Azure-MFA-NPS-Extension-648de6bb) is available on the TechNet Gallery to perform a basic health check when troubleshooting the NPS extension. Run the script and choose option 3.
+
 ### Contact Microsoft support
 
 If you need additional help, contact a support professional through [Azure Multi-Factor Authentication Server support](https://support.microsoft.com/oas/default.aspx?prid=14947). When contacting us, it's helpful if you can include as much information about your issue as possible. Information you can supply includes the page where you saw the error, the specific error code, the specific session ID, the ID of the user who saw the error, and debug logs.

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -117,11 +117,11 @@ This section provides instructions for configuring RDS infrastructure to use Azu
 As part of the configuration of the NPS extension, you need to supply admin credentials and the Azure AD ID for your Azure AD tenant. The following steps show you how to get the tenant ID.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of the Azure tenant.
-1. In the left navigation, select the **Azure Active Directory** icon.
+1. In the Azure portal menu, select **Azure Active Directory**, or search for and select **Azure Active Directory** from any page.
 1. Select **Properties**.
 1. In the Properties blade, beside the Directory ID, click the **Copy** icon, as shown below, to copy the ID to clipboard.
 
-   ![Getting the Directory ID from the Azure portal](./media/howto-mfa-nps-extension-rdg/image1.png)
+   ![Getting the Directory ID from the Azure portal](./media/howto-mfa-nps-extension-rdg/azure-active-directory-id-in-azure-portal.png)
 
 ### Install the NPS extension
 

articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md

@@ -323,13 +323,13 @@ As part of the configuration of the NPS extension, you must supply administrator
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of the Azure tenant.
 
-2. In the left pane, select the **Azure Active Directory** button.
+2. In the Azure portal menu, select **Azure Active Directory**, or search for and select **Azure Active Directory** from any page.
 
 3. Select **Properties**.
 
 4. To copy your Azure AD ID, select the **Copy** button.
 
-    ![Azure AD Directory ID in the Azure portal](./media/howto-mfa-nps-extension-vpn/image35.png)
+    ![Azure AD Directory ID in the Azure portal](./media/howto-mfa-nps-extension-vpn/azure-active-directory-id-in-azure-portal.png)
 
 ### Install the NPS extension
 

articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md

@@ -131,6 +131,16 @@ Identify users who have not registered for MFA using the PowerShell that follows
 
 ```Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName```
 
+Identify users and output methods registered. 
+
+```PowerShell
+Get-MsolUser -All | Select-Object @{N='UserPrincipalName';E={$_.UserPrincipalName}},
+
+@{N='MFA Status';E={if ($_.StrongAuthenticationRequirements.State){$_.StrongAuthenticationRequirements.State} else {"Disabled"}}},
+
+@{N='MFA Methods';E={$_.StrongAuthenticationMethods.methodtype}} | Export-Csv -Path c:\MFA_Report.csv -NoTypeInformation
+```
+
 ## Possible results in activity reports
 
 The following table may be used to troubleshoot multi-factor authentication using the downloaded version of the multi-factor authentication activity report. They will not appear directly in the Azure portal.