MicrosoftDocs
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-mfa-from-known-devices/mfa-configuration-settings.png
56.8 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-mfa-from-known-devices/mfa-configuration-settings.png
56.8 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-migrate-to-authenticator/recommendation-migrate-sms-to-authenticator.png
-63.4 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-migrate-to-authenticator/recommendation-migrate-sms-to-authenticator.png
-63.4 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-apps/app-registrations-list.png
76.3 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-apps/app-registrations-list.png
76.3 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-credential-from-apps/app-certificates-secrets.png
75 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-credential-from-apps/app-certificates-secrets.png
75 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-credential-from-apps/app-registrations-list.png
76.3 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-remove-unused-credential-from-apps/app-registrations-list.png
76.3 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-renew-expiring-application-credential/app-certificates-secrets.png
75 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-renew-expiring-application-credential/app-certificates-secrets.png
75 KB
diff --git a/‎articles/active-directory/reports-monitoring/media/recommendation-renew-expiring-application-credential/app-registrations-list.png
76.3 KB b/‎articles/active-directory/reports-monitoring/media/recommendation-renew-expiring-application-credential/app-registrations-list.png
76.3 KB
diff --git a/‎articles/active-directory/reports-monitoring/recommendation-mfa-from-known-devices.md
Lines changed: 12 additions & 14 deletions b/‎articles/active-directory/reports-monitoring/recommendation-mfa-from-known-devices.md
Lines changed: 12 additions & 14 deletions
diff --git a/‎articles/active-directory/reports-monitoring/recommendation-migrate-apps-from-adfs-to-azure-ad.md
Lines changed: 2 additions & 6 deletions b/‎articles/active-directory/reports-monitoring/recommendation-migrate-apps-from-adfs-to-azure-ad.md
Lines changed: 2 additions & 6 deletions
diff --git a/‎articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md
Lines changed: 3 additions & 6 deletions b/‎articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md
Lines changed: 3 additions & 6 deletions
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 03/02/2023
+ms.date: 03/07/2023
 ms.author: sarahlipsey
 ms.reviewer: hafowler
 
@@ -19,37 +19,35 @@ ms.collection: M365-identity-device-management
 
 [Azure AD recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
 
-
 This article covers the recommendation to minimize multi-factor authentication (MFA) prompts from known devices. This recommendation is called `tenantMFA` in the recommendations API in Microsoft Graph. 
 
 ## Description
 
 As an admin, you want to maintain security for your company’s resources, but you also want your employees to easily access resources as needed.
 
-MFA enables you to enhance the security posture of your tenant. While enabling MFA is a good practice, you should try to keep the number of MFA prompts your users have to go through at a minimum. One option you have to accomplish this goal is to **allow users to remember multi-factor authentication on devices they trust**.
-
-The remember multi-factor authentication feature sets a persistent cookie on the browser when a user selects the Don't ask again for X days option at sign-in. The user isn't prompted again for MFA from that browser until the cookie expires. If the user opens a different browser on the same device or clears the cookies, they're prompted again to verify.
+MFA enables you to enhance the security posture of your tenant. While enabling MFA is a good practice, you should try to keep the number of MFA prompts your users have to go through at a minimum. One option you have to accomplish this goal is to **allow users to remember multi-factor authentication on trusted devices**.
 
-![Remember MFA on trusted devices](./media/recommendation-mfa-from-known-devices\remember-mfa-on-trusted-devices.png)
+The "remember multi-factor authentication on trusted device" feature sets a persistent cookie on the browser when a user selects the "Don't ask again for X days" option at sign-in. The user isn't prompted again for MFA from that browser until the cookie expires. If the user opens a different browser on the same device or clears the cookies, they're prompted again to verify.
 
 For more information, see [Configure Azure AD Multi-Factor Authentication settings](../authentication/howto-mfa-mfasettings.md).
 
-
-## Logic 
-
-This recommendation shows up, if you have set the remember multi-factor authentication feature to less than 30 days.
-
+This recommendation shows up if you have set the **remember multi-factor authentication** feature to less than 30 days.
 
 ## Value 
 
 This recommendation improves your user's productivity and minimizes the sign-in time with fewer MFA prompts. Ensure that your most sensitive resources can have the tightest controls, while your least sensitive resources can be more freely accessible.
 
 ## Action plan
 
-1. Review [configure Azure AD Multi-Factor Authentication settings](../authentication/howto-mfa-mfasettings.md).  
+1. Review the [How to configure Azure AD Multi-Factor Authentication settings](../authentication/howto-mfa-mfasettings.md) article.  
+1. Go to **Azure AD** > **Multifactor authentication** > select the **Additional cloud-based multifactor authentication settings** link.
+
+    ![Screenshot of the configuration settings link in Azure AD multifactor authentication section.](media/recommendation-mfa-from-known-devices/mfa-configuration-settings.png)
+
+1. Adjust the number of days in the **remember multi-factor authentication on trusted device** section to 90 days.
+
+    ![Remember MFA on trusted devices](./media/recommendation-mfa-from-known-devices\remember-mfa-on-trusted-devices.png)
 
-2. Set the remember multi-factor authentication feature to 90 days.
- 
 
 ## Next steps
 
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 03/02/2023
+ms.date: 03/07/2023
 ms.author: sarahlipsey
 ms.reviewer: hafowler
 
@@ -23,11 +23,7 @@ This article covers the recommendation to migrate apps from Active Directory Fed
 
 ## Description
 
-As an admin responsible for managing applications, I want my applications to use Azure AD’s security features and maximize their value. 
-
-## Logic 
-
-If a tenant has apps on AD FS, and any of these apps are deemed 100% migratable, this recommendation shows up. 
+As an admin responsible for managing applications, you want your applications to use Azure AD’s security features and maximize their value. This recommendation shows up if your tenant has apps on ADFS that can 100% be migrated to Azure AD.
 
 ## Value 
 
 
@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 03/02/2023
+ms.date: 03/07/2023
 ms.author: sarahlipsey
 ms.reviewer: hafowler
 
@@ -21,17 +21,14 @@ ms.collection: M365-identity-device-management
 
 This article covers the recommendation to migrate users to the Microsoft Authenticator app, which is currently a preview recommendation. This recommendation is called `useAuthenticatorApp` in the recommendations API in Microsoft Graph.
 
-
 ## Description
 
-Multi-factor authentication (MFA) is a key component to improve the security posture of your Azure AD tenant. However, while keeping your tenant safe is important, you should also keep an eye on keeping the security related overhead as little as possible on your users.
+Multi-factor authentication (MFA) is a key component to improve the security posture of your Azure AD tenant. While SMS text and voice calls were once commonly used for multi-factor authentication, they are becoming increasingly less secure. You also don't want to overwhelm your users with lots of MFA methods and messages.
 
-One possibility to accomplish this goal is to migrate users using SMS or voice call for MFA to use the Microsoft authenticator app.
+One way to ease the burden on your users while also increasing the security of their authentication methods is to migrate anyone using SMS or voice call for MFA to use the Microsoft Authenticator app.
 
 This recommendation appears if Azure AD detects that your tenant has users authenticating using SMS or voice instead of the Microsoft Authenticator app in the past week.
 
-![Screenshot of the Migrate from SMS to Microsoft Authenticator app recommendation.](media/recommendation-migrate-to-authenticator/recommendation-migrate-sms-to-authenticator.png)
-
 ## Value 
 
 Push notifications through the Microsoft Authenticator app provide the least intrusive MFA experience for users. This method is the most reliable and secure option because it relies on a data connection rather than telephony.