updating

Author: billmath

articles/active-directory/hybrid/cloud-sync/how-to-install-pshell.md

@@ -85,7 +85,7 @@ The Windows server must have TLS 1.2 enabled before you install the Azure AD Con
        ```
        Restart-Service -Name AADConnectProvisioningAgent  
        ```
- 16. Go to the Azure portal to create the cloud sync configuration.
+ 16. Go to the Entra portal to create the cloud sync configuration.
 
 ## Provisioning agent gMSA PowerShell cmdlets
 Now that you've installed the agent, you can apply more granular permissions to the gMSA. For information and step-by-step instructions on how to configure the permissions, see [Azure AD Connect cloud provisioning agent gMSA PowerShell cmdlets](how-to-gmsa-cmdlets.md).

articles/active-directory/hybrid/cloud-sync/how-to-install.md

@@ -1,6 +1,6 @@
 ---
 title: 'Install the Azure AD Connect provisioning agent'
-description: Learn how to install the Azure AD Connect provisioning agent and how to configure it in the Azure portal.
+description: Learn how to install the Azure AD Connect provisioning agent and how to configure it in the Entra portal.
 services: active-directory
 author: billmath
 manager: amycolannino
@@ -15,7 +15,7 @@ ms.collection: M365-identity-device-management
 
 # Install the Azure AD Connect provisioning agent
 
-This article walks you through the installation process for the Azure Active Directory (Azure AD) Connect provisioning agent and how to initially configure it in the Azure portal.
+This article walks you through the installation process for the Azure Active Directory (Azure AD) Connect provisioning agent and how to initially configure it in the Entra portal.
 
 > [!IMPORTANT]
 > The following installation instructions assume that you've met all the [prerequisites](how-to-prerequisites.md).

articles/active-directory/hybrid/cloud-sync/how-to-prerequisites.md

@@ -105,7 +105,7 @@ If there's a firewall between your servers and Azure AD, configure the following
    | --- | --- |
    | **80** | Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate.  |
    | **443** | Handles all outbound communication with the service. |
-   | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed in the Azure portal. |
+   | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed in the Entra portal. |
  
 - If your firewall enforces rules according to the originating users, open these ports for traffic from Windows services that run as a network service.
 - If your firewall or proxy allows you to specify safe suffixes, add connections: 

articles/active-directory/hybrid/cloud-sync/how-to-transformation.md

@@ -89,7 +89,7 @@ To add a custom attribute mapping, follow these steps.
 
     ![Run Query](media/how-to-transformation/transform-2.png)
 
- 1. Now, in the Azure portal, go to the cloud sync configuration and select **Restart provisioning**.
+ 1. Now, in the portal, go to the cloud sync configuration and select **Restart provisioning**.
 
     ![Restart provisioning](media/how-to-transformation/transform-3.png)
 

articles/active-directory/hybrid/cloud-sync/how-to-troubleshoot.md

@@ -23,9 +23,9 @@ When you troubleshoot agent problems, you verify that the agent was installed co
 - Is the agent in the portal?
 - Is the agent marked as healthy?
 
-You can verify these items in the Azure portal and on the local server that's running the agent.
+You can verify these items in the portal and on the local server that's running the agent.
 
-### Azure portal agent verification
+### Entra portal agent verification
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
@@ -142,7 +142,7 @@ To gather additional details for troubleshooting agent-related problems, follow
 
 ## Object synchronization problems
 
-In the Azure portal, you can use provisioning logs to help track down and troubleshoot object synchronization problems. To view the logs, select **Logs**.
+In the portal, you can use provisioning logs to help track down and troubleshoot object synchronization problems. To view the logs, select **Logs**.
 
 ![Screenshot that shows the logs button.](media/how-to-troubleshoot/log-1.png)
 
@@ -192,7 +192,7 @@ Then you should see the status on your agent as healthy.
 
 #### Restart the provisioning job
 
-Use the Azure portal to restart the provisioning job. On the agent configuration page, select **Restart sync**.
+Use the portal to restart the provisioning job. On the agent configuration page, select **Restart sync**.
 
   ![Screenshot that shows options on the agent configuration page.](media/how-to-troubleshoot/quarantine-3.png)
 

articles/active-directory/hybrid/cloud-sync/reference-error-codes.md

@@ -25,7 +25,7 @@ The following is a list of error codes and their description
 |HybridSynchronizationActiveDirectoryInternalServerError|Error Message: We were unable to process this request at this point. If this issue persists, please contact support and provide the following job identifier: AD2AADProvisioning.30b500eaf9c643b2b78804e80c1421fe.5c291d3c-d29f-4570-9d6b-f0c2fa3d5926. Additional details: Processing of the HTTP request resulted in an exception. |Couldn't process the parameters received in SCIM request to a Search request.|Please see the HTTP response returned by the 'Response' property of this exception for details.|
 |HybridIdentityServiceNoAgentsAssigned|Error Message: We're unable to find an active agent for the domain you're trying to sync. Please check to see if the agents have been removed. If so, re-install the agent again.|There are no agents running. Probably agents have been removed. Register a new agent.|"In this case, you won't see any agent assigned to the domain in portal.|
 |HybridIdentityServiceNoActiveAgents|Error Message: We're unable to find an active agent for the domain you're trying to sync. Please check to see if the agent is running by going to the server, where the agent is installed, and check to see if "Microsoft Azure AD Cloud Sync Agent" under Services is running.|"Agents aren't listening to the ServiceBus endpoint. [The agent is behind a firewall that doesn't allow connections to service bus](../../app-proxy/application-proxy-configure-connectors-with-proxy-servers.md#use-the-outbound-proxy-server)|
-|HybridIdentityServiceInvalidResource|Error Message: We were unable to process this request at this point. If this issue persists, please contact support and provide the following job identifier: AD2AADProvisioning.3a2a0d8418f34f54a03da5b70b1f7b0c.d583d090-9cd3-4d0a-aee6-8d666658c3e9. Additional details: There seems to be an issue with your cloud sync setup. Please re-register your cloud sync agent on your on-premises AD domain and restart configuration from Azure portal.|The resource name must be set so HIS knows which agent to contact.|Please re-register your cloud sync agent on your on-premises AD domain and restart configuration from Azure portal.|
+|HybridIdentityServiceInvalidResource|Error Message: We were unable to process this request at this point. If this issue persists, please contact support and provide the following job identifier: AD2AADProvisioning.3a2a0d8418f34f54a03da5b70b1f7b0c.d583d090-9cd3-4d0a-aee6-8d666658c3e9. Additional details: There seems to be an issue with your cloud sync setup. Please re-register your cloud sync agent on your on-premises AD domain and restart configuration from portal.|The resource name must be set so HIS knows which agent to contact.|Please re-register your cloud sync agent on your on-premises AD domain and restart configuration from portal.|
 |HybridIdentityServiceAgentSignalingError|Error Message: We were unable to process this request at this point. If this issue persists, please contact support and provide the following job identifier: AD2AADProvisioning.92d2e8750f37407fa2301c9e52ad7e9b.efb835ef-62e8-42e3-b495-18d5272eb3f9. Additional details: We were unable to process this request at this point. If this issue persists, please contact support with Job ID (from status pane of your configuration).|Service Bus isn't able to send a message to the agent. Could be an outage in service bus, or the agent isn't responsive.|If this issue persists, please contact support with Job ID (from status pane of your configuration).|
 |AzureDirectoryServiceServerBusy|Error Message: An error occurred. Error Code: 81. Error Description: Azure Active Directory is currently busy. This operation will be retried automatically. If this issue persists for more than 24 hours, contact Technical Support. Tracking ID: 8a4ab3b5-3664-4278-ab64-9cff37fd3f4f Server Name:|Azure Active Directory is currently busy.|If this issue persists for more than 24 hours, contact Technical Support.|
 |AzureActiveDirectoryInvalidCredential|Error Message: We found an issue with the service account that is used to run Azure AD Connect Cloud Sync. You can repair the cloud service account by following the instructions at [here](./how-to-troubleshoot.md). If the error persists, please contact support with Job ID (from status pane of your configuration). Additional Error Details: CredentialsInvalid AADSTS50034: The user account {EmailHidden} doesn't exist in the skydrive365.onmicrosoft.com directory. To sign into this application, the account must be added to the directory. Trace ID: 14b63033-3bc9-4bd4-b871-5eb4b3500200 Correlation ID: 57d93ed1-be4d-483c-997c-a3b6f03deb00 Timestamp: 2021-01-12 21:08:29Z |This error is thrown when the sync service account ADToAADSyncServiceAccount doesn't exist in the tenant. It can be due to accidental deletion of the account.|Use [Repair-AADCloudSyncToolsAccount](reference-powershell.md#repair-aadcloudsynctoolsaccount) to fix the service account.|

articles/active-directory/hybrid/cloud-sync/tutorial-existing-forest.md

@@ -24,7 +24,7 @@ You can use the environment you create in this tutorial for testing or for getti
 In this scenario, there's an existing forest synced using Azure AD Connect sync to an Azure AD tenant. And you have a new forest that you want to sync to the same Azure AD tenant. You'll set up cloud sync for the new forest. 
 
 ## Prerequisites
-### In the Azure portal
+### In the Entra portal
 
 1. Create a cloud-only global administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable. Learn about [adding a cloud-only global administrator account](../../fundamentals/add-users.md). Completing this step is critical to ensure that you don't get locked out of your tenant.
 2. Add one or more [custom domain names](../../fundamentals/add-custom-domain.md) to your Azure AD tenant. Your users can sign in with one of these domain names.
@@ -40,7 +40,7 @@ In this scenario, there's an existing forest synced using Azure AD Connect sync
      | --- | --- |
      | **80** | Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate |
      | **443** | Handles all outbound communication with the service |
-     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure portal. |
+     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the portal. |
      
      If your firewall enforces rules according to the originating users, open these ports for traffic from Windows services that run as a network service.
    - If your firewall or proxy allows you to specify safe suffixes, then add  connections to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.

articles/active-directory/hybrid/cloud-sync/tutorial-pilot-aadc-aadccp.md

@@ -153,33 +153,28 @@ If you're using the  [Basic AD and Azure environment](tutorial-basic-ad-azure.md
 
 Use the following steps to configure provisioning:
 
- 1.  In the Azure portal, select **Azure Active Directory**.
- 2.  On the left, select **Azure AD Connect**.
- 3.  On the left, select **Cloud sync**.
- 
- :::image type="content" source="media/how-to-on-demand-provision/new-ux-1.png" alt-text="Screenshot of new UX cloud sync screen." lightbox="media/how-to-on-demand-provision/new-ux-1.png":::
- 
- 4. Select **New configuration**.
+ [!INCLUDE [sign in](../../../../includes/cloud-sync-sign-in.md)] 
+ 3. Select **New configuration**.
  :::image type="content" source="media/how-to-configure/new-ux-configure-1.png" alt-text="Screenshot of adding a configuration." lightbox="media/how-to-configure/new-ux-configure-1.png":::
- 5. On the configuration screen, select your domain and whether to enable password hash sync.  Click **Create**.  
+ 4. On the configuration screen, select your domain and whether to enable password hash sync.  Click **Create**.  
 
  :::image type="content" source="media/how-to-configure/new-ux-configure-2.png" alt-text="Screenshot of a new configuration." lightbox="media/how-to-configure/new-ux-configure-2.png":::
 
- 6.  The **Get started** screen will open.  
+ 5.  The **Get started** screen will open.  
 
   :::image type="content" source="media/how-to-configure/new-ux-configure-3.png" alt-text="Screenshot of the getting started screen." lightbox="media/how-to-configure/new-ux-configure-3.png":::
 
- 7.  On the **Get started** screen, click either **Add scoping filters** next to the **Add scoping filters** icon or on the click **Scoping filters** on the left under **Manage**.
+ 6.  On the **Get started** screen, click either **Add scoping filters** next to the **Add scoping filters** icon or on the click **Scoping filters** on the left under **Manage**.
 
    :::image type="content" source="media/how-to-configure/new-ux-configure-5.png" alt-text="Screenshot of scoping filters." lightbox="media/how-to-configure/new-ux-configure-5.png":::
 
- 8. Select the scoping filter. For this tutorial select:
+ 7. Select the scoping filter. For this tutorial select:
      - **Selected organizational units**: Scopes the configuration to apply to specific OUs. 
- 9. In the box, enter "OU=CPUsers,DC=contoso,DC=com".
+ 8. In the box, enter "OU=CPUsers,DC=contoso,DC=com".
 
    :::image type="content" source="media/tutorial-migrate-aadc-aadccp/configure-1.png" alt-text="Screenshot of the scoping filter." lightbox="media/tutorial-migrate-aadc-aadccp/configure-1.png":::
 
- 10.  Click **Add**. Click **Save**.
+ 9.  Click **Add**. Click **Save**.
 
 
 
@@ -203,7 +198,7 @@ Once the scheduler is enabled, Azure AD Connect will stop exporting any changes
 
 In case the pilot doesn't work as expected, you can go back to the Azure AD Connect sync setup by following the steps below:
 
-1. Disable provisioning configuration in the Azure portal.
+1. Disable provisioning configuration in the portal.
 2. Disable all the custom sync rules created for Cloud Provisioning using the Sync Rule Editor tool. Disabling should cause full sync on all the connectors.
 
 ## Next steps

articles/active-directory/hybrid/cloud-sync/tutorial-single-forest.md

@@ -23,7 +23,7 @@ You can use the environment you create in this tutorial for testing or for getti
 
 ## Prerequisites
 
-### In the Azure portal
+### In the Entra portal
 
 1. Create a cloud-only global administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable. Learn about [adding a cloud-only global administrator account](../../fundamentals/add-users.md). Completing this step is critical to ensure that you don't get locked out of your tenant.
 2. Add one or more [custom domain names](../../fundamentals/add-custom-domain.md) to your Azure AD tenant. Your users can sign in with one of these domain names.
@@ -39,7 +39,7 @@ You can use the environment you create in this tutorial for testing or for getti
      | --- | --- |
      | **80** | Downloads the certificate revocation lists (CRLs) while validating the TLS/SSL certificate |
      | **443** | Handles all outbound communication with the service |
-     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure portal. |
+     | **8080** (optional) | Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the portal. |
      
      If your firewall enforces rules according to the originating users, open these ports for traffic from Windows services that run as a network service.
    - If your firewall or proxy allows you to specify safe suffixes, then add  connections t to **\*.msappproxy.net** and **\*.servicebus.windows.net**. If not, allow access to the [Azure datacenter IP ranges](https://www.microsoft.com/download/details.aspx?id=41653), which are updated weekly.