MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/how-to-mfa-additional-context.md
Lines changed: 16 additions & 10 deletions b/‎articles/active-directory/authentication/how-to-mfa-additional-context.md
Lines changed: 16 additions & 10 deletions
diff --git a/‎articles/active-directory/authentication/how-to-mfa-number-match.md
Lines changed: 23 additions & 20 deletions b/‎articles/active-directory/authentication/how-to-mfa-number-match.md
Lines changed: 23 additions & 20 deletions
diff --git a/‎articles/active-directory/authentication/howto-authentication-sms-signin.md
Lines changed: 11 additions & 13 deletions b/‎articles/active-directory/authentication/howto-authentication-sms-signin.md
Lines changed: 11 additions & 13 deletions
@@ -4,7 +4,7 @@ description: Learn how to use additional context in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/23/2022
+ms.date: 08/08/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -13,7 +13,7 @@ ms.collection: M365-identity-device-management
 ---
 # How to use additional context in Microsoft Authenticator app notifications (Preview) - Authentication Methods Policy
 
-This topic covers how to improve the security of user sign-in by adding the application and location in Microsoft Authenticator app push notifications.  
+This article covers how to improve the security of user sign-in by adding the application and location in Microsoft Authenticator app push notifications.  
 
 ## Prerequisites
 
@@ -50,7 +50,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 | Property | Type | Description |
 |---------|------|-------------|
-| id | String | The authentication method policy identifier. |
+| ID | String | The authentication method policy identifier. |
 | state | authenticationMethodState | Possible values are: **enabled**<br>**disabled** |
 
 **RELATIONSHIPS**
@@ -67,7 +67,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | Property | Type | Description |
 |----------|------|-------------|
 | authenticationMode | String | Possible values are:<br>**any**: Both passwordless phone sign-in and traditional second factor notifications are allowed.<br>**deviceBasedPush**: Only passwordless phone sign-in notifications are allowed.<br>**push**: Only traditional second factor push notifications are allowed. |
-| id | String | Object ID of an Azure AD user or group. |
+| ID | String | Object ID of an Azure AD user or group. |
 | targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>You can only set one group or user for additional context. |
 | displayAppInformationRequiredState | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
@@ -78,7 +78,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 Change the **displayAppInformationRequiredState** from **default** to **enabled**. 
 
-The value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you do not want to allow passwordless, use **push**.
+The value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you don't want to allow passwordless, use **push**.
 
 You need to PATCH the entire includeTarget to prevent overwriting any previous configuration. In that case, do a GET first, update only the relevant fields, and then PATCH. The following example only shows the update to the **displayAppInformationRequiredState**. 
 
@@ -182,18 +182,24 @@ To turn off additional context, you'll need to PATCH remove **displayAppInformat
 
 To enable additional context in the Azure AD portal, complete the following steps:
 
-1. In the Azure AD portal, click **Security** > **Authentication methods** > **Microsoft Authenticator**.
-1. Select the target users, click the three dots on the right, and click **Configure**.
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
+1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. From the list of available authentication methods, select **Microsoft Authenticator**.
+
+    ![Screenshot that shows how to select the Microsoft Authenticator policy](./media/how-to-mfa-additional-context/select-microsoft-authenticator-policy.png)
+
+1. Select the target users, select the three dots on the right, and choose **Configure**.
 
-   ![Screenshot of how to configure number match.](media/howto-authentication-passwordless-phone/configure.png)
+   ![Screenshot of configuring Microsoft authenticator additional context.](./media/how-to-mfa-additional-context/configure-microsoft-authenticator.png)
 
-1. Select the **Authentication mode**, and then for **Show additional context in notifications (Preview)**, click **Enable**, and then click **Done**.
+1. Select the **Authentication mode**, and then for **Show additional context in notifications (Preview)**, select **Enable**, and then select **Done**.
 
    ![Screenshot of enabling additional context.](media/howto-authentication-passwordless-phone/enable-additional-context.png)
 
 ## Known issues
 
-Additional context is not supported for Network Policy Server (NPS). 
+Additional context isn't supported for Network Policy Server (NPS). 
 
 ## Next steps
 
 
@@ -4,7 +4,7 @@ description: Learn how to use number matching in MFA notifications
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 08/07/2022
+ms.date: 08/08/2022
 ms.author: justinha
 author: mjsantani
 ms.collection: M365-identity-device-management
@@ -13,7 +13,7 @@ ms.collection: M365-identity-device-management
 ---
 # How to use number matching in multifactor authentication (MFA) notifications (Preview) - Authentication Methods Policy
 
-This topic covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
+This article covers how to enable number matching in Microsoft Authenticator push notifications to improve user sign-in security.  
 
 >[!NOTE]
 >Number matching is a key security upgrade to traditional second factor notifications in the Authenticator app that will be enabled by default for all tenants a few months after general availability (GA).<br> 
@@ -42,7 +42,7 @@ Number matching is available for the following scenarios. When enabled, all scen
 
 ### Multifactor authentication
 
-When a user responds to an MFA push notification using the Authenticator app, they will be presented with a number. They need to type that number into the app to complete the approval. 
+When a user responds to an MFA push notification using the Authenticator app, they'll be presented with a number. They need to type that number into the app to complete the approval. 
 
 ![Screenshot of user entering a number match.](media/howto-authentication-passwordless-phone/phone-sign-in-microsoft-authenticator-app.png)
 
@@ -71,7 +71,7 @@ Make sure you run the latest version of the [NPS extension](https://www.microsof
 
 Because the NPS extension can't show a number, a user who is enabled for number matching will still be prompted to **Approve**/**Deny**. However, you can create a registry key that overrides push notifications to ask a user to enter a One-Time Passcode (OTP). The user must have an OTP authentication method registered to see this behavior. Common OTP authentication methods include the OTP available in the Authenticator app, other software tokens, and so on. 
 
-If the user doesn't have an OTP method registered, they will continue to get the **Approve**/**Deny** experience. A user with number matching disabled will always see the **Approve**/**Deny** experience.
+If the user doesn't have an OTP method registered, they'll continue to get the **Approve**/**Deny** experience. A user with number matching disabled will always see the **Approve**/**Deny** experience.
 
 To create the registry key that overrides push notifications:
 
@@ -98,7 +98,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 | Property | Type | Description |
 |---------|------|-------------|
-| id | String | The authentication method policy identifier. |
+| ID | String | The authentication method policy identifier. |
 | state | authenticationMethodState | Possible values are: **enabled**<br>**disabled** |
 
 **RELATIONSHIPS**
@@ -115,18 +115,18 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | Property | Type | Description |
 |----------|------|-------------|
 | authenticationMode | String | Possible values are:<br>**any**: Both passwordless phone sign-in and traditional second factor notifications are allowed.<br>**deviceBasedPush**: Only passwordless phone sign-in notifications are allowed.<br>**push**: Only traditional second factor push notifications are allowed. |
-| id | String | Object ID of an Azure AD user or group. |
-| targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>Please note: You will be able to only set one group or user for number matching. |
+| ID | String | Object ID of an Azure AD user or group. |
+| targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.<br>Note: You'll be able to only set one group or user for number matching. |
 | numberMatchingRequiredState | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
 >[!NOTE]
 >Number matching can only be enabled for a single group.
 
 #### Example of how to enable number matching for all users
 
-You will need to change the **numberMatchingRequiredState** from **default** to **enabled**. 
+You'll need to change the **numberMatchingRequiredState** from **default** to **enabled**. 
 
-Note that the value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we will use **any**, but if you do not want to allow passwordless, use **push**. 
+Note that the value of Authentication Mode can be either **any** or **push**, depending on whether or not you also want to enable passwordless phone sign-in. In these examples, we'll use **any**, but if you don't want to allow passwordless, use **push**. 
 
 >[!NOTE]
 >For passwordless users, enabling or disabling number matching has no impact because it's already part of the passwordless experience. 
@@ -157,14 +157,14 @@ You might need to patch the entire includeTarget to prevent overwriting any prev
 
 ```
 
-To confirm this has applied, please run the GET request below using the endpoint below.
+To confirm this update has applied, please run the GET request below using the endpoint below.
 GET - https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
 
 
 #### Example of how to enable number matching for a single group
 
-We will need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
-You will need to change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
+We'll need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
+You'll need to change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
 
 You need to PATCH the entire includeTarget to prevent overwriting any previous configuration. We recommend that you do a GET first, and then update only the relevant fields and then PATCH. The example below only shows the update to the **numberMatchingRequiredState**. 
 
@@ -208,7 +208,7 @@ See the end user experience of an Authenticator MFA push notification with numbe
 
 ### Turn off number matching
 
-To turn number matching off, you will need to PATCH remove **numberMatchingRequiredState** from **enabled** to **disabled**/**default**.
+To turn number matching off, you'll need to PATCH remove **numberMatchingRequiredState** from **enabled** to **disabled**/**default**.
 
 ```json
 {
@@ -235,20 +235,23 @@ To enable number matching in the Azure portal, complete the following steps:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
 1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
-1. Under the **Manage** menu header, select **Authentication methods**, then **Policies**.
-1. From the list of policies, select **Microsoft Authenticator**.
-1. Select the target users, click the three dots on the right, and choose **Configure**.
+1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. From the list of available authentication methods, select **Microsoft Authenticator**.
+
+    ![Screenshot that shows how to select the Microsoft Authenticator policy](./media/how-to-mfa-number-match/select-microsoft-authenticator-policy.png)
+
+1. Select the target users, select the three dots on the right, and choose **Configure**.
 
-   ![Screenshot of configuring number match.](media/howto-authentication-passwordless-phone/configure.png)
+   ![Screenshot of configuring number match.](./media/how-to-mfa-number-match/configure-microsoft-authenticator.png)
 
-1. Select the **Authentication mode**, and then for **Require number matching (Preview)**, click **Enable**, and then click **Done**. 
+1. Select the **Authentication mode**, and then for **Require number matching (Preview)**, select **Enable**, and then select **Done**. 
 
-   ![Screenshot of enabling number match.](media/howto-authentication-passwordless-phone/enable-number-matching.png)
+   ![Screenshot of enabling number match configuration.](media/howto-authentication-passwordless-phone/enable-number-matching.png)
 
 >[!NOTE]
 >[Least privileged role in Azure Active Directory - Multifactor authentication](../roles/delegate-by-task.md#multi-factor-authentication)
 
-Number matching is not supported for Apple Watch notifications. Apple Watch need to use their phone to approve notifications when number matching is enabled.
+Number matching isn't supported for Apple Watch notifications. Apple Watch need to use their phone to approve notifications when number matching is enabled.
 
 ## Next steps
 
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 02/10/2022
+ms.date: 08/08/2022
 ms.author: justinha
 author: justinha
 manager: karenhoran
@@ -45,7 +45,7 @@ Here are some known issues:
 * SMS-based authentication isn't recommended for B2B accounts.
 * Federated users won't authenticate in the home tenant. They only authenticate in the cloud.
 * If a user's default sign-in method is a text or call to your phone number, then the SMS code or voice call is sent automatically during multifactor authentication. As of June 2021, some apps will ask users to choose **Text** or **Call** first. This option prevents sending too many security codes for different apps. If the default sign-in method is the Microsoft Authenticator app ([which we highly recommend](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752)), then the app notification is sent automatically.
-* SMS-based authentication has reached general availability, and we are working to remove the **(Preview)** label in the Azure portal.
+* SMS-based authentication has reached general availability, and we're working to remove the **(Preview)** label in the Azure portal.
 
 
 ## Enable the SMS-based authentication method
@@ -59,14 +59,15 @@ There are three main steps to enable and use SMS-based authentication in your or
 
 First, let's enable SMS-based authentication for your Azure AD tenant.
 
-1. Sign in to the [Azure portal][azure-portal] as a *global administrator*.
-1. Search for and select **Azure Active Directory**.
-1. From the navigation menu on the left-hand side of the Azure Active Directory window, select **Security > Authentication methods > Authentication method policy**.
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
+1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
+1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. From the list of available authentication methods, select **Text message**.
 
-    [![Browse to and select the Authentication method policy window in the Azure portal.](media/howto-authentication-sms-signin/authentication-method-policy-cropped.png)](media/howto-authentication-sms-signin/authentication-method-policy.png#lightbox)
+    ![Screenshot that shows how to select the text message authentication method.](./media/howto-authentication-sms-signin/select-text-message-policy.png)
 
-1. From the list of available authentication methods, select **Text message**.
-1. Set **Enable** to *Yes*.
+
+1. Set **Enable** to *Yes*. Then select the **Target users**.
 
     ![Enable text authentication in the authentication method policy window](./media/howto-authentication-sms-signin/enable-text-authentication-method.png)
 
@@ -78,9 +79,6 @@ With SMS-based authentication enabled in your Azure AD tenant, now select some u
 
 1. In the text message authentication policy window, set **Target** to *Select users*.
 1. Choose to **Add users or groups**, then select a test user or group, such as *Contoso User* or *Contoso SMS Users*.
-
-    [![Choose users or groups to enable for SMS-based authentication in the Azure portal.](media/howto-authentication-sms-signin/add-users-or-groups-cropped.png)](media/howto-authentication-sms-signin/add-users-or-groups.png#lightbox)
-
 1. When you've selected your users or groups, choose **Select**, then **Save** the updated authentication method policy.
 
 Each user that's enabled in the text message authentication method policy must be licensed, even if they don't use it. Make sure you have the appropriate licenses for the users you enable in the authentication method policy, especially when you enable the feature for large groups of users.
@@ -133,7 +131,7 @@ For a list of apps that support using SMS-based sign-in, see [App support for SM
 
 ### Phone number already set for a user account
 
-If a user has already registered for Azure AD Multi-Factor Authentication and / or self-service password reset (SSPR), they already have a phone number associated with their account. This phone number is not automatically available for use with SMS-based sign-in.
+If a user has already registered for Azure AD Multi-Factor Authentication and / or self-service password reset (SSPR), they already have a phone number associated with their account. This phone number isn't automatically available for use with SMS-based sign-in.
 
 A user that has a phone number already set for their account is displayed a button to *Enable for SMS sign-in* in their **My Profile** page. Select this button, and the account is enabled for use with SMS-based sign-in and the previous Azure AD Multi-Factor Authentication or SSPR registration.
 
@@ -152,7 +150,7 @@ If you receive an error when you try to set a phone number for a user account in
 ## Next steps
 
 - For a list of apps that support using SMS-based sign-in, see [App support for SMS-based authentication](how-to-authentication-sms-supported-apps.md).
-- For additional ways to sign in to Azure AD without a password, such as the Microsoft Authenticator App or FIDO2 security keys, see [Passwordless authentication options for Azure AD][concepts-passwordless].
+- For more ways to sign in to Azure AD without a password, such as the Microsoft Authenticator App or FIDO2 security keys, see [Passwordless authentication options for Azure AD][concepts-passwordless].
 - You can also use the Microsoft Graph REST API to [enable][rest-enable] or [disable][rest-disable] SMS-based sign-in.