MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 31 additions & 66 deletions b/‎.openpublishing.redirection.json
Lines changed: 31 additions & 66 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-getstarted.md
Lines changed: 59 additions & 10 deletions b/‎articles/active-directory/authentication/howto-mfa-getstarted.md
Lines changed: 59 additions & 10 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-userstates.md
Lines changed: 59 additions & 10 deletions b/‎articles/active-directory/authentication/howto-mfa-userstates.md
Lines changed: 59 additions & 10 deletions
diff --git a/‎articles/active-directory/fundamentals/active-directory-data-storage-eu.md
Lines changed: 1 addition & 3 deletions b/‎articles/active-directory/fundamentals/active-directory-data-storage-eu.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎articles/active-directory/hybrid/whatis-phs.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/hybrid/whatis-phs.md
Lines changed: 1 addition & 1 deletion
@@ -16394,71 +16394,6 @@
       "redirect_url": "/azure/service-fabric/service-fabric-tutorial-deploy-app-to-party-cluster",
       "redirect_document_id": false
     },
-    {
-      "source_path": "articles/migrate/contoso-migration-infrastructure.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-assessment.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rehost-vm-sql-managed-instance.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rehost-vm.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rehost-vm-sql-ag.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rehost-linux-vm.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rehost-linux-vm-mysql.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-refactor-web-app-sql.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-refactor-linux-app-service-mysql.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-tfs-vsts.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rearchitect-container-sql.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-rebuild.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "articles/migrate/contoso-migration-scale.md",
-      "redirect_url": "contoso-migration-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "articles/migrate/how-to-tag-v-center.md",
       "redirect_url": "how-to-create-a-group",
@@ -39492,6 +39427,36 @@
       "source_path": "articles/sql-database/sql-database-elastic-jobs-uninstall.md",
       "redirect_url": "/azure/sql-database/elastic-jobs-overview",
       "redirect_document_id": false
-    }
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/analytics-troubleshooting.md",
+      "redirect_url": "/azure/azure-monitor/azure-monitor-app-hub",
+      "redirect_document_id": false
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/detect-triage-diagnose.md",
+      "redirect_url": "/azure/azure-monitor/azure-monitor-app-hub",
+      "redirect_document_id": false
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/scom.md",
+      "redirect_url": "/azure/azure-monitor/azure-monitor-app-hub",
+      "redirect_document_id": false
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/windows-services.md",
+      "redirect_url": "/azure/azure-monitor/azure-monitor-app-hub",
+      "redirect_document_id": false
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/release-notes-vsix.md",
+      "redirect_url": "/azure/azure-monitor/azure-monitor-app-hub",
+      "redirect_document_id": false
+    },
+	  {
+      "source_path": "articles/azure-monitor/app/app-insights-dashboards.md",
+      "redirect_url": "/azure/azure-monitor/app/overview-dashboard",
+      "redirect_document_id": false
+    }    
   ]
 }
@@ -171,16 +171,65 @@ Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-
 If your users were enabled using per-user enabled and enforced Azure Multi-Factor Authentication the following PowerShell can assist you in making the conversion to Conditional Access based Azure Multi-Factor Authentication.
 
 ```PowerShell
-# Save current StrongAuthenticationMethods
-$Methods= (Get-MsolUser-UserPrincipalName<UPN>).StrongAuthenticationMethods
-  
-# Disable MFA by setting the StrongAuthenticationRequirements to an empty array
-# This will also remove the StrongAuthenticationMethods
-Set-MsolUser-UserPrincipalName<UPN>-StrongAuthenticationRequirements @()
-  
-# Restore the StrongAuthenticationMethods value that was saved
-Set-MsolUser-UserPrincipalName<UPN>-StrongAuthenticationMethods$Methods
-# From here you can create a function on a loop to perform against all users. ( Test first of course.. )  
+# Disable MFA for all users, keeping their MFA methods intact
+Get-MsolUser -All | Disable-MFA -KeepMethods
+
+# Enforce MFA for all users
+Get-MsolUser -All | Set-MfaState -State Enforced
+
+# Wrapper to disable MFA with the option to keep the MFA
+# methods (to avoid having to proof-up again later)
+function Disable-Mfa {
+
+    [CmdletBinding()]
+    param(
+        [Parameter(ValueFromPipeline=$True)]
+        $User,
+        [switch] $KeepMethods
+    )
+
+    Process {
+
+        Write-Verbose ("Disabling MFA for user '{0}'" -f $User.UserPrincipalName)
+        $User | Set-MfaState -State Disabled
+
+        if ($KeepMethods) {
+            # Restore the MFA methods which got cleared when disabling MFA
+            Set-MsolUser -ObjectId $User.ObjectId `
+                         -StrongAuthenticationMethods $User.StrongAuthenticationMethods
+        }
+    }
+}
+
+# Sets the MFA requirement state
+function Set-MfaState {
+
+    [CmdletBinding()]
+    param(
+        [Parameter(ValueFromPipelineByPropertyName=$True)]
+        $ObjectId,
+        [Parameter(ValueFromPipelineByPropertyName=$True)]
+        $UserPrincipalName,
+        [ValidateSet("Disabled","Enabled","Enforced")]
+        $State
+    )
+
+    Process {
+        Write-Verbose ("Setting MFA state for user '{0}' to '{1}'." -f $ObjectId, $State)
+        $Requirements = @()
+        if ($State -ne "Disabled") {
+            $Requirement =
+                [Microsoft.Online.Administration.StrongAuthenticationRequirement]::new()
+            $Requirement.RelyingParty = "*"
+            $Requirement.State = $State
+            $Requirements += $Requirement
+        }
+
+        Set-MsolUser -ObjectId $ObjectId -UserPrincipalName $UserPrincipalName `
+                     -StrongAuthenticationRequirements $Requirements
+    }
+}
+
 ```
 
 ## Plan Conditional Access policies
 
@@ -136,16 +136,65 @@ which can also be shortened to:
 The following PowerShell can assist you in making the conversion to Conditional Access based Azure Multi-Factor Authentication.
 
 ```PowerShell
-# Save current StrongAuthenticationMethods
-$Methods= (Get-MsolUser-UserPrincipalName<UPN>).StrongAuthenticationMethods
-  
-# Disable MFA by setting the StrongAuthenticationRequirements to an empty array
-# This will also remove the StrongAuthenticationMethods
-Set-MsolUser-UserPrincipalName<UPN>-StrongAuthenticationRequirements @()
-  
-# Restore the StrongAuthenticationMethods value that was saved
-Set-MsolUser-UserPrincipalName<UPN>-StrongAuthenticationMethods$Methods
-# From here you can create a function on a loop to perform against all users. ( Test first of course.. )  
+# Disable MFA for all users, keeping their MFA methods intact
+Get-MsolUser -All | Disable-MFA -KeepMethods
+
+# Enforce MFA for all users
+Get-MsolUser -All | Set-MfaState -State Enforced
+
+# Wrapper to disable MFA with the option to keep the MFA
+# methods (to avoid having to proof-up again later)
+function Disable-Mfa {
+
+    [CmdletBinding()]
+    param(
+        [Parameter(ValueFromPipeline=$True)]
+        $User,
+        [switch] $KeepMethods
+    )
+
+    Process {
+
+        Write-Verbose ("Disabling MFA for user '{0}'" -f $User.UserPrincipalName)
+        $User | Set-MfaState -State Disabled
+
+        if ($KeepMethods) {
+            # Restore the MFA methods which got cleared when disabling MFA
+            Set-MsolUser -ObjectId $User.ObjectId `
+                         -StrongAuthenticationMethods $User.StrongAuthenticationMethods
+        }
+    }
+}
+
+# Sets the MFA requirement state
+function Set-MfaState {
+
+    [CmdletBinding()]
+    param(
+        [Parameter(ValueFromPipelineByPropertyName=$True)]
+        $ObjectId,
+        [Parameter(ValueFromPipelineByPropertyName=$True)]
+        $UserPrincipalName,
+        [ValidateSet("Disabled","Enabled","Enforced")]
+        $State
+    )
+
+    Process {
+        Write-Verbose ("Setting MFA state for user '{0}' to '{1}'." -f $ObjectId, $State)
+        $Requirements = @()
+        if ($State -ne "Disabled") {
+            $Requirement =
+                [Microsoft.Online.Administration.StrongAuthenticationRequirement]::new()
+            $Requirement.RelyingParty = "*"
+            $Requirement.State = $State
+            $Requirements += $Requirement
+        }
+
+        Set-MsolUser -ObjectId $ObjectId -UserPrincipalName $UserPrincipalName `
+                     -StrongAuthenticationRequirements $Requirements
+    }
+}
+
 ```
 
 ## Next steps
 
@@ -24,9 +24,7 @@ For customers who provided an address in Europe, Azure AD keeps most of the iden
 
 - All two-factor authentication using phone calls or SMS originate from US datacenters and are also routed by global providers.
 - Push notifications using the Microsoft Authenticator app originate from US datacenters. In addition, device vendor specific services may also come into play and these services maybe outside Europe.
-- OATH codes are always validated in the U.S.
-
-For more information about what user information is collected by Azure Multi-Factor Authentication Server (MFA Server) and cloud-based Azure MFA, see [Azure Multi-Factor Authentication user data collection](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-reporting-datacollection).
+- OATH codes are always validated in the U.S. 
 
 ## Microsoft Azure Active Directory B2C (Azure AD B2C)
 
 
@@ -42,7 +42,7 @@ For more information, see [What is hybrid identity?](whatis-hybrid-identity.md).
 
 ## Next Steps
 
-- [What is hybrid identity?](whatis-phs.md)
+- [What is hybrid identity?](whatis-hybrid-identity.md)
 - [What is Azure AD Connect and Connect Health?](whatis-azure-ad-connect.md)
 - [What is pass-through authentication (PTA)?](how-to-connect-pta.md)
 - [What is federation?](whatis-fed.md)