Merge pull request #251307 from MicrosoftDocs/main

9/13/2023 AM Publish

Author: Taojunshen

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 09/06/2023
+ms.date: 09/13/2023
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/app-provisioning/inbound-provisioning-api-issues.md

@@ -40,10 +40,13 @@ This document covers commonly encountered errors and issues with inbound provisi
 
 **Probable causes**
 1. Your API-driven provisioning app is paused. 
-1. The provisioning service is yet to update the provisioning logs with the bulk request processing details. 
+1. The provisioning service is yet to update the provisioning logs with the bulk request processing details.
+2. Your On-premises provisioning agent status is inactive (If you are running the [/API-driven inbound user provisioning to on-premises Active Directory](https://go.microsoft.com/fwlink/?linkid=2245182)).
+
 
 **Resolution:**
 1. Verify that your provisioning app is running. If it isn't running, select the menu option **Start provisioning** to process the data.
+2. Turn your On-premises provisioning agent status to active by restarting the On-premise agent.
 1. Expect 5 to 10-minute delay between processing the request and writing to the provisioning logs. If your API client is sending data to the provisioning /bulkUpload API endpoint, then introduce a time delay between the request invocation and provisioning logs query. 
 
 ### Forbidden 403 response code 

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -79,17 +79,17 @@ Azure AD CBA is an MFA (Multi factor authentication) capable method, that is Azu
 If CBA enabled user only has a Single Factor (SF) certificate and need MFA
    1. Use Password + SF certificate.
    1. Issue Temporary Access Pass (TAP)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user.
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user.
 
 If CBA enabled user has not yet been issued a certificate and need MFA
    1. Issue Temporary Access Pass (TAP)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user.
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user.
 
 If CBA enabled user cannot use MF cert (such as on mobile device without smart card support) and need MFA
    1. Issue Temporary Access Pass (TAP)
    1. User Register another MFA method (when user can use MF cert)
    1. Use Password + MF cert (when user can use MF cert)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user
 
 
 ## MFA with Single-factor certificate-based authentication

articles/active-directory/authentication/concept-certificate-based-authentication.md

@@ -51,7 +51,7 @@ The following images show how Azure AD CBA simplifies the customer environment b
 The following scenarios are supported:
 
 - User sign-ins to web browser-based applications on all platforms.
-- User sign-ins to Office mobile apps, including Outlook, OneDrive, and so on.
+- User sign-ins to Office mobile apps on iOS/Android platforms as well as Office native apps in Windows, including Outlook, OneDrive, and so on.
 - User sign-ins on mobile native browsers.
 - Support for granular authentication rules for multifactor authentication by using the certificate issuer **Subject** and **policy OIDs**.
 - Configuring certificate-to-user account bindings by using any of the certificate fields:

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -44,7 +44,7 @@ The following table provides a list of the features that are available in the va
 | Protect Azure AD tenant admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● | ● |
 | Mobile app as a second factor | ● | ● | ● | ● | ● |
 | Phone call as a second factor | | | ● | ● | ● |
-| SMS as a second factor | | ● | ● | ● | ● |
+| Text message as a second factor | | ● | ● | ● | ● |
 | Admin control over verification methods | | ● | ● | ● | ● |
 | Fraud alert | | | | ● | ● |
 | MFA Reports | | | | ● | ● |
@@ -70,7 +70,7 @@ Our recommended approach to enforce MFA is using [Conditional Access](../conditi
 | Configuration flexibility | | ● |  |
 | **Functionality** | 
 | Exempt users from the policy | | ● | ● |
-| Authenticate by phone call or SMS | ● | ● | ● |
+| Authenticate by phone call or text message | ● | ● | ● |
 | Authenticate by Microsoft Authenticator and Software tokens | ● | ● | ● |
 | Authenticate by FIDO2, Windows Hello for Business, and Hardware tokens | | ● | ● |
 | Blocks legacy authentication protocols | ● | ● | ● |

articles/active-directory/authentication/concept-mfa-regional-opt-in.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/11/2023
+ms.date: 09/12/2023
 
 author: aloom3
 ms.author: justinha
@@ -24,12 +24,12 @@ As a protection for our customers, Microsoft doesn't automatically support telep
 
 In today's digital world, telecommunication services have become ingrained into our lives. But advancements come with a risk of fraudulent activities. International Revenue Share Fraud (IRSF) is a threat with severe financial implications that also makes using services more difficult. Let's look at IRSF fraud more in-depth.  
 
-IRSF is a type of telephony fraud where criminals exploit the billing system of telecommunication services providers to make profit for themselves. Bad actors gain unauthorized access to a telecommunication network and divert traffic to those networks to skim profit for every transaction that is sent to that network. To divert traffic, bad actors steal existing usernames and passwords, create new usernames and passwords, or try a host of other things to send SMS messages and voice calls through their telecommunication network. Bad actors take advantage of multifactor authentication screens, which require an SMS or voice call before a user can access their account. This activity causes exorbitant charges and makes services unreliable for our customers, causing downtime, and system errors.  
+IRSF is a type of telephony fraud where criminals exploit the billing system of telecommunication services providers to make profit for themselves. Bad actors gain unauthorized access to a telecommunication network and divert traffic to those networks to skim profit for every transaction that is sent to that network. To divert traffic, bad actors steal existing usernames and passwords, create new usernames and passwords, or try a host of other things to send text message messages and voice calls through their telecommunication network. Bad actors take advantage of multifactor authentication screens, which require a text message or voice call before a user can access their account. This activity causes exorbitant charges and makes services unreliable for our customers, causing downtime, and system errors.  
 
 Here's how an IRSF attack may happen:  
 
 1. A bad actor first gets premium rate phone numbers and registers them.  
-1. A bad actor uses automated scripts to request voice calls or SMS messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services. The bad actor skims some of the profits of the increased traffic.  
+1. A bad actor uses automated scripts to request voice calls or text messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services. The bad actor skims some of the profits of the increased traffic.  
 1. A bad actor will hop around different region codes to continue to drive traffic and make it hard for them to get caught.  
 
 The most common way to conduct IRSF is through an end-user experience that requires a two-factor authentication code. Bad actors add those premium rate phone numbers and pump traffic to them by requesting two-factor authentication codes. This activity results in revenue-skimming, and can lead to billions of dollars in loss.  
@@ -46,7 +46,7 @@ For SMS verification, the following region codes require an opt-in.
 | 998         |  Uzbek                                         |
 
 ## Voice verification
-For Voice verification, the following region codes require an opt-in.
+For voice verification, the following region codes require an opt-in.
 
 | Region Code | Region Name                                    |
 |:----------- |:---------------------------------------------- |