Update migrate-from-federation-to-cloud-authentication.md

Gargi-Sinha · web-flow · commit 3c3bbf292cf9 · 2023-04-04T07:49:32.000-07:00
diff --git a/articles/active-directory/hybrid/migrate-from-federation-to-cloud-authentication.md b/articles/active-directory/hybrid/migrate-from-federation-to-cloud-authentication.md
@@ -125,7 +125,7 @@ Consider replacing AD FS access control policies with the equivalent Azure AD [C
 
 ### Plan support for MFA
 
-For federated domains, MFA may be enforced by Azure AD Conditional Access or by the on-premises federation provider. You can enable protection to prevent bypassing of Azure MFA by configuring the security setting **federatedIdpMfaBehavior**. Enabling the protection for a federated domain in your Azure AD tenant makes sure that Azure MFA is always performed when a federated user accesses an application that is governed by a Conditional Access policy requiring MFA. This includes performing Azure MFA even when federated identity provider has issued federated token claims that on-prem MFA has been performed. Enforcing Azure MFA every time assures that a bad actor cannot bypass Azure MFA by imitating that MFA has already been performed by the identity provider, and is highly recommended unless you perform MFA for your federated users using a third party MFA provider.
+For federated domains, MFA may be enforced by Azure AD Conditional Access or by the on-premises federation provider. You can enable protection to prevent bypassing of Azure AD Multi-Factor Authentication by configuring the security setting **federatedIdpMfaBehavior**. Enable the protection for a federated domain in your Azure AD tenant. Make sure that Azure AD Multi-Factor Authentication is always performed when a federated user accesses an application that is governed by a Conditional Access policy that requires MFA. This includes performing Azure AD Multi-Factor Authentication even when federated identity provider has issued federated token claims that on-prem MFA has been performed. Enforcing Azure AD Multi-Factor Authentication every time assures that a bad actor cannot bypass Azure AD Multi-Factor Authentication by imitating that MFA has already been performed by the identity provider, and is highly recommended unless you perform MFA for your federated users using a third party MFA provider.
 
 The following table explains the behavior for each option. For more information, see **federatedIdpMfaBehavior**.
 
