Merge pull request #1 from MicrosoftDocs/master

Syncing with Base master

Author: v-hearya

articles/active-directory/develop/msal-android-shared-devices.md

@@ -1,7 +1,7 @@
 ---
 title: Shared device mode for Android devices
 titleSuffix: Microsoft identity platform | Azure
-description: Learn how to enable shared device mode to allow Frontline Workers to share an Android device
+description: Learn how to enable shared device mode to allow frontline workers to share an Android device
 services: active-directory
 author: mmacy
 manager: CelesteDG
@@ -18,7 +18,7 @@ ms.custom: aaddev, identitypla | Azuretformtop40
 
 # Shared device mode for Android devices
 
-Frontline Workers such as retail associates, flight crew members, and field service workers often use a shared mobile device to do their work. That becomes problematic when they start sharing passwords or pin numbers to access customer and business data on the shared device.
+Frontline workers such as retail associates, flight crew members, and field service workers often use a shared mobile device to do their work. That becomes problematic when they start sharing passwords or pin numbers to access customer and business data on the shared device.
 
 Shared device mode allows you to configure an Android device so that it can be easily shared by multiple employees. Employees can sign in and access customer information quickly. When they are finished with their shift or task, they can sign out of the device and it will be immediately ready for the next employee to use.
 

articles/active-directory/develop/msal-ios-shared-devices.md

@@ -1,7 +1,7 @@
 ---
 title: Shared device mode for iOS devices
 titleSuffix: Microsoft identity platform | Azure
-description: Learn how to enable shared device mode to allow Frontline Workers to share an iOS device
+description: Learn how to enable shared device mode to allow frontline workers to share an iOS device
 services: active-directory
 author: brandwe
 manager: CelesteDG
@@ -21,7 +21,7 @@ ms.custom: aaddev
 >[!IMPORTANT]
 > This feature [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]
 
-Frontline Workers such as retail associates, flight crew members, and field service workers often use a shared mobile device to perform their work. These shared devices can present security risks if your users share their passwords or PINs, intentionally or not, to access customer and business data on the shared device.
+Frontline workers such as retail associates, flight crew members, and field service workers often use a shared mobile device to perform their work. These shared devices can present security risks if your users share their passwords or PINs, intentionally or not, to access customer and business data on the shared device.
 
 Shared device mode allows you to configure an iOS 13 or higher device to be more easily and securely shared by employees. Employees can sign in and access customer information quickly. When they're finished with their shift or task, they can sign out of the device and it's immediately ready for use by the next employee.
 
@@ -91,7 +91,7 @@ On a user change, you should ensure both the previous user's data is cleared and
 
 ### Detect shared device mode
 
-Detecting shared device mode is important for your application. Many applications will require a change in their user experience (UX) when the application is used on a shared device. For example, your application might have a "Sign-Up" feature, which isn't appropriate for a Frontline Worker because they likely already have an account. You may also want to add extra security to your application's handling of data if it's in shared device mode.
+Detecting shared device mode is important for your application. Many applications will require a change in their user experience (UX) when the application is used on a shared device. For example, your application might have a "Sign-Up" feature, which isn't appropriate for a frontline worker because they likely already have an account. You may also want to add extra security to your application's handling of data if it's in shared device mode.
 
 Use the `getDeviceInformationWithParameters:completionBlock:` API in the `MSALPublicClientApplication` to determine if an app is running on a device in shared device mode.
 
@@ -226,6 +226,6 @@ signoutParameters.signoutFromBrowser = YES; // Only needed for Public Preview.
 
 ## Next steps
 
-To see shared device mode in action, the following code sample on GitHub includes an example of running a Frontline Worker app on an iOS device in shared device mode:
+To see shared device mode in action, the following code sample on GitHub includes an example of running a frontline worker app on an iOS device in shared device mode:
 
 [MSAL iOS Swift Microsoft Graph API Sample](https://github.com/Azure-Samples/ms-identity-mobile-apple-swift-objc)

articles/active-directory/develop/msal-shared-devices.md

@@ -1,7 +1,7 @@
 ---
 title: Shared device mode overview
 titleSuffix: Microsoft identity platform | Azure
-description: Learn about shared device mode to enable device sharing for your Frontline Workers.
+description: Learn about shared device mode to enable device sharing for your frontline workers.
 services: active-directory
 author: brandwe
 manager: CelesteDG
@@ -18,18 +18,18 @@ ms.custom: aaddev
 
 # Overview of shared device mode
 
-Shared device mode is a feature of Azure Active Directory that allows you to build applications that support Frontline Workers and enable shared device mode on the devices deployed to them.
+Shared device mode is a feature of Azure Active Directory that allows you to build applications that support frontline workers and enable shared device mode on the devices deployed to them.
 
 >[!IMPORTANT]
 > Shared device mode for iOS [!INCLUDE [PREVIEW BOILERPLATE](../../../includes/active-directory-develop-preview.md)]
 
-## What are Frontline Workers?
+## What are frontline workers?
 
-Frontline Workers are retail employees, maintenance and field agents, medical personnel, and other users that don't sit in front of a computer or use corporate email for collaboration. The following sections introduce the aspects and challenges of supporting Frontline Workers, followed by an introduction to the features provided by Microsoft that enable your application for use by an organization's Frontline Workers.
+Frontline workers are retail employees, maintenance and field agents, medical personnel, and other users that don't sit in front of a computer or use corporate email for collaboration. The following sections introduce the aspects and challenges of supporting frontline workers, followed by an introduction to the features provided by Microsoft that enable your application for use by an organization's frontline workers.
 
-### Challenges of supporting Frontline Workers
+### Challenges of supporting frontline workers
 
-Enabling Frontline Worker workflows includes challenges not usually presented by typical information workers. Such challenges can include high turnover rate and less familiarity with an organization's core productivity tools. To empower their Frontline Workers, organizations are adopting different strategies. Some are adopting a bring-your-own-device (BYOD) strategy in which their employees use business apps on their personal phone, while others provide their employees with shared devices like iPads or Android tablets.
+Enabling frontline worker workflows includes challenges not usually presented by typical information workers. Such challenges can include high turnover rate and less familiarity with an organization's core productivity tools. To empower their frontline workers, organizations are adopting different strategies. Some are adopting a bring-your-own-device (BYOD) strategy in which their employees use business apps on their personal phone, while others provide their employees with shared devices like iPads or Android tablets.
 
 ### Supporting multiple users on devices designed for one user
 
@@ -45,12 +45,12 @@ Azure Active Directory enables these scenarios with a feature called **shared de
 
 As mentioned, shared device mode is a feature of Azure Active Directory that enables you to:
 
-* Build applications that support Frontline Workers
-* Deploy devices to Frontline Workers and turn on shared device mode
+* Build applications that support frontline workers
+* Deploy devices to frontline workers and turn on shared device mode
 
-### Build applications that support Frontline Workers
+### Build applications that support frontline workers
 
-You can support Frontline Workers in your applications by using the Microsoft Authentication Library (MSAL) and [Microsoft Authenticator app](../user-help/user-help-auth-app-overview.md) to enable a device state called *shared device mode*. When a device is in shared device mode, Microsoft provides your application with information to allow it to modify its behavior based on the state of the user on the device, protecting user data.
+You can support frontline workers in your applications by using the Microsoft Authentication Library (MSAL) and [Microsoft Authenticator app](../user-help/user-help-auth-app-overview.md) to enable a device state called *shared device mode*. When a device is in shared device mode, Microsoft provides your application with information to allow it to modify its behavior based on the state of the user on the device, protecting user data.
 
 Supported features are:
 
@@ -65,15 +65,15 @@ Your users depend on you to ensure their data isn't leaked to another user. Shar
 
 For details on how to modify your applications to support shared device mode, see the [Next steps](#next-steps) section at the end of this article.
 
-### Deploy devices to Frontline Workers and turn on shared device mode
+### Deploy devices to frontline workers and turn on shared device mode
 
-Once your applications support shared device mode and include the required data and security changes, you can advertise them as being usable by Frontline Workers.
+Once your applications support shared device mode and include the required data and security changes, you can advertise them as being usable by frontline workers.
 
 An organization's device administrators are able to deploy their devices and your applications to their stores and workplaces through a mobile device management (MDM) solution like Microsoft Intune. Part of the provisioning process is marking the device as a *Shared Device*. Administrators configure shared device mode by deploying the [Microsoft Authenticator app](../user-help/user-help-auth-app-overview.md) and setting shared device mode through configuration parameters. After performing these steps, all applications that support shared device mode will use the Microsoft Authenticator application to manage its user state and provide security features for the device and organization.
 
 ## Next steps
 
-We support iOS and Android platforms for shared device mode. Review the documentation below for your platform to begin supporting Frontline Workers in your applications.
+We support iOS and Android platforms for shared device mode. Review the documentation below for your platform to begin supporting frontline workers in your applications.
 
 * [Supporting shared device mode for iOS](msal-ios-shared-devices.md)
 * [Supporting shared device mode for Android](msal-android-shared-devices.md)

articles/active-directory/fundamentals/service-accounts-principal.md

@@ -93,6 +93,7 @@ For more information see [Get-AzureADServicePrincipal](/powershell/module/azurea
 To assess the security of your service principals, ensure you evaluate privileges and credential storage.
 
 Mitigate potential challenges using the following information.
+
 |Challenges | Mitigations|
 | - | - |
 | Detect the user that consented to a multi-tenant app​, and detect illicit consent grants to a multi-tenant app | Run the following PowerShell to find multi-tenant apps.<br>`Get-AzureADServicePrincipal -All:$true ? {$_.Tags -eq WindowsAzureActiveDirectoryIntegratedApp"}`<br>Disable user consent. ​<br>Allow user consent from verified publishers, for selected permissions (recommended) <br> Use conditional access to block service principals from untrusted locations. Configure them under the user context, and their tokens should be used to trigger the service principal.|
@@ -122,4 +123,4 @@ When using Microsoft Graph, check the documentation of the specific API, [like i
 
 [Governing Azure service accounts](service-accounts-governing-azure.md)
 
-[Introduction to on-premises service accounts](service-accounts-on-premises.md)
+[Introduction to on-premises service accounts](service-accounts-on-premises.md)

articles/active-directory/fundamentals/whats-new.md

@@ -266,20 +266,20 @@ Customers can work around this requirement for testing purposes by using a featu
 
 ---
 
-### Public Preview - Customize and configure Android shared devices for Frontline Workers at scale
+### Public Preview - Customize and configure Android shared devices for frontline workers at scale
 
 **Type:** New feature  
 **Service category:** Device Registration and Management  
 **Product capability:** Identity Security & Protection
 
-Azure AD and Microsoft Endpoint Manager teams have combined to bring the capability to customize, scale, and secure your Frontline Worker devices.
+Azure AD and Microsoft Endpoint Manager teams have combined to bring the capability to customize, scale, and secure your frontline worker devices.
 
 The following preview capabilities will allow you to:
 - Provision Android shared devices at scale with Microsoft Endpoint Manager
 - Secure your access for shift workers using device-based conditional access
 - Customize sign-in experiences for the shift workers with Managed Home Screen
 
-To learn more, refer to [Customize and configure shared devices for Frontline Workers at scale](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-and-configure-shared-devices-for-firstline-workers-at/ba-p/1751708).
+To learn more, refer to [Customize and configure shared devices for frontline workers at scale](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/customize-and-configure-shared-devices-for-firstline-workers-at/ba-p/1751708).
 
 ---
 

articles/active-directory/hybrid/TOC.yml

@@ -244,6 +244,8 @@
       href: how-to-connect-fed-saml-idp.md
     - name: Post configuration tasks for Hybrid Azure AD join
       href: how-to-connect-fed-hybrid-azure-ad-join-post-config-tasks.md
+    - name: Emergency rotation of AD FS certificates
+      href: how-to-connect-emergency-ad-fs-certificate-rotation.md
   - name: Manage single sign-on 
     items: