Merge pull request #188286 from MicrosoftDocs/main

2/10 PM Publish

Author: huypub

.openpublishing.redirection.active-directory.json

@@ -1,5 +1,25 @@
 {
     "redirections": [
+        {
+          "source_path_from_root": "/articles/active-directory/authentication/cloud-native-certificate-based-authentication-faq.yml",
+          "redirect_url": "/azure/active-directory/authentication/certificate-based-authentication-faq",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/active-directory/authentication/concept-cloud-native-certificate-based-authentication-limitations.md",
+          "redirect_url": "/azure/active-directory/authentication/concept-certificate-based-authentication-limitations",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/active-directory/authentication/concept-cloud-native-certificate-based-authentication-technical-deep-dive.md",
+          "redirect_url": "/azure/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive",
+          "redirect_document_id": false
+        },
+        {
+          "source_path_from_root": "/articles/active-directory/authentication/concept-cloud-native-certificate-based-authentication.md",
+          "redirect_url": "/azure/active-directory/authentication/concept-certificate-based-authentication",
+          "redirect_document_id": false
+        },
         {
           "source_path_from_root": "/articles/active-directory/manage-apps/common-scenarios.md",
           "redirect_url": "/azure/active-directory/manage-apps/what-is-application-management",

articles/active-directory/app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md

@@ -82,7 +82,7 @@ Scoping filters are configured as part of the attribute mappings for each Azure
 
    f. **IS NOT NULL**. Clause returns "true" if the evaluated attribute isn't empty.
 
-   g. **REGEX MATCH**. Clause returns "true" if the evaluated attribute matches a regular expression pattern. For example: ([1-9][0-9]) matches any number between 10 and 99.
+   g. **REGEX MATCH**. Clause returns "true" if the evaluated attribute matches a regular expression pattern. For example: ([1-9][0-9]) matches any number between 10 and 99 (case sensitive).
 
    h. **NOT REGEX MATCH**. Clause returns "true" if the evaluated attribute doesn't match a regular expression pattern.
 

articles/active-directory/authentication/TOC.yml

@@ -72,8 +72,6 @@
       href: concept-password-ban-bad-on-premises.md
   - name: Security information registration
     href: concept-registration-mfa-sspr-combined.md
-  - name: Kerberos authentication (Preview)
-    href: how-to-authentication-kerberos.md
   - name: Resilient access controls
     href: concept-resilient-controls.md
 - name: How-to guides
@@ -186,21 +184,21 @@
     href: howto-password-smart-lockout.md
   - name: Certificate-based authentication
     items:
-    - name: Cloud-native CBA (Preview)
+    - name: Azure AD CBA (Preview)
       items:
       - name: Overview
-        href: concept-cloud-native-certificate-based-authentication.md
-      - name: How cloud-native CBA works
-        href: concept-cloud-native-certificate-based-authentication-technical-deep-dive.md
+        href: concept-certificate-based-authentication.md
+      - name: How Azure AD CBA works
+        href: concept-certificate-based-authentication-technical-deep-dive.md
       - name: Limitations
-        href: concept-cloud-native-certificate-based-authentication-limitations.md
-      - name: Configure cloud-native CBA
+        href: concept-certificate-based-authentication-limitations.md
+      - name: Configure Azure AD CBA
         href: how-to-certificate-based-authentication.md
       - name: FAQ
-        href: cloud-native-certificate-based-authentication-faq.yml
+        href: certificate-based-authentication-faq.yml
       - name: Troubleshoot
-        href: troubleshoot-cloud-native-certificate-based-authentication.md
-    - name: CBA with federation
+        href: troubleshoot-certificate-based-authentication.md
+    - name: Federated CBA with Azure AD
       items:
       - name: Configure CBA with federation
         href: active-directory-certificate-based-authentication-get-started.md

articles/active-directory/authentication/active-directory-certificate-based-authentication-get-started.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/31/2022
+ms.date: 02/10/2022
 
 ms.author: justinha
 author: justinha
@@ -26,7 +26,7 @@ Certificate-based authentication (CBA) with federation enables you to be authent
 Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
 
 >[!NOTE]
->As an alternative, organizations can deploy cloud-native CBA against Azure Active Directory without needing federation. For more information, see [Overview of cloud-native certificate-based authentication against Azure Active Directory](concept-cloud-native-certificate-based-authentication.md).
+>As an alternative, organizations can deploy Azure AD CBA without needing federation. For more information, see [Overview of Azure AD certificate-based authentication against Azure Active Directory](concept-certificate-based-authentication.md).
 
 This topic:
 
@@ -37,7 +37,7 @@ This topic:
 
 To configure CBA with federation, the following statements must be true:
 
-- CBA with federation is only supported for Federated environments for browser applications, native clients using modern authentication (ADAL), or MSAL libraries. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for federated and managed accounts. To configure cloud-native CBA without needing federation, see [How to configure cloud-native certificate-based authentication in Azure Active Directory](how-to-certificate-based-authentication.md).
+- CBA with federation is only supported for Federated environments for browser applications, native clients using modern authentication (ADAL), or MSAL libraries. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for federated and managed accounts. To configure Azure AD CBA without needing federation, see [How to configure Azure AD certificate-based authentication](how-to-certificate-based-authentication.md).
 - The root certificate authority and any intermediate certificate authorities must be configured in Azure Active Directory.
 - Each certificate authority must have a certificate revocation list (CRL) that can be referenced via an internet-facing URL.
 - You must have at least one certificate authority configured in Azure Active Directory. You can find related steps in the [Configure the certificate authorities](#step-2-configure-the-certificate-authorities) section.

articles/active-directory/authentication/cloud-native-certificate-based-authentication-faq.yml renamed to articles/active-directory/authentication/certificate-based-authentication-faq.yml

@@ -1,47 +1,47 @@
 ### YamlMime:FAQ
 metadata:
-  title: Cloud-native certificate-based authentication (CBA) FAQ - Azure Active Directory
-  description: Frequently asked questions and answers related to cloud-native certificate-based authentication (CBA). 
+  title: Azure AD certificate-based authentication (CBA) FAQ - Azure Active Directory
+  description: Frequently asked questions and answers related to Azure AD certificate-based authentication (CBA). 
 
   services: multi-factor-authentication
   ms.service: active-directory
   ms.subservice: authentication
   ms.topic: how-to
   ms.date: 02/09/2022
   ms.author: justinha
-  author: justinha
+  author: vimrang
   manager: karenhoran
-  ms.reviewer: michmcla
+  ms.reviewer: vimrang
   ms.collection: M365-identity-device-management
 
-title: Frequently asked questions about cloud-native certificate-based authentication (CBA)
+title: Frequently asked questions about Azure AD certificate-based authentication (CBA)
 summary: |
-  This article addresses frequently asked questions about how cloud-native certificate-based authentication (CBA) against Azure Active Directory (Azure AD) works. 
+  This article addresses frequently asked questions about how Azure AD certificate-based authentication (CBA) works. 
   Keep checking back for updated content.
 
   >[!NOTE]
-  >Cloud-native certificate-based authentication is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
+  >Azure AD certificate-based authentication is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
 
   
 
 sections:
   - name: General
     questions:
       - question: |
-          How do I enable cloud-native CBA?
+          How do I enable Azure AD CBA?
         answer: |
           1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator.
           1. Click **Azure Active Directory** > **Security** > **Authentication methods** > **Certificate-based Authentication** > **Basics**, click **On** to enable certificate-based authentication.
 
       - question: |
-          Is cloud-native CBA a free feature?
+          Is Azure AD CBA a free feature?
         answer: |
           Certificate-based authentication is a free feature. 
-          Every edition of Azure AD includes cloud-native CBA.
+          Every edition of Azure AD includes Azure AD CBA.
           For more information about features in each Azure AD edition, see [Azure AD pricing](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).
 
       - question: |
-          Does cloud-native CBA support Alternate ID as the username instead of userPrincipalName?
+          Does Azure AD CBA support Alternate ID as the username instead of userPrincipalName?
         answer: |
           No, sign-in using a non-UPN value, such as an alternate email, isn't supported now.
           
@@ -58,7 +58,7 @@ sections:
       - question: |
           How do I turn certificate revocation checking on or off for a particular CA?
         answer: |
-          We highly recommend not to disable certificate revocation list (CRL) checking as you will not be able to revoke certificates. 
+          We highly recommend not to disable certificate revocation list (CRL) checking as you won't be able to revoke certificates. 
           However, to disable CRL checking if there are issues with CRL for a particular CA, you can update a trusted certificate authority and set the crlDistributionPoint attribute to """.
           
           Use the [Set-AzureADTrustedCertificateAuthority](https://docs.microsoft.com/powershell/module/azuread/set-azureadtrustedcertificateauthority) cmdlet:
@@ -74,10 +74,10 @@ sections:
         answer: |
           Today as part of the public preview CRL sizes are limited as follows:
           
-          - 20MB in commercial (Microsoft 365, GCC)
-          - 45MB in US Government (GCC High, Dept. of Defense)
+          - 20 MB in commercial (Microsoft 365, GCC)
+          - 45 MB in US Government (GCC High, Dept. of Defense)
 
-          We are reviewing the impact of these limits during public preview.
+          We're reviewing the impact of these limits during public preview.
 
       - question: |
           Will the changes to authentication policy change take effect immediately?
@@ -87,15 +87,15 @@ sections:
       - question: |
           How do I instantly revoke a certificate?
         answer: |
-          Please follow the steps to [manually revoke a certificate](active-directory-certificate-based-authentication-get-started.md#step-3-configure-revocation). 
+          Follow the steps to [manually revoke a certificate](active-directory-certificate-based-authentication-get-started.md#step-3-configure-revocation). 
           
 additionalContent: |
   ## Next steps
     If your question isn't answered here, the following support options are available:
           
-    * [Overview of cloud-native CBA](concept-cloud-native-certificate-based-authentication.md)
-    * [Technical deep dive for cloud-native CBA](concept-cloud-native-certificate-based-authentication-technical-deep-dive.md)
-    * [Limitations with cloud-native CBA](concept-cloud-native-certificate-based-authentication-limitations.md)
-    * [How to configure cloud-native CBA](how-to-certificate-based-authentication.md)
-    * [Troubleshoot cloud-native CBA](troubleshoot-cloud-native-certificate-based-authentication.md)
+    * [Overview of Azure AD CBA](concept-certificate-based-authentication.md)
+    * [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)
+    * [Limitations with Azure AD CBA](concept-certificate-based-authentication-limitations.md)
+    * [How to configure Azure AD CBA](how-to-certificate-based-authentication.md)
+    * [Troubleshoot Azure AD CBA](troubleshoot-certificate-based-authentication.md)
 

articles/active-directory/authentication/concept-authentication-passwordless.md

@@ -112,6 +112,7 @@ The following providers offer FIDO2 security keys of different form factors that
 | Provider                  |     Biometric     | USB | NFC | BLE | FIPS Certified | Contact                                                                                             |
 |---------------------------|:-----------------:|:---:|:---:|:---:|:--------------:|-----------------------------------------------------------------------------------------------------|
 | AuthenTrend               | ![y]              | ![y]| ![y]| ![y]| ![n]           | https://authentrend.com/about-us/#pg-35-3                                                           |
+| Ciright                   | ![n]              | ![n]| ![y]| ![n]| ![n]           | https://www.cyberonecard.com/                                                                       |
 | Ensurity                  | ![y]              | ![y]| ![n]| ![n]| ![n]           | https://www.ensurity.com/contact                                                                    |
 | Excelsecu                 | ![y]              | ![y]| ![y]| ![y]| ![n]           | https://www.excelsecu.com/productdetail/esecufido2secu.html                                         |
 | Feitian                   | ![y]              | ![y]| ![y]| ![y]| ![y]           | https://shop.ftsafe.us/pages/microsoft                                                              |

articles/active-directory/authentication/concept-cloud-native-certificate-based-authentication-limitations.md renamed to articles/active-directory/authentication/concept-certificate-based-authentication-limitations.md

@@ -1,34 +1,34 @@
 ---
-title: Limitations with cloud native certificate-based authentication without federation - Azure Active Directory
-description: Learn supported and unsupported scenarios for cloud native certificate-based authentication in Azure Active Directory
+title: Limitations with Azure AD certificate-based authentication without federation - Azure Active Directory
+description: Learn supported and unsupported scenarios for Azure AD certificate-based authentication
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 02/08/2022
+ms.date: 02/09/2022
 
 ms.author: justinha
-author: justinha
+author: vimrang
 manager: daveba
-ms.reviewer: tommma
+ms.reviewer: vimrang
 
 ms.collection: M365-identity-device-management
 ms.custom: has-adal-ref
 ---
-# Limitations with cloud native certificate-based authentication in Azure Active Directory
+# Limitations with Azure AD certificate-based authentication 
 
-This topic covers supported and unsupported scenarios for cloud native certificate-based authentication in Azure Active Directory.
+This topic covers supported and unsupported scenarios for Azure Active Directory (Azure AD) certificate-based authentication.
 
 >[!NOTE]
->Cloud-native certificate-based authentication is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
+>Azure AD certificate-based authentication is currently in public preview. Some features might not be supported or have limited capabilities. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). 
 
 ## Supported scenarios
 
 The following scenarios are supported:
 
 - User sign-ins to web browser-based applications on all platforms.
-- User sign-ins on mobile Native browsers.
+- User sign-ins on mobile native browsers.
 - Support for granular authentication rules for multifactor authentication by using the certificate issuer **Subject** and **policy OIDs**.
 - Configuring certificate-to-user account bindings by using the certificate Subject Alternate Name (SAN) principal name and SAN RFC822 name.
 
@@ -37,7 +37,7 @@ The following scenarios are supported:
 The following scenarios aren't supported:
 
 - Public Key Infrastructure for creating client certificates. Customers need to configure their own Public Key Infrastructure (PKI) and provision certificates to their users and devices. 
-- Certificate Authority hints are not supported so the list of certificates that appears for users in the UI isn't scoped.
+- Certificate Authority hints aren't supported, so the list of certificates that appears for users in the UI isn't scoped.
 - Windows login using smart cards on Windows devices.
 - Only one Certificate Distribution Point for a trusted CA is supported.
 - The Certificate Distribution Point can be only HTTP URLs. We don't support Online Certificate Status Protocol (OSCP), or Lightweight Directory Access Protocol (LDAP) URLs.
@@ -46,9 +46,9 @@ The following scenarios aren't supported:
 
 ## Next steps
 
-- [Overview of cloud native CBA](concept-cloud-native-certificate-based-authentication.md)
-- [Technical deep dive for cloud-native CBA](concept-cloud-native-certificate-based-authentication-technical-deep-dive.md)   
-- [How to configure cloud native CBA](how-to-certificate-based-authentication.md)
-- [FAQ](cloud-native-certificate-based-authentication-faq.yml)
-- [Troubleshoot cloud native CBA](troubleshoot-cloud-native-certificate-based-authentication.md)
+- [Overview of Azure AD CBA](concept-certificate-based-authentication.md)
+- [Technical deep dive for Azure AD CBA](concept-certificate-based-authentication-technical-deep-dive.md)   
+- [How to configure Azure AD CBA](how-to-certificate-based-authentication.md)
+- [FAQ](certificate-based-authentication-faq.yml)
+- [Troubleshoot AZure AD CBA](troubleshoot-certificate-based-authentication.md)