Feedback update

davidbel · davidbel · commit 628af375d9fc · 2022-08-23T12:28:17.000-07:00
diff --git a/articles/virtual-desktop/authentication.md b/articles/virtual-desktop/authentication.md
@@ -61,23 +61,23 @@ To use a smart card to authenticate to Azure AD, you must first [configure AD FS
 
 ## Session host authentication
 
-If you haven't already enabled [single sign-on](#single-sign-on-sso) or saved your credentials locally, you'll also need to authenticate to the session host when launching a connection. The sign-in methods for the session host that the Azure Virtual Desktop clients currently support are:
+If you haven't already enabled [single sign-on](#single-sign-on-sso) or saved your credentials locally, you'll also need to authenticate to the session host when launching a connection. The following list describes which types of authentication each Azure Virtual Desktop client currently supports.
 
 - The Windows Desktop client supports the following authentication methods:
     - Username and password
     - Smart card
     - [Windows Hello for Business certificate trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust)
     - [Windows Hello for Business key trust with certificates](/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs)
     - [Azure AD authentication](configure-single-sign-on.md)
-- The Windows Store client supports the following authentication methods:
+- The Windows Store client supports the following authentication method:
     - Username and password
-- The Web client supports the following authentication methods:
+- The web client supports the following authentication method:
     - Username and password
-- The Android supports the following authentication methods:
+- The Android client supports the following authentication method:
     - Username and password
-- The iOS supports the following authentication methods:
+- The iOS client supports the following authentication method:
     - Username and password
-- The macOS supports the following authentication methods:
+- The macOS client supports the following authentication method:
     - Username and password
 
 >[!IMPORTANT]
@@ -89,7 +89,7 @@ SSO allows the connection to skip the session host credential prompt and automat
 
 Azure Virtual Desktop also supports [SSO using Active Directory Federation Services (AD FS)](configure-adfs-sso.md) for the Windows Desktop and web clients.
 
-Without SSO, users will be prompted for the session host credentials for every connection. The only way to avoid being prompted is to save the credentials in the client. We recommend you only save credentials on secure devices to prevent other users from accessing your resources.
+Without SSO, the client will prompt users for their session host credentials for every connection. The only way to avoid being prompted is to save the credentials in the client. We recommend you only save credentials on secure devices to prevent other users from accessing your resources.
 
 ### Smart card and Windows Hello for Business
 
@@ -99,14 +99,14 @@ Azure Virtual Desktop supports both NT LAN Manager (NTLM) and Kerberos for sessi
 
 Once you're connected to your remote app or desktop, you may be prompted for authentication inside the session. This section explains how to use credentials other than username and password in this scenario.
 
-### In-session passwordless authentication
+### In-session passwordless authentication (preview)
 
 > [!IMPORTANT]
 > In-session passwordless authentication is currently in public preview.
 > This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-Azure Virtual Desktop supports in-session passwordless authentication using [Windows Hello for Business](/security/identity-protection/hello-for-business/hello-overview) or security devices like FIDO keys. Passwordless authentication is currently only available when using an Insider version of Windows. When deploying new session hosts, choose one of the following images:
+Azure Virtual Desktop supports in-session passwordless authentication (preview) using [Windows Hello for Business](/security/identity-protection/hello-for-business/hello-overview) or security devices like FIDO keys. Passwordless authentication is currently only available for certain versions of Windows Insider. When deploying new session hosts, choose one of the following images:
 
 - Windows 11 version 22H2 Enterprise, (Preview) - X64 Gen 2.
 - Windows 11 version 22H2 Enterprise multi-session, (Preview) - X64 Gen2.
@@ -115,7 +115,7 @@ Passwordless authentication is enabled by default when the local PC and session
 
 When enabled, all WebAuthn requests in the session are redirected to the local PC. You can use Windows Hello for Business or locally attached security devices to complete the authentication process.
 
-To access Azure AD resources with Windows Hello for Business or security devices, the FIDO2 Security Key method must be enabled as an authentication method for users. Follow the steps to [Enable FIDO2 security key method](../active-directory/authentication/howto-authentication-passwordless-security-key.md#enable-fido2-security-key-method).
+To access Azure AD resources with Windows Hello for Business or security devices, you must enable the FIDO2 Security Key as an authentication method for your users. To enable this method, follow the steps in [Enable FIDO2 security key method](../active-directory/authentication/howto-authentication-passwordless-security-key.md#enable-fido2-security-key-method).
 
 ### In-session smart card authentication
 
@@ -124,6 +124,6 @@ To use a smart card in your session, make sure you've installed the smart card d
 ## Next steps
 
 - Curious about other ways to keep your deployment secure? Check out [Security best practices](security-guide.md).
-- Having issues connecting to Azure AD-joined VMs? [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md).
-- Having issues with in-session passwordless authentication? [Troubleshoot WebAuthn redirection](troubleshoot-device-redirections.md#webauthn-redirection).
+- Having issues connecting to Azure AD-joined VMs? Look at [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md).
+- Having issues with in-session passwordless authentication? See [Troubleshoot WebAuthn redirection](troubleshoot-device-redirections.md#webauthn-redirection).
 - Want to use smart cards from outside your corporate network? Review how to set up a [KDC Proxy server](key-distribution-center-proxy.md).
diff --git a/articles/virtual-desktop/configure-device-redirections.md b/articles/virtual-desktop/configure-device-redirections.md
@@ -9,11 +9,11 @@ manager: femila
 ---
 # Configure device redirection
 
-Configuring device redirection for your Azure Virtual Desktop environment allows you to use printers, USB devices, microphones and other peripheral devices in the remote session. Some device redirections require changes to both Remote Desktop Protocol (RDP) properties and Group Policy settings.
+Configuring device redirection for your Azure Virtual Desktop environment allows you to use printers, USB devices, microphones, and other peripheral devices in the remote session. Some device redirections require changes to both Remote Desktop Protocol (RDP) properties and Group Policy settings.
 
 ## Supported device redirection
 
-Each client supports different device redirection. Check out [Compare the clients](/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare) for the full list of supported device redirection for each client.
+Each client supports different kinds of device redirections. Check out [Compare the clients](/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare) for the full list of supported device redirections for each client.
 
 >[!IMPORTANT]
 >You can only enable redirections with binary settings that apply to both to and from the remote machine. The service doesn't currently support one-way blocking of redirections from only one side of the connection.
@@ -133,4 +133,4 @@ Set the following RDP property to configure WebAuthn redirection:
 - `redirectwebauthn:i:1` enables WebAuthn redirection.
 - `redirectwebauthn:i:0` disables WebAuthn redirection.
 
-When enabled, WebAuthn requests from the session are sent to the local PC to be completed using the local Windows Hello for Business or security devices like FIDO keys. Learn more about [in-session passwordless authentication](authentication.md#in-session-passwordless-authentication).
+When enabled, WebAuthn requests from the session are sent to the local PC to be completed using the local Windows Hello for Business or security devices like FIDO keys. For more information, see [In-session passwordless authentication](authentication.md#in-session-passwordless-authentication-preview).
diff --git a/articles/virtual-desktop/configure-single-sign-on.md b/articles/virtual-desktop/configure-single-sign-on.md
@@ -17,19 +17,19 @@ ms.author: helohr
 > This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-This article will walk you through the process of configuring single sign-on (SSO) using Azure AD authentication for Azure Virtual Desktop. When SSO is enabled, you can use passwordless authentication and third-party Identity Providers that federate with Azure AD to sign in to your resources.
+This article will walk you through the process of configuring single sign-on (SSO) using Azure AD authentication for Azure Virtual Desktop (preview). When you enable SSO, you can use passwordless authentication and third-party Identity Providers that federate with Azure AD to sign in to your resources.
 
 > [!NOTE]
 > Azure Virtual Desktop (classic) doesn't support this feature.
 
 ## Prerequisites
 
-Single sign-on is currently only available when using an Insider version of Windows. When deploying new session hosts, choose one of the following images:
+Single sign-on is currently only available for certain versions of Windows Insider. When deploying new session hosts, you must choose one of the following images:
 
   - Windows 11 version 22H2 Enterprise, (Preview) - X64 Gen 2.
   - Windows 11 version 22H2 Enterprise multi-session, (Preview) - X64 Gen2.
 
-Single sign-on can be enabled for connections to Azure AD-joined VMs. SSO can also be used to access Hybrid Azure AD-joined VMs, but only after creating a Kerberos Server object. This solution isn't supported with VMs joined to Azure AD Domain Services.
+You can enable SSO for connections to Azure Active Directory (AD)-joined VMs. You can also use SSO to access Hybrid Azure AD-joined VMs, but only after creating a Kerberos Server object. Azure Virtual Desktop doesn't support this solution with VMs joined to Azure AD Domain Services.
 
 > [!NOTE]
 > Hybrid Azure AD-joined Windows Server 2019 VMs don't support SSO.
@@ -40,7 +40,7 @@ SSO is currently supported in the Azure Public cloud.
 
 ## Enable single sign-on
 
-If your host pool contains Hybrid Azure AD-joined session hosts, you must first enable Azure AD Kerberos in your environment by creating a Kerberos Server object. Azure AD Kerberos enables the authentication needed with the domain controller. We recommended you also enable Azure AD Kerberos for Azure AD-joined session hosts if you have a Domain Controller (DC). Azure AD Kerberos provides a single sign-on experience when accessing legacy kerberos based applications or network shares. To enable Azure AD Kerberos in your environment, follow the steps to [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object) on your DC.
+If your host pool contains Hybrid Azure AD-joined session hosts, you must first enable Azure AD Kerberos in your environment by creating a Kerberos Server object. Azure AD Kerberos enables the authentication needed with the domain controller. We recommended you also enable Azure AD Kerberos for Azure AD-joined session hosts if you have a Domain Controller (DC). Azure AD Kerberos provides a single sign-on experience when accessing legacy Kerberos-based applications or network shares. To enable Azure AD Kerberos in your environment, follow the steps to [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object) on your DC.
 
 To enable SSO on your host pool, you must [customize an RDP property](customize-rdp-properties.md). You can find the **Azure AD Authentication** property under the **Connection information** tab in the Azure portal or set the **enablerdsaadauth:i:1** property using PowerShell.
 
@@ -49,10 +49,10 @@ To enable SSO on your host pool, you must [customize an RDP property](customize-
 
 ### Allow remote desktop connection dialog
 
-When enabling single sign-on, you'll currently be prompted to authenticate to Azure AD and allow the remote desktop connection when launching a connection to a new host. Azure AD remembers up to 15 hosts for 30 days before prompting again. This dialog will be removed in a later release.
+When enabling single sign-on, you'll currently be prompted to authenticate to Azure AD and allow the Remote Desktop connection when launching a connection to a new host. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect.
 
 ## Next steps
 
-- Enable [in-session passwordless authentication](authentication.md#in-session-passwordless-authentication)
-- [Connect with the Windows Desktop client](./user-documentation/connect-windows-7-10.md)
-- [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md)
+- Check out [In-session passwordless authentication (preview)](authentication.md#in-session-passwordless-authentication-preview) to learn how to enable passwordless authentication.
+- If you're accessing Azure Virtual Desktop from our Windows Desktop client, see [Connect with the Windows Desktop client](./user-documentation/connect-windows-7-10.md).
+- If you encounter any issues, go to [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md).
diff --git a/articles/virtual-desktop/set-up-mfa.md b/articles/virtual-desktop/set-up-mfa.md
@@ -12,7 +12,7 @@ manager: femila
 > [!IMPORTANT]
 > If you're visiting this page from the Azure Virtual Desktop (classic) documentation, make sure to [return to the Azure Virtual Desktop (classic) documentation](./virtual-desktop-fall-2019/tenant-setup-azure-active-directory.md) once you're finished.
 
-Users can sign into Azure Virtual Desktop from anywhere using different devices and clients. However, there are certain measures you should take to help keep yourself and your users safe. Using Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) with Azure Virtual Desktop prompts users during the sign-in process for another form of identification, in addition to their username and password. You can enforce MFA for Azure Virtual Desktop using Conditional Access and whether it applies for the web client or mobile apps and desktop clients, or both.
+Users can sign into Azure Virtual Desktop from anywhere using different devices and clients. However, there are certain measures you should take to help keep yourself and your users safe. Using Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) with Azure Virtual Desktop prompts users during the sign-in process for another form of identification in addition to their username and password. You can enforce MFA for Azure Virtual Desktop using Conditional Access, and can also configure whether it applies to the web client, mobile apps, desktop clients, or all clients.
 
 How often a user is prompted to reauthenticate depends on [Azure AD session lifetime configuration settings](../active-directory/authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md#azure-ad-session-lifetime-configuration-settings). For example, if their Windows client device is registered with Azure AD, it will receive a [Primary Refresh Token](../active-directory/devices/concept-primary-refresh-token.md) (PRT) to use for single sign-on (SSO) across applications. Once issued, a PRT is valid for 14 days and is continuously renewed as long as the user actively uses the device.
 
diff --git a/articles/virtual-desktop/troubleshoot-azure-ad-connections.md b/articles/virtual-desktop/troubleshoot-azure-ad-connections.md
diff --git a/articles/virtual-desktop/troubleshoot-device-redirections.md b/articles/virtual-desktop/troubleshoot-device-redirections.md
