Merge pull request #185053 from MicrosoftDocs/master

1/13 PM Publish

Author: huypub

articles/active-directory-b2c/tutorial-create-user-flows.md

@@ -104,7 +104,7 @@ To enable [self-service password reset](add-password-reset-policy.md) for the si
 
 1. Select the sign-up or sign-in user flow  you created.
 1. Under **Settings** in the left menu, select **Properties**.
-1. Under **Password complexity**, select **Self-service password reset**.
+1. Under **Password configuration**, select **Self-service password reset**.
 1. Select **Save**.
 
 ### Test the user flow

articles/active-directory-domain-services/tutorial-configure-ldaps.md

@@ -44,6 +44,7 @@ To complete this tutorial, you need the following resources and privileges:
   * If needed, [create and configure an Azure Active Directory Domain Services managed domain][create-azure-ad-ds-instance].
 * The *LDP.exe* tool installed on your computer.
   * If needed, [install the Remote Server Administration Tools (RSAT)][rsat] for *Active Directory Domain Services and LDAP*.
+* You need global administrator privileges in your Azure AD tenant to enable secure LDAP.
 
 ## Sign in to the Azure portal
 

articles/active-directory/app-provisioning/accidental-deletions.md

@@ -15,7 +15,7 @@ ms.reviewer: arvinh
 
 # Enable accidental deletions prevention in the Azure AD provisioning service (Preview)
 
-The Azure AD provisioning service includes a feature to help avoid accidental deletions. This feature ensures that users are not disabled or deleted in an application unexpectedly.
+The Azure AD provisioning service includes a feature to help avoid accidental deletions. This feature ensures that users aren't disabled or deleted in an application unexpectedly.
 
 The feature lets you specify a deletion threshold, above which an admin 
 needs to explicitly choose to allow the deletions to be processed.

articles/active-directory/authentication/howto-authentication-passwordless-security-key-windows.md

@@ -72,7 +72,7 @@ Organizations may choose to use one or more of the following methods to enable t
 
 To enable the use of security keys using Intune, complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
 1. Browse to **Microsoft Intune** > **Device enrollment** > **Windows enrollment** > **Windows Hello for Business** > **Properties**.
 1. Under **Settings**, set **Use security keys for sign-in** to **Enabled**.
 
@@ -82,13 +82,13 @@ Configuration of security keys for sign-in isn't dependent on configuring Window
 
 To target specific device groups to enable the credential provider, use the following custom settings via Intune:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Browse to **Microsoft Intune** > **Device configuration** > **Profiles** > **Create profile**.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+1. Browse to **Device** > **Windows** > **Configuration Profiles** > **Create profile**.
 1. Configure the new profile with the following settings:
    - Name: Security Keys for Windows Sign-In
    - Description: Enables FIDO Security Keys to be used during Windows Sign In
    - Platform: Windows 10 and later
-   - Profile type: Custom
+   - Profile type: Template > Custom
    - Custom OMA-URI Settings:
       - Name: Turn on FIDO Security Keys for Windows Sign-In
       - OMA-URI: ./Device/Vendor/MSFT/PassportForWork/SecurityKey/UseSecurityKeyForSignin
@@ -158,4 +158,4 @@ If you'd like to share feedback or encounter issues about this feature, share vi
 
 [Learn more about device registration](../devices/overview.md)
 
-[Learn more about Azure AD Multi-Factor Authentication](../authentication/howto-mfa-getstarted.md)
+[Learn more about Azure AD Multi-Factor Authentication](../authentication/howto-mfa-getstarted.md)

articles/active-directory/authentication/howto-mfa-userstates.md

@@ -53,9 +53,9 @@ All users start out *Disabled*. When you enroll users in per-user Azure AD Multi
 
 To view and manage user states, complete the following steps to access the Azure portal page:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
+1. Sign in to the [Azure portal](https://portal.azure.com) as a Global administrator.
 1. Search for and select *Azure Active Directory*, then select **Users** > **All users**.
-1. Select **Multi-Factor Authentication**. You may need to scroll to the right to see this menu option. Select the example screenshot below to see the full Azure portal window and menu location:
+1. Select **Per-user MFA**. You may need to scroll to the right to see this menu option. Select the example screenshot below to see the full Azure portal window and menu location:
     [![Select Multi-Factor Authentication from the Users window in Azure AD.](media/howto-mfa-userstates/selectmfa-cropped.png)](media/howto-mfa-userstates/selectmfa.png#lightbox)
 1. A new page opens that displays the user state, as shown in the following example.
    ![Screenshot that shows example user state information for Azure AD Multi-Factor Authentication](./media/howto-mfa-userstates/userstate1.png)
@@ -120,4 +120,4 @@ To configure Azure AD Multi-Factor Authentication settings, see  [Configure Azur
 
 To manage user settings for Azure AD Multi-Factor Authentication, see [Manage user settings with Azure AD Multi-Factor Authentication](howto-mfa-userdevicesettings.md).
 
-To understand why a user was prompted or not prompted to perform MFA, see [Azure AD Multi-Factor Authentication reports](howto-mfa-reporting.md).
+To understand why a user was prompted or not prompted to perform MFA, see [Azure AD Multi-Factor Authentication reports](howto-mfa-reporting.md).

articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md

@@ -31,7 +31,7 @@ To make sure you understand the functionality and effects before you enable the
 To enable combined registration, complete these steps:
 
 1. Sign in to the Azure portal as a user administrator or global administrator.
-2. Go to **Azure Active Directory** > **User settings** > **Manage user feature preview settings**.
+2. Go to **Azure Active Directory** > **User settings** > **Manage user feature settings**.
 3. Under **Users can use the combined security information registration experience**, choose to enable for a **Selected** group of users or for **All** users.
 
    ![Enable the combined security info experience for users](media/howto-registration-mfa-sspr-combined/enable-the-combined-security-info.png)

articles/active-directory/authentication/tutorial-configure-custom-password-protection.md

@@ -49,6 +49,7 @@ To give you flexibility in what passwords are allowed, you can also define a cus
 * Locations, such as company headquarters
 * Company-specific internal terms
 * Abbreviations that have specific company meaning
+* Months and weekdays with your company's local languages
 
 When a user attempts to reset a password to something that's on the global or custom banned password list, they see one of the following error messages:
 
@@ -123,4 +124,4 @@ In this tutorial, you enabled and configured custom password protection lists fo
 > * Test password changes with a banned password
 
 > [!div class="nextstepaction"]
-> [Enable risk-based Azure AD Multi-Factor Authentication](./tutorial-enable-azure-mfa.md)
+> [Enable risk-based Azure AD Multi-Factor Authentication](./tutorial-enable-azure-mfa.md)

articles/active-directory/authentication/tutorial-enable-cloud-sync-sspr-writeback.md

@@ -26,7 +26,7 @@ Azure Active Directory Connect cloud sync self-service password reset writeback
   - [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator) and [Hybrid Identity Administrator](../roles/permissions-reference.md#hybrid-identity-administrator) roles
   - [Global Administrator](../roles/permissions-reference.md#global-administrator) role 
 - Azure AD configured for self-service password reset. If needed, complete this tutorial to enable Azure AD SSPR. 
-- An on-premises AD DS environment configured with Azure AD Connect cloud sync version 1.1.587 or later. If needed, configure Azure AD Connect cloud sync using [this tutorial](tutorial-enable-sspr.md). 
+- An on-premises AD DS environment configured with Azure AD Connect cloud sync version 1.1.587 or later. Learn how to [identify the agent's current version](../cloud-sync/how-to-automatic-upgrade.md). If needed, configure Azure AD Connect cloud sync using [this tutorial](tutorial-enable-sspr.md). 
 - Enabling password writeback in Azure AD Connect cloud sync requires executing signed PowerShell scripts.
   - Ensure that the PowerShell execution policy will allow running of scripts. 
   - The recommended execution policy during installation is "RemoteSigned". 
@@ -45,7 +45,7 @@ Permissions for cloud sync are configured by default. If permissions need to be
 
 ### Enable password writeback in Azure AD Connect cloud sync
 
-For public preview, you need to enable password writeback in Azure AD Connect cloud sync by using the Set-AADCloudSyncPasswordWritebackConfiguration cmdlet and tenant’s global administrator credentials: 
+For public preview, you need to enable password writeback in Azure AD Connect cloud sync by using the Set-AADCloudSyncPasswordWritebackConfiguration cmdlet on the servers with the provisioning agents. You will need global administrator credentials: 
 
 ```powershell
 Import-Module 'C:\\Program Files\\Microsoft Azure AD Connect Provisioning Agent\\Microsoft.CloudSync.Powershell.dll' 

articles/active-directory/authentication/tutorial-enable-sspr-writeback.md

@@ -60,7 +60,7 @@ To correctly work with SSPR writeback, the account specified in Azure AD Connect
 * **Write permissions** on `pwdLastSet`
 * **Extended rights** for "Unexpire Password" on the root object of *each domain* in that forest, if not already set.
 
-If you don't assign these permissions, writeback may appear to be configured correctly, but users encounter errors when they manage their on-premises passwords from the cloud. Permissions must be applied to **This object and all descendant objects** for "Unexpire Password" to appear.  
+If you don't assign these permissions, writeback may appear to be configured correctly, but users encounter errors when they manage their on-premises passwords from the cloud. When setting "Unexpire Password" permissions in Active Directory, it must be applied to **This object and all descendant objects**, **This object only**, or **All descendant objects**, or the "Unexpire Password" permission can't be displayed.
 
 > [!TIP]
 >

articles/active-directory/cloud-sync/concept-how-it-works.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 Cloud sync is built on top of the Azure AD services and has 2 key components:
 
-- **Provisioning agent**: The Azure AD Connect cloud provisioning agent is the same agent as Workday inbound and built on the same server-side technology as app proxy and Pass Through Authentication. It requires and outbound connection only and agents are auto-updated. 
+- **Provisioning agent**: The Azure AD Connect cloud provisioning agent is the same agent as Workday inbound and built on the same server-side technology as app proxy and Pass Through Authentication. It requires an outbound connection only and agents are auto-updated. 
 - **Provisioning service**: Same provisioning service as outbound provisioning and Workday inbound provisioning which uses a scheduler-based model. In case of cloud sync, the changes are provisioned every 2 mins.