MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/how-to-mfa-registration-campaign.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/authentication/how-to-mfa-registration-campaign.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/authentication/tutorial-enable-sspr-writeback.md
Lines changed: 4 additions & 4 deletions b/‎articles/active-directory/authentication/tutorial-enable-sspr-writeback.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/active-directory/develop/index.yml
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/develop/index.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/devices/concept-primary-refresh-token.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/devices/concept-primary-refresh-token.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/devices/troubleshoot-device-dsregcmd.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/devices/troubleshoot-device-dsregcmd.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/fundamentals/security-defaults.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/fundamentals/security-defaults.md
Lines changed: 1 addition & 1 deletion
@@ -7,7 +7,7 @@ ms.service: active-directory
 ms.subservice: authentication
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 09/21/2023
+ms.date: 09/26/2023
 
 ms.author: justinha
 author: mjsantani
@@ -77,7 +77,7 @@ To enable a registration campaign in the Microsoft Entra admin center, complete
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator) or [Global Administrator](../roles/permissions-reference.md#global-administrator).
 1. Browse to **Protection** > **Authentication methods** > **Registration campaign** and click **Edit**.
-1. For **State**, click **Microsoft managed** or **Enabled**. In the following screenshot, the registration campaign is **Microsoft managed**. That setting allows Microsoft to set the default value to be either Enabled or Disabled. For the registration campaign, the Microsoft managed value is Enabled for voice call and text message users with free and trial subscriptions. For more information, see [Protecting authentication methods in Microsoft Entra ID](concept-authentication-default-enablement.md).
+1. For **State**, click **Microsoft managed** or **Enabled**. In the following screenshot, the registration campaign is **Microsoft managed**. That setting allows Microsoft to set the default value to be either Enabled or Disabled. From Sept. 25 to Oct. 20, 2023, the Microsoft managed value for the registration campaing will change to **Enabled** for voice call and text message users across all tenants. For more information, see [Protecting authentication methods in Azure Active Directory](concept-authentication-default-enablement.md).
 
    :::image type="content" border="true" source="media/how-to-mfa-registration-campaign/admin-experience.png" alt-text="Screenshot of enabling a registration campaign.":::
 
@@ -109,7 +109,7 @@ The following table lists **authenticationMethodsRegistrationCampaign** properti
 |------|-----------------|-------------|
 |snoozeDurationInDays|Range: 0 - 14|Defines the number of days before the user is nudged again.<br>If the value is 0, the user is nudged during every MFA attempt.<br>Default: 1 day|
 |enforceRegistrationAfterAllowedSnoozes|"true"<br>"false"|Dictates whether a user is required to perform setup after 3 snoozes.<br>If true, user is required to register.<br>If false, user can snooze indefinitely.<br>Default: true<br>Please note this property only comes into effect once the Microsoft managed value for the registration campaign will change to Enabled for text message and voice call for your organization.|
-|state|"enabled"<br>"disabled"<br>"default"|Allows you to enable or disable the feature.<br>Default value is used when the configuration hasn't been explicitly set and will use Microsoft Entra ID default value for this setting. Currently maps to disabled.<br>Change states to either enabled or disabled as needed.|
+|state|"enabled"<br>"disabled"<br>"default"|Allows you to enable or disable the feature.<br>Default value is used when the configuration hasn't been explicitly set and will use Microsoft Entra ID default value for this setting. From Sept. 25 to Oct. 20, 2023, the default state will change to enabled for voice call and text message users across all tenants.<br>Change state to enabled (for all users) or disabled as needed.|
 |excludeTargets|N/A|Allows you to exclude different users and groups that you want omitted from the feature. If a user is in a group that is excluded and a group that is included, the user will be excluded from the feature.|
 |includeTargets|N/A|Allows you to include different users and groups that you want the feature to target.|
 
 
@@ -114,7 +114,7 @@ To enable SSPR writeback, first enable the writeback option in Microsoft Entra C
 1. Sign in to your Microsoft Entra Connect server and start the **Microsoft Entra Connect** configuration wizard.
 1. On the **Welcome** page, select **Configure**.
 1. On the **Additional tasks** page, select **Customize synchronization options**, and then select **Next**.
-1. On the **Connect to Microsoft Entra ID** page, enter a global administrator credential for your Azure tenant, and then select **Next**.
+1. On the **Connect to Microsoft Entra ID** page, enter a Global Administrator credential for your Azure tenant, and then select **Next**.
 1. On the **Connect directories** and **Domain/OU** filtering pages, select **Next**.
 1. On the **Optional features** page, select the box next to **Password writeback** and select **Next**.
 
@@ -132,7 +132,7 @@ With password writeback enabled in Microsoft Entra Connect, now configure Micros
 
 To enable password writeback in SSPR, complete the following steps:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as [Global Administrator](../roles/permissions-reference.md#global-administrator). 
 1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
 1. Check the option for **Write back passwords to your on-premises directory** .
 1. (optional) If Microsoft Entra Connect provisioning agents are detected, you can additionally check the option for **Write back passwords with Microsoft Entra Connect cloud sync**.   
@@ -147,15 +147,15 @@ To enable password writeback in SSPR, complete the following steps:
 
 If you no longer want to use the SSPR writeback functionality you have configured as part of this tutorial, complete the following steps:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as [Global Administrator](../roles/permissions-reference.md#global-administrator).
 1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
 1. Uncheck the option for **Write back passwords to your on-premises directory**.
 1. Uncheck the option for **Write back passwords with Microsoft Entra Connect cloud sync**.
 1. Uncheck the option for **Allow users to unlock accounts without resetting their password**.
 1. When ready, select **Save**.
 
 If you no longer want to use the Microsoft Entra Connect cloud sync for SSPR writeback functionality but want to continue using Microsoft Entra Connect Sync agent for writebacks complete the following steps:
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as [Global Administrator](../roles/permissions-reference.md#global-administrator).
 1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
 1. Uncheck the option for **Write back passwords with Microsoft Entra Connect cloud sync**.
 1. When ready, select **Save**.
 
@@ -3,14 +3,14 @@
 ## FRONT MATTER START
 title: Microsoft identity platform documentation
 summary: >
-  Use the Microsoft identity platform and our open-source authentication libraries to sign in users with Azure AD accounts, Microsoft accounts, and social accounts like Facebook and Google.
+  Use the Microsoft identity platform and our open-source authentication libraries to sign in users with Microsoft Entra accounts, Microsoft personal accounts, and social accounts like Facebook and Google.
   Protect your web APIs and access protected APIs like Microsoft Graph to work with your users' and organization's data.
 brand: azure
 
 metadata:
   title: Microsoft identity platform documentation
   description: >
-   Use Azure Active Directory (Azure AD) with OAuth 2.0 and OpenID Connect (OIDC) to protect the apps and web APIs you build. Learn how to sign in users and
+   Use Microsoft Entra ID with OAuth 2.0 and OpenID Connect (OIDC) to protect the apps and web APIs you build. Learn how to sign in users and
    manage their access through our quickstarts, tutorials, code samples, and API reference documentation.
 
   author: Dickson-Mwendia
@@ -209,7 +209,7 @@ additionalContent:
       - title: Connect to Microsoft Graph
         summary: >
           Programmatic access to organizational, user, and application data stored in Azure Active Directory. Call Microsoft Graph from your application to
-          create and manage Azure AD users and groups, get and modify your users' data like their profiles, calendars, email, and more.
+          create and manage Microsoft Entra users and groups, get and modify your users' data like their profiles, calendars, email, and more.
         links:
         - url: /graph/overview?toc=/azure/active-directory/develop/toc.json&bc=/azure/active-directory/develop/breadcrumb/toc.json
           text: Microsoft Graph API documentation
 
@@ -61,7 +61,7 @@ The PRT is issued during user authentication on a Windows 10 or newer device in
 In Microsoft Entra registered device scenarios, the Microsoft Entra WAM plugin is the primary authority for the PRT since Windows logon isn't happening with this  Microsoft Entra account.
 
 > [!NOTE]
-> 3rd party identity providers need to support the WS-Trust protocol to enable PRT issuance on Windows 10 or newer devices. Without WS-Trust, PRT cannot be issued to users on Microsoft Entra hybrid joined or Microsoft Entra joined devices. On ADFS only usernamemixed endpoints are required. Both adfs/services/trust/2005/windowstransport and adfs/services/trust/13/windowstransport should be enabled as intranet facing endpoints only and **must NOT be exposed** as extranet facing endpoints through the Web Application Proxy.
+> 3rd party identity providers need to support the WS-Trust protocol to enable PRT issuance on Windows 10 or newer devices. Without WS-Trust, PRT cannot be issued to users on Microsoft Entra hybrid joined or Microsoft Entra joined devices. On ADFS only usernamemixed endpoints are required. On ADFS if Smartcard/certificate is used during Windows sign-in certificatemixed endpoints are required. Both adfs/services/trust/2005/windowstransport and adfs/services/trust/13/windowstransport should be enabled as intranet facing endpoints only and **must NOT be exposed** as extranet facing endpoints through the Web Application Proxy.
 
 > [!NOTE]
 > Microsoft Entra Conditional Access policies are not evaluated when PRTs are issued.
 
@@ -63,7 +63,7 @@ The state is displayed only when the device is Microsoft Entra joined or Microso
 - **DeviceAuthStatus**: Performs a check to determine the device's health in Microsoft Entra ID. The health statuses are:  
   * *SUCCESS* if the device is present and enabled in Microsoft Entra ID.  
   * *FAILED. Device is either disabled or deleted* if the device is either disabled or deleted. For more information about this issue, see [Microsoft Entra device management FAQ](faq.yml#why-do-my-users-see-an-error-message-saying--your-organization-has-deleted-the-device--or--your-organization-has-disabled-the-device--on-their-windows-10-11-devices). 
-  * *FAILED. ERROR* if the test was unable to run. This test requires network connectivity to Microsoft Entra ID.
+  * *FAILED. ERROR* if the test was unable to run. This test requires network connectivity to Microsoft Entra ID under the system context.
     > [!NOTE]
     > The **DeviceAuthStatus** field was added in the Windows 10 May 2021 update (version 21H1).  
 
 
@@ -151,7 +151,7 @@ After you enable security defaults in your tenant, any user accessing the follow
 - Azure PowerShell 
 - Azure CLI 
 
-This policy applies to all users who are accessing Azure Resource Manager services, whether they're an administrator or a user. 
+This policy applies to all users who are accessing Azure Resource Manager services, whether they're an administrator or a user. This applies to ARM APIs such as accessing your subscription, VMs, storage accounts etc. This does not include Microsoft Entra ID or Microsoft Graph.
 
 > [!NOTE]
 > Pre-2017 Exchange Online tenants have modern authentication disabled by default. In order to avoid the possibility of a login loop while authenticating through these tenants, you must [enable modern authentication](/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online).