Merge pull request #223658 from billmath/fresh1

freshness review

Author: 19BMG00

articles/active-directory/cloud-sync/concept-attributes.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 02/25/2021
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 

articles/active-directory/cloud-sync/concept-how-it-works.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.custom: ignite-2022
 ms.topic: conceptual
-ms.date: 12/05/2019
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -23,59 +23,59 @@ ms.collection: M365-identity-device-management
 Cloud sync is built on top of the Azure AD services and has 2 key components:
 
 - **Provisioning agent**: The Azure AD Connect cloud provisioning agent is the same agent as Workday inbound and built on the same server-side technology as app proxy and Pass Through Authentication. It requires an outbound connection only and agents are auto-updated. 
-- **Provisioning service**: Same provisioning service as outbound provisioning and Workday inbound provisioning which uses a scheduler-based model. In case of cloud sync, the changes are provisioned every 2 mins.
+- **Provisioning service**: Same provisioning service as outbound provisioning and Workday inbound provisioning, which uses a scheduler-based model. Cloud sync provisions change every 2 mins.
 
 
 ## Initial setup
-During initial setup, a few things are done that makes cloud sync happen. These are: 
+During initial setup, a few things are done that makes cloud sync happen. 
 
 - **During agent installation**: You configure the agent for the AD domains you want to provision from.  This configuration registers the domains in the hybrid identity service and establishes an outbound connection to the service bus listening for requests.
-- **When you enable provisioning**: You select the AD domain and enable provisioning which runs every 2 mins. Optionally you may deselect password hash sync and define notification email. You can also manage attribute transformation using Microsoft Graph APIs.
+- **When you enable provisioning**: You select the AD domain and enable provisioning, which runs every 2 mins. Optionally you may deselect password hash sync and define notification email. You can also manage attribute transformation using Microsoft Graph APIs.
 
 
 ## Agent installation
-The following is a walk-through of what occurs when the cloud provisioning agent is installed.
+The following items occur when the cloud provisioning agent is installed.
 
-- First, the Installer installs the Agent binaries and the Agent Service running under the Virtual Service Account (NETWORK SERVICE\AADProvisioningAgent).  A virtual service account is a special type of account that does not have a password and is managed by Windows.
+- First, the Installer installs the Agent binaries and the Agent Service running under the Virtual Service Account (NETWORK SERVICE\AADProvisioningAgent).  A virtual service account is a special type of account that doesn't have a password and is managed by Windows.
 - The Installer then starts the Wizard.
 - The Wizard will prompt for Azure AD credentials, will then authenticate, and retrieve a token.
 - The wizard then asks for the current machine Domain Administrators credentials.
 - Using these credentials, the agent general managed service account (GMSA) for this domain is either created or located and reused if it already exists.
 - The agent service is now reconfigured to run under the GMSA.
 - The wizard now asks for domain configuration along with the Enterprise Admin (EA)/Domain Admin(DA) Account for each domain you want the agent to service.
-- The GMSA account is then updated with permissions that enable it access to each domain entered above.
+- The GMSA account is then updated with permissions that enable it access to each domain entered during setup.
 - Next, the wizard triggers agent registration
 - The agent creates a certificate and using the Azure AD token, registers itself and the certificate with the Hybrid Identity Service(HIS) Registration Service
 - The Wizard triggers an AgentResourceGrouping call. This call to HIS Admin Service is to assign the agent to one or more AD Domains in the HIS configuration.
 - The wizard now restarts the agent service.
-- The agent calls a Bootstrap Service on restart (and every 10 mins afterwards) to check for configuration updates.  The bootstrap service validates the agent identity.  It also updates the last bootstrap time.  This is important because if agents don't bootstrap, they are not getting updated Service Bus endpoints and may not be able to receive requests. 
+- The agent calls a Bootstrap Service on restart (and every 10 mins afterwards) to check for configuration updates.  The bootstrap service validates the agent identity.  It also updates the last bootstrap time.  This is important because if agents don't bootstrap, they aren't getting updated Service Bus endpoints and may not be able to receive requests. 
 
 
 ## What is System for Cross-domain Identity Management (SCIM)?
 
-The [SCIM specification](https://tools.ietf.org/html/draft-scim-core-schema-01) is a standard that is used to automate the exchanging of user or group identity information between identity domains such as Azure AD. SCIM is becoming the de facto standard for provisioning and, when used in conjunction with federation standards like SAML or OpenID Connect, provides administrators an end-to-end standards-based solution for access management.
+The [SCIM specification](https://tools.ietf.org/html/draft-scim-core-schema-01) is a standard that is used to automate the exchanging of user or group identity information between identity domains such as Azure AD. SCIM is becoming the de facto standard for provisioning and, when used with federation standards like SAML or OpenID Connect, provides administrators an end-to-end standards-based solution for access management.
 
 The Azure AD Connect cloud provisioning agent uses SCIM with Azure AD to provision and deprovision users and groups.
 
 ## Synchronization flow
 ![provisioning](media/concept-how-it-works/provisioning-4.png)
-Once you have installed the agent and enabled provisioning, the following flow occurs.
+Once you've installed the agent and enabled provisioning, the following flow occurs.
 
 1.  Once configured, the Azure AD Provisioning service calls the Azure AD hybrid service to add a request to the Service bus. The agent constantly maintains an outbound connection to the Service Bus listening for requests and picks up the System for Cross-domain Identity Management (SCIM) request immediately. 
 2.  The agent breaks up the request into separate queries based on object type. 
 3.  AD returns the result to the agent and the agent filters this data before sending it to Azure AD.  
 4.  Agent returns the SCIM response to Azure AD.  These responses are based on the filtering that happened within the agent.  The agent uses scoping to filter the results. 
 5.  The provisioning service writes the changes to Azure AD.
-6. If this is a delta Sync as opposed to a full sync, then cookie/watermark is used. New queries will get changes from that cookie/watermark onwards.
+6.  If a delta Sync occurs, as opposed to a full sync, then the cookie/watermark is used. New queries will get changes from that cookie/watermark onwards.
 
 ## Supported scenarios:
 The following scenarios are supported for cloud sync.
 
 
-- **Existing hybrid customer with a new forest**: Azure AD Connect sync is used for primary forests. Cloud sync is used for provisioning from an AD forest (including disconnected). For more information see the tutorial [here](tutorial-existing-forest.md).
+- **Existing hybrid customer with a new forest**: Azure AD Connect sync is used for primary forests. Cloud sync is used for provisioning from an AD forest (including disconnected). For more information, see the tutorial [here](tutorial-existing-forest.md).
 
  ![Existing hybrid](media/tutorial-existing-forest/existing-forest-new-forest-2.png)
-- **New hybrid customer**:      Azure AD Connect sync is not used. Cloud sync is used for provisioning from an AD forest.  For more information see the tutorial [here](tutorial-single-forest.md).
+- **New hybrid customer**:      Azure AD Connect sync isn't used. Cloud sync is used for provisioning from an AD forest.  For more information, see the tutorial [here](tutorial-single-forest.md).
 
  ![New customers](media/tutorial-single-forest/diagram-2.png)
 

articles/active-directory/cloud-sync/how-to-accidental-deletes.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 09/10/2021
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management
@@ -23,7 +23,7 @@ The following document describes the accidental deletion feature for Azure AD Co
 
 To use this feature, you set the threshold for the number of objects that, if deleted, synchronization should stop.  So if this number is reached, the synchronization will stop and a notification will be sent to the email that is specified.  This notification will allow you to investigate what is going on.
 
-For additional information and an example, see the following video.
+For more information and an example, see the following video.
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWK5mV]
 
@@ -36,23 +36,23 @@ To use the new feature, follow the steps below.
 2.  Select **Azure AD Connect**.
 3.  Select **Manage cloud sync**.
 4. Under **Configuration**, select your configuration.
-5. Under **Settings** fill in the following:
+5. Under **Settings** fill in the following information.
 	- **Notification email** - email used for notifications
 	- **Prevent accidental deletions** - check this box to enable the feature
 	- **Accidental deletion threshold** - enter the number of objects to stop synchronization and send a notification
 
 ![Accidental deletes](media/how-to-accidental-deletes/accident-1.png)
 
 ## Recovering from an accidental delete instance
-If you encounter an accidental delete you will see this on the status of your provisioning agent configuration.  It will say **Delete threshold exceeded**.
+If you encounter an accidental delete you'll see this on the status of your provisioning agent configuration.  It will say **Delete threshold exceeded**.
 
 ![Accidental delete status](media/how-to-accidental-deletes/delete-1.png)
 
-By clicking on **Delete threshold exceeded**, you will see the sync status info.  This will provide additional details. 
+By clicking on **Delete threshold exceeded**, you'll see the sync status info.  This action will provide more details. 
 
  ![Sync status](media/how-to-accidental-deletes/delete-2.png)
 
-By right-clicking on the ellipses, you will get the following options:
+By right-clicking on the ellipses, you'll get the following options:
  - View provisioning log
  - View agent
  - Allow deletes
@@ -72,15 +72,15 @@ The **Allow deletes** action will delete the objects that triggered the accident
 
  ![Yes on confirmation](media/how-to-accidental-deletes/delete-4.png)
 
-3. You will see confirmation that the deletions were accepted and the status will return to healthy with the next cycle. 
+3. You'll see confirmation that the deletions were accepted and the status will return to healthy with the next cycle. 
 
  ![Accept deletes](media/how-to-accidental-deletes/delete-8.png)
 
 ### Rejecting deletions
 
-If you do not want to allow the deletions, you need to do the following:
+If you don't want to allow the deletions, you need to do the following:
 - investigate the source of the deletions
-- fix the issue (example, OU was moved out of scope accidentally and you have now re-added it back to the scope)
+- fix the issue (example, OU was moved out of scope accidentally and you've now re-added it back to the scope)
 - Run **Restart sync** on the agent configuration
 
 ## Next steps 

articles/active-directory/cloud-sync/how-to-attribute-mapping.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/30/2021
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/how-to-automatic-upgrade.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 12/02/2019
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 

articles/active-directory/cloud-sync/how-to-configure.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 12/14/2021
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/how-to-expression-builder.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 04/19/2021
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/how-to-gmsa-cmdlets.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: how-to
-ms.date: 07/01/2022
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management

articles/active-directory/cloud-sync/how-to-inbound-synch-ms-graph.md

@@ -7,7 +7,7 @@ manager: amycolannino
 ms.service: active-directory
 ms.workload: identity
 ms.topic: conceptual
-ms.date: 12/04/2020
+ms.date: 01/11/2023
 ms.subservice: hybrid
 ms.author: billmath
 ms.collection: M365-identity-device-management