MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/tutorial-configure-custom-password-protection.md
Lines changed: 6 additions & 8 deletions b/‎articles/active-directory/authentication/tutorial-configure-custom-password-protection.md
Lines changed: 6 additions & 8 deletions
diff --git a/‎articles/active-directory/authentication/tutorial-enable-azure-mfa.md
Lines changed: 12 additions & 18 deletions b/‎articles/active-directory/authentication/tutorial-enable-azure-mfa.md
Lines changed: 12 additions & 18 deletions
diff --git a/‎articles/active-directory/authentication/tutorial-enable-cloud-sync-sspr-writeback.md
Lines changed: 13 additions & 13 deletions b/‎articles/active-directory/authentication/tutorial-enable-cloud-sync-sspr-writeback.md
Lines changed: 13 additions & 13 deletions
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: tutorial
-ms.date: 01/29/2023
+ms.date: 09/14/2023
 
 ms.author: justinha
 author: justinha
@@ -66,9 +66,8 @@ Let's enable the custom banned password list and add some entries. You can add a
 
 To enable the custom banned password list and add entries to it, complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
-1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
-1. Under the **Manage** menu header, select **Authentication methods**, then **Password protection**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods**, then **Password protection**.
 1. Set the option for **Enforce custom list** to *Yes*.
 1. Add strings to the **Custom banned password list**, one string per line. The following considerations and limitations apply to the custom banned password list:
 
@@ -79,7 +78,7 @@ To enable the custom banned password list and add entries to it, complete the fo
 
     Specify your own custom passwords to ban, as shown in the following example
 
-    [ ![Modify the custom banned password list under Authentication Methods in the Azure portal](media/tutorial-configure-custom-password-protection/enable-configure-custom-banned-passwords-cropped.png) ](media/tutorial-configure-custom-password-protection/enable-configure-custom-banned-passwords.png#lightbox)
+    [ ![Modify the custom banned password list under Authentication methods](media/tutorial-configure-custom-password-protection/enable-configure-custom-banned-passwords-cropped.png) ](media/tutorial-configure-custom-password-protection/enable-configure-custom-banned-passwords.png#lightbox)
 
 1. Leave the option for **Enable password protection on Windows Server Active Directory** to *No*.
 1. To enable the custom banned passwords and your entries, select **Save**.
@@ -110,9 +109,8 @@ To see the custom banned password list in action, try to change the password to
 
 If you no longer want to use the custom banned password list you have configured as part of this tutorial, complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
-1. Under the **Manage** menu header, select **Authentication methods**, then **Password protection**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods**, then **Password protection**.
 1. Set the option for **Enforce custom list** to *No*.
 1. To update the custom banned password configuration, select **Save**.
 
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: tutorial
-ms.date: 01/29/2023
+ms.date: 09/14/2023
 
 ms.author: justinha
 author: justinha
@@ -59,15 +59,12 @@ The recommended way to enable and use Azure AD Multi-Factor Authentication is wi
 
 Conditional Access policies can be applied to specific users, groups, and apps. The goal is to protect your organization while also providing the right levels of access to the users who need it. 
 
-In this tutorial, we create a basic Conditional Access policy to prompt for MFA when a user signs in to the Azure portal. In a later tutorial in this series, we configure Azure AD Multi-Factor Authentication by using a risk-based Conditional Access policy.
+In this tutorial, we create a basic Conditional Access policy to prompt for MFA when a user signs in. In a later tutorial in this series, we configure Azure AD Multi-Factor Authentication by using a risk-based Conditional Access policy.
 
 First, create a Conditional Access policy and assign your test group of users as follows:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) by using an account with *global administrator* permissions.
-
-1. Search for and select **Azure Active Directory**. Then select **Security** from the menu on the left-hand side.
-
-1. Select **Conditional Access**, select **+ New policy**, and then select **Create new policy**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator).
+1. Browse to **Protection** > **Conditional Access**, select **+ New policy**, and then select **Create new policy**.
 
    :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select 'New policy' and then select 'Create new policy'." source="media/tutorial-enable-azure-mfa/tutorial-enable-azure-mfa-conditional-access-menu-new-policy.png":::
 
@@ -99,7 +96,7 @@ Now that the Conditional Access policy is created and a test group of users is a
 
 ### Configure which apps require multi-factor authentication
 
-For this tutorial, configure the Conditional Access policy to require multi-factor authentication when a user signs in to the Azure portal.
+For this tutorial, configure the Conditional Access policy to require multi-factor authentication when a user signs in.
 
 1. Select the current value under **Cloud apps or actions**, and then under **Select what this policy applies to**, verify that **Cloud apps** is selected.
 
@@ -110,15 +107,15 @@ For this tutorial, configure the Conditional Access policy to require multi-fact
    > [!TIP]
    > You can choose to apply the Conditional Access policy to **All cloud apps** or **Select apps**. To provide flexibility, you can also exclude certain apps from the policy.
 
-1. Browse the list of available sign-in events that can be used. For this tutorial, select **Microsoft Azure Management** so that the policy applies to sign-in events to the Azure portal. Then choose **Select**.
+1. Browse the list of available sign-in events that can be used. For this tutorial, select **Microsoft Azure Management** so that the policy applies to sign-in events. Then choose **Select**.
 
    :::image type="content" alt-text="A screenshot of the Conditional Access page, where you select the app, Microsoft Azure Management, to which the new policy will apply." source="media/tutorial-enable-azure-mfa/tutorial-enable-azure-mfa-conditional-access-menu-select-apps.png":::
 
 ### Configure multi-factor authentication for access
 
 Next, we configure access controls. Access controls let you define the requirements for a user to be granted access. They might be required to use an approved client app or a device that's hybrid-joined to Azure AD. 
 
-In this tutorial, configure the access controls to require multi-factor authentication during a sign-in event to the Azure portal.
+In this tutorial, configure the access controls to require multi-factor authentication during a sign-in event.
 
 1. Under **Access controls**, select the current value under **Grant**, and then select **Grant access**.
 
@@ -156,9 +153,9 @@ First, sign in to a resource that doesn't require MFA:
 1. Close the browser window.
 
 
-You configured the Conditional Access policy to require additional authentication for the Azure portal. Because of that configuration, you're prompted to use Azure AD Multi-Factor Authentication or to configure a method if you haven't yet done so. Test this new requirement by signing in to the Azure portal:
+You configured the Conditional Access policy to require additional authentication for sign in. Because of that configuration, you're prompted to use Azure AD Multi-Factor Authentication or to configure a method if you haven't yet done so. Test this new requirement by signing in to the Microsoft Entra admin center:
 
-1. Open a new browser window in InPrivate or incognito mode and sign in to the [Azure portal](https://portal.azure.com).
+1. Open a new browser window in InPrivate or incognito mode and sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
 
 1. Sign in with your non-administrator test user, such as *testuser*. Be sure to include `@` and the domain name for the user account.
 
@@ -174,7 +171,7 @@ You configured the Conditional Access policy to require additional authenticatio
 
 1. Complete the instructions on the screen to configure the method of multi-factor authentication that you've selected. 
 
-1. Close the browser window, and sign in to the [Azure portal](https://portal.azure.com) again to test the authentication method that you configured. For example, if you configured a mobile app for authentication, you should see a prompt like the following.
+1. Close the browser window, and sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) again to test the authentication method that you configured. For example, if you configured a mobile app for authentication, you should see a prompt like the following.
 
    ![To sign in, follow the prompts in your browser and then the prompt on the device that you registered for multi-factor authentication.](media/tutorial-enable-azure-mfa/tutorial-enable-azure-mfa-browser-prompt.png)
 
@@ -184,11 +181,8 @@ You configured the Conditional Access policy to require additional authenticatio
 
 If you no longer want to use the Conditional Access policy that you configured as part of this tutorial, delete the policy by using the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-
-1. Search for and select **Azure Active Directory**, and then select **Security** from the menu on the left-hand side.
-
-1. Select **Conditional Access**, and then select the policy that you created, such as **MFA Pilot**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator).
+1. Browse to **Protection** > **Conditional Access**, and then select the policy that you created, such as **MFA Pilot**.
 
 1. select **Delete**, and then confirm that you want to delete the policy.
 
 
@@ -5,7 +5,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: tutorial
-ms.date: 01/29/2023
+ms.date: 09/13/2023
 ms.author: justinha
 author: justinha
 ms.reviewer: tilarso
@@ -38,18 +38,18 @@ Azure Active Directory Connect cloud sync can synchronize Azure AD password chan
 Permissions for cloud sync are configured by default. If permissions need to be reset, see [Troubleshooting](#troubleshooting) for more details about the specific permissions required for password writeback and how to set them by using PowerShell. 
 
 ### Enable password writeback in SSPR
-You can enable Azure AD connect cloud sync provisioning directly in Azure portal or through PowerShell. 
+You can enable Azure AD connect cloud sync provisioning directly in the Microsoft Entra admin center or through PowerShell. 
 
-#### Enable password writeback in Azure portal
+#### Enable password writeback in the Microsoft Entra admin center
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
 With password writeback enabled in Azure AD Connect cloud sync, now verify, and configure Azure AD self-service password reset (SSPR) for password writeback. When you enable SSPR to use password writeback, users who change or reset their password have that updated password synchronized back to the on-premises AD DS environment as well. 
 
 To verify and enable password writeback in SSPR, complete the following steps: 
-1. Sign in to the [Azure portal](https://portal.azure.com) using a Global Administrator account.
-1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
-1. Check the option for **Enable password write back for synced users** .
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
+1. Check the option for **Enable password write back for synced users**.
 1. (optional) If Azure AD Connect provisioning agents are detected, you can additionally check the option for **Write back passwords with Azure AD Connect cloud sync**.   
 3. Check the option for **Allow users to unlock accounts without resetting their password** to *Yes*.
 
@@ -69,17 +69,17 @@ Set-AADCloudSyncPasswordWritebackConfiguration -Enable $true -Credential $(Get-C
 
 If you no longer want to use the SSPR writeback functionality you have configured as part of this tutorial, complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
 1. Uncheck the option for **Enable password write back for synced users**.
 1. Uncheck the option for **Write back passwords with Azure AD Connect cloud sync**.
 1. Uncheck the option for **Allow users to unlock accounts without resetting their password**.
 1. When ready, select **Save**.
 
 If you no longer want to use the Azure AD Connect cloud sync for SSPR writeback functionality but want to continue using Azure AD Connect sync agent for writebacks complete the following steps:
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
-1. Search for and select **Azure Active Directory**, select **Password reset**, then choose **On-premises integration**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Password reset**, then choose **On-premises integration**.
 1. Uncheck the option for **Write back passwords with Azure AD Connect cloud sync**.
 1. When ready, select **Save**.
 
@@ -97,8 +97,8 @@ Passwords are written back in the following situations for end-users and adminis
 
 | Account        | Supported operations | 
 |----------------|------------------------|
-| End users      |  Any end-user self-service voluntary change password operation.<br>Any end-user self-service force change password operation, for example, password expiration.<br>Any end-user self-service password reset that originates from the password reset portal. |
-| Administrators |  Any administrator self-service voluntary change password operation.<br>Any administrator self-service force change password operation, for example, password expiration.<br>Any administrator self-service password reset that originates from the password reset portal.<br> Any administrator-initiated end-user password reset from the Azure portal.<br>Any administrator-initiated end-user password reset from the Microsoft Graph API.                       |
+| End users      |  Any end-user self-service voluntary change password operation.<br>Any end-user self-service force change password operation, for example, password expiration.<br>Any end-user self-service password reset that originates from password reset. |
+| Administrators |  Any administrator self-service voluntary change password operation.<br>Any administrator self-service force change password operation, for example, password expiration.<br>Any administrator self-service password reset that originates from password reset.<br> Any administrator-initiated end-user password reset from the Microsoft Entra admin center.<br>Any administrator-initiated end-user password reset from the Microsoft Graph API.                       |
 
 ## Unsupported operations
 
@@ -119,7 +119,7 @@ Try the following operations to validate scenarios using password writeback. All
 | Reset password from the login page | Have two users from disconnected domains and forests perform SSPR. You could also have Azure AD Connect and cloud sync deployed side-by-side and have one user in the scope of cloud sync configuration and another in scope of Azure AD Connect and have those users reset their password. |
 | Force expired password change | Have two users from disconnected domains and forests change expired passwords. You could also have Azure AD Connect and cloud sync deployed side-by-side and have one user in the scope of cloud sync configuration and another in scope of Azure AD Connect. |
 | Regular password change | Have two users from disconnected domains and forests perform routine password change. You could also have Azure AD Connect and cloud sync side by side and have one user in the scope of cloud sync config and another in scope of Azure AD Connect.  |
-| Admin reset user password | Have two users disconnected domains and forests reset their password from the Azure Admin Portal or Frontline worker portal. You could also have Azure AD Connect and cloud sync side by side and have one user in the scope of cloud sync config and another in scope of Azure AD Connect  |
+| Admin reset user password | Have two users disconnected domains and forests reset their password from the Microsoft Entra admin center or Frontline worker portal. You could also have Azure AD Connect and cloud sync side by side and have one user in the scope of cloud sync config and another in scope of Azure AD Connect  |
 | Self-service account unlock | Have two users from disconnected domains and forests unlock accounts in the SSPR portal resetting the password. You could also have Azure AD Connect and cloud sync side by side and have one user in the scope of cloud sync config and another in scope of Azure AD Connect. |
 
 ## Troubleshooting