Merge branch 'MicrosoftDocs:main' into main

Author: danielledennis

articles/active-directory-domain-services/tutorial-create-replica-set.md

@@ -100,7 +100,7 @@ The replica set reports as *Provisioning* as deployment continues, as shown in t
 
 ## Delete a replica set
 
-A managed domain is currently limited to four replicas - the initial replica set, and three additional replica sets. If you don't need a replica set anymore, or if you want to create a replica set in another region, you can delete unneeded replica sets.
+A managed domain is currently limited to five replicas - the initial replica set, and four additional replica sets. If you don't need a replica set anymore, or if you want to create a replica set in another region, you can delete unneeded replica sets.
 
 > [!IMPORTANT]
 > You can't delete either the last replica set or the initial replica set in a managed domain.

articles/active-directory/app-provisioning/export-import-provisioning-configuration.md

@@ -52,7 +52,7 @@ You can use the Microsoft Graph API and the Microsoft Graph Explorer to export y
 ### Step 2: Sign into Microsoft Graph Explorer
 
 1. Launch [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
-1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Admin or App Admin credentials.
+1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Administrator or App Admin credentials.
 
     ![Microsoft Graph Sign-in](./media/export-import-provisioning-configuration/wd_export_02.png)
 

articles/active-directory/app-provisioning/skip-out-of-scope-deletions.md

@@ -32,7 +32,7 @@ Because this configuration is widely used with the *Workday to Active Directory
 ## Step 2: Sign into Microsoft Graph Explorer
 
 1. Launch [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
-1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Admin or App Admin credentials.
+1. Click on the "Sign-In with Microsoft" button and sign-in using Azure AD Global Administrator or App Admin credentials.
 
     ![Screenshot of Microsoft Graph Explorer Sign-in.](./media/skip-out-of-scope-deletions/wd_export_02.png)
 

articles/active-directory/app-proxy/application-proxy-faq.yml

@@ -102,7 +102,7 @@ sections:
       - question: |
          Should I create a dedicated account to register the connector with Azure AD Application Proxy?
         answer: |
-              There's no reason to. Any global admin or application administrator account will work. The credentials entered during installation aren't used after the registration process. Instead, a certificate is issued to the connector, which is used for authentication from that point on.
+              There's no reason to. Any Global Administrator or application administrator account will work. The credentials entered during installation aren't used after the registration process. Instead, a certificate is issued to the connector, which is used for authentication from that point on.
 
       - question: |
          How can I monitor the performance of the Azure AD Application Proxy connector?

articles/active-directory/authentication/howto-authentication-passwordless-troubleshoot.md

@@ -122,7 +122,7 @@ To view the Azure AD Kerberos Server Objects and verify they are in good order,
     # Specify the on-premises AD DS domain.
     $domain = "corp.contoso.com"
 
-    # Enter an Azure Active Directory Global Admin username and password.
+    # Enter an Azure Active Directory Global Administrator username and password.
     $cloudCred = Get-Credential
 
     # Enter a Domain Admin username and password.

articles/active-directory/authentication/howto-mfa-reporting.md

@@ -143,7 +143,7 @@ The following additional information and reports are available for MFA events, i
 | Report | Location | Description |
 |:--- |:--- |:--- |
 | Blocked User History | Azure AD > Security > MFA > Block/unblock users | Shows the history of requests to block or unblock users. |
-| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA Server through the NPS extension, AD FS, and MFA Server. |
+| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA Server. NPS extension and AD FS logs for cloud MFA activity are now included in the [Sign-in logs](../reports-monitoring/concept-sign-ins.md), and no longer published on this report. |
 | Bypassed User History | Azure AD > Security > MFA > One-time bypass | Provides a history of MFA Server requests to bypass MFA for a user. |
 | Server status | Azure AD > Security > MFA > Server status | Displays the status of MFA Servers associated with your account. |
 

articles/active-directory/authentication/troubleshoot-sspr-writeback.md

@@ -81,7 +81,7 @@ If restarting the Azure AD Connect Sync service doesn't resolve your problem, tr
 To continue to troubleshoot issues, complete the following steps to disable and then re-enable the password writeback feature:
 
 1. As an administrator on the server that runs Azure AD Connect, open the **Azure AD Connect Configuration wizard**.
-1. In **Connect to Azure AD**, enter your Azure AD global admin credentials.
+1. In **Connect to Azure AD**, enter your Azure AD Global Administrator credentials.
 1. In **Connect to AD DS**, enter your on-premises Active Directory Domain Services admin credentials.
 1. In **Uniquely identifying your users**, select the **Next** button.
 1. In **Optional features**, clear the **Password writeback** check box.
@@ -191,7 +191,7 @@ A best practice when you troubleshoot problems with password writeback is to ins
 | 31014| OffboardingEventFail| This event indicates that the offboarding process wasn't successful. This might be due to a permissions error on the cloud or on-premises administrator account specified during configuration. The error can also occur if you're attempting to use a federated cloud global administrator when disabling password writeback. To fix this problem, check your administrative permissions and ensure that you're not using a federated account while configuring the password writeback capability.|
 | 31015| WriteBackServiceStarted| This event indicates that the password writeback service has started successfully. It is ready to accept password management requests from the cloud.|
 | 31016| WriteBackServiceStopped| This event indicates that the password writeback service has stopped. Any password management requests from the cloud won't be successful.|
-| 31017| AuthTokenSuccess| This event indicates that we successfully retrieved an authorization token for the global admin specified during Azure AD Connect setup to start the offboarding or onboarding process.|
+| 31017| AuthTokenSuccess| This event indicates that we successfully retrieved an authorization token for the Global Administrator specified during Azure AD Connect setup to start the offboarding or onboarding process.|
 | 31018| KeyPairCreationSuccess| This event indicates that we successfully created the password encryption key. This key is used to encrypt passwords from the cloud to be sent to your on-premises environment.|
 | 31034| ServiceBusListenerError| This event indicates that there was an error connecting to your tenant's Service Bus listener. If the error message includes "The remote certificate is invalid", check to make sure that your Azure AD Connect server has all the required Root CAs as described in [Azure TLS certificate changes](../../security/fundamentals/tls-certificate-changes.md). |
 | 31044| PasswordResetService| This event indicates that password writeback is not working. The Service Bus listens for requests on two separate relays for redundancy. Each relay connection is managed by a unique Service Host. The writeback client returns an error if either Service Host is not running.|
@@ -203,7 +203,7 @@ A best practice when you troubleshoot problems with password writeback is to ins
 | 32005| ConfigurationError| During onboarding, we save tenant-specific information in a configuration file in your on-premises environment. This event indicates that there was an error saving this file or that when the service was started, there was an error reading the file. To fix this problem, try disabling and then re-enabling password writeback to force a rewrite of the configuration file.|
 | 32007| OnBoardingConfigUpdateError| During onboarding, we send data from the cloud to the on-premises password-reset service. That data is then written to an in-memory file before it is sent to the sync service to be stored securely on disk. This event indicates that there's a problem with writing or updating that data in memory. To fix this problem, try disabling and then re-enabling password writeback to force a rewrite of this configuration file.|
 | 32008| ValidationError| This event indicates we received an invalid response from the password-reset web service. To fix this problem, try disabling and then re-enabling password writeback.|
-| 32009| AuthTokenError| This event indicates that we couldn't get an authorization token for the global administrator account specified during Azure AD Connect setup. This error can be caused by a bad username or password specified for the global admin account. This error can also occur if the global admin account specified is federated. To fix this problem, rerun the configuration with the correct username and password and ensure that the administrator is a managed (cloud-only or password-synchronized) account.|
+| 32009| AuthTokenError| This event indicates that we couldn't get an authorization token for the global administrator account specified during Azure AD Connect setup. This error can be caused by a bad username or password specified for the Global Administrator account. This error can also occur if the Global Administrator account specified is federated. To fix this problem, rerun the configuration with the correct username and password and ensure that the administrator is a managed (cloud-only or password-synchronized) account.|
 | 32010| CryptoError| This event indicates there was an error generating the password encryption key or decrypting a password that arrives from the cloud service. This error likely indicates a problem with your environment. Look at the details of your event log to learn more about how to resolve this problem. You can also try disabling and then re-enabling the password writeback service.|
 | 32011| OnBoardingServiceError| This event indicates that the on-premises service couldn't properly communicate with the password-reset web service to initiate the onboarding process. This can happen as a result of a firewall rule or if there's a problem getting an authentication token for your tenant. To fix this problem, ensure that you're not blocking outbound connections over TCP 443 and TCP 9350-9354 or to https://ssprdedicatedsbprodncu.servicebus.windows.net. Also ensure that the Azure AD admin account you're using to onboard isn't federated.|
 | 32013| OffBoardingError| This event indicates that the on-premises service couldn't properly communicate with the password-reset web service to initiate the offboarding process. This can happen as a result  of a firewall rule or if there's a problem getting an authorization token for your tenant. To fix this problem, ensure that you're not blocking outbound connections over 443 or to https://ssprdedicatedsbprodncu.servicebus.windows.net, and that the Azure Active Directory admin account you're using to offboard isn't federated.|

articles/active-directory/cloud-infrastructure-entitlement-management/faqs.md

@@ -112,7 +112,7 @@ Integration with ITMS tools, such as ServiceNow, is in the future roadmap.
 
 ## How is Permissions Management being deployed?
 
-Customers with Global Admin role have first to onboard Permissions Management on their Azure AD tenant, and then onboard their AWS accounts, GCP projects, and Azure subscriptions. More details about onboarding can be found in our product documentation.
+Customers with Global Administrator role have first to onboard Permissions Management on their Azure AD tenant, and then onboard their AWS accounts, GCP projects, and Azure subscriptions. More details about onboarding can be found in our product documentation.
 
 ## How long does it take to deploy Permissions Management?
 
@@ -136,7 +136,7 @@ If a customer initiates a free Permissions Management 45-day trial, but does not
 
 If a customer decides to discontinue licensing the service, we will also delete all previously collected data within 45 days of license termination.  
 
-We also have the ability to remove, export or modify specific data should the Global Admin using the Entra Permissions Management service file an official Data Subject Request. This can be initiated by opening a ticket in the Azure portal [New support request - Microsoft Entra admin center](https://entra.microsoft.com/#blade/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical), or alternately contacting your local Microsoft representative. 
+We also have the ability to remove, export or modify specific data should the Global Administrator using the Entra Permissions Management service file an official Data Subject Request. This can be initiated by opening a ticket in the Azure portal [New support request - Microsoft Entra admin center](https://entra.microsoft.com/#blade/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical), or alternately contacting your local Microsoft representative. 
 
 ## Do I require a license to use Entra Permissions Management? 
 

articles/active-directory/cloud-infrastructure-entitlement-management/permissions-management-trial-user-guide.md

@@ -195,7 +195,7 @@ Use the **Activity triggers** dashboard to view information and set alerts and t
 
     ![Diagram, Alert for monitoring any action on Azure resources.](media/permissions-management-trial-user-guide/custom-alerts-3.png)
 
--   Use of break glass accounts like root in AWS, global admin in Azure AD accessing subscriptions, etc.
+-   Use of break glass accounts like root in AWS, Global Administrator in Azure AD accessing subscriptions, etc.
 
     Example: BreakGlass users should be used for emergency access only.
 

articles/active-directory/cloud-sync/how-to-troubleshoot.md

@@ -222,7 +222,7 @@ If you need to repair the cloud sync service account, you can use the `Repair-AA
       Connect-AADCloudSyncTools
       ```
 
-   1. Enter your Azure AD global admin credentials.
+   1. Enter your Azure AD Global Administrator credentials.
 
    1. Type, or copy and paste, the following: