MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/howto-mfaserver-deploy-upgrade.md
Lines changed: 10 additions & 11 deletions b/‎articles/active-directory/authentication/howto-mfaserver-deploy-upgrade.md
Lines changed: 10 additions & 11 deletions
diff --git a/‎articles/active-directory/external-identities/direct-federation-adfs.md
Lines changed: 51 additions & 32 deletions b/‎articles/active-directory/external-identities/direct-federation-adfs.md
Lines changed: 51 additions & 32 deletions
diff --git a/‎articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md
Lines changed: 5 additions & 35 deletions b/‎articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md
Lines changed: 5 additions & 35 deletions
@@ -1,32 +1,31 @@
 ---
 title: Upgrading Azure MFA Server - Azure Active Directory
-description: Steps and guidance to upgrade the Azure Multi-Factor Authentication Server to a newer version. 
+description: Steps and guidance to upgrade the Azure AD Multi-Factor Authentication Server to a newer version. 
 
 services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 11/12/2018
+ms.date: 10/10/2022
 
 ms.author: justinha
 author: justinha
 manager: amycolannino
-ms.reviewer: michmcla
+ms.reviewer: jpettere
 
 ms.collection: M365-identity-device-management
 ---
-# Upgrade to the latest Azure Multi-Factor Authentication Server
+# Upgrade to the latest Azure AD Multi-Factor Authentication Server
 
-This article walks you through the process of upgrading Azure Multi-Factor Authentication (MFA) Server v6.0 or higher. If you need to upgrade an old version of the PhoneFactor Agent, refer to [Upgrade the PhoneFactor Agent to Azure Multi-Factor Authentication Server](howto-mfaserver-deploy-upgrade-pf.md).
+This article walks you through the process of upgrading Azure AD Multi-Factor Authentication (MFA) Server v6.0 or higher. If you need to upgrade an old version of the PhoneFactor Agent, refer to [Upgrade the PhoneFactor Agent to Azure AD Multi-Factor Authentication Server](howto-mfaserver-deploy-upgrade-pf.md).
 
 If you're upgrading from v6.x or older to v7.x or newer, all components change from .NET 2.0 to .NET 4.5. All components also require Microsoft Visual C++ 2015 Redistributable Update 1 or higher. The MFA Server installer installs both the x86 and x64 versions of these components if they aren't already installed. If the User Portal and Mobile App Web Service run on separate servers, you need to install those packages before upgrading those components. You can search for the latest Microsoft Visual C++ 2015 Redistributable update on the [Microsoft Download Center](https://www.microsoft.com/download/). 
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft no longer offers MFA Server for new deployments. New customers that want to require multi-factor authentication (MFA) during sign-in events should use cloud-based Azure AD Multi-Factor Authentication.
->
+> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users’ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).  
+
 > To get started with cloud-based MFA, see [Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication](tutorial-enable-azure-mfa.md).
->
-> Existing customers that activated MFA Server before July 1, 2019 can download the latest version, future updates, and generate activation credentials as usual.
+
 
 Upgrade steps at a glance:
 
@@ -36,7 +35,7 @@ Upgrade steps at a glance:
 
 ## Upgrade Azure MFA Server
 
-1. Use the instructions in [Download the Azure Multi-Factor Authentication Server](howto-mfaserver-deploy.md#download-the-mfa-server) to get the latest version of the Azure MFA Server installer.
+1. Use the instructions in [Download the Azure AD Multi-Factor Authentication Server](howto-mfaserver-deploy.md#download-the-mfa-server) to get the latest version of the Azure MFA Server installer.
 2. Make a backup of the MFA Server data file located at C:\Program Files\Multi-Factor Authentication Server\Data\PhoneFactor.pfdata (assuming the default install location) on your primary MFA Server.
 3. If you run multiple servers for high availability, change the client systems that authenticate to the MFA Server so that they stop sending traffic to the servers that are upgrading. If you use a load balancer, remove a subordinate MFA Server from the load balancer, do the upgrade, and then add the server back into the farm.
 4. Run the new installer on each MFA Server. Upgrade subordinate servers first because they can read the old data file being replicated by the primary.
@@ -113,7 +112,7 @@ These instructions only apply if you run Multi-Factor Authentication Server sepa
 
 ## Next steps
 
-* Get examples of [Advanced scenarios with Azure Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md)
+* Get examples of [Advanced scenarios with Azure AD Multi-Factor Authentication and third-party VPNs](howto-mfaserver-nps-vpn.md)
 
 * [Synchronize MFA Server with Windows Server Active Directory](howto-mfaserver-dir-ad.md)
 
 
@@ -50,7 +50,7 @@ The next section illustrates how to configure the required attributes and claims
 
 ### Before you begin
 
-An AD FS server must already be set up and functioning before you begin this procedure. For help with setting up an AD FS server, see [Create a test AD FS 3.0 instance on an Azure virtual machine](https://medium.com/in-the-weeds/create-a-test-active-directory-federation-services-3-0-instance-on-an-azure-virtual-machine-9071d978e8ed).
+An AD FS server must already be set up and functioning before you begin this procedure. 
 
 ### Add the claim description
 
@@ -68,12 +68,20 @@ An AD FS server must already be set up and functioning before you begin this pro
 
 ### Add the relying party trust
 
-1. On the AD FS server, go to **Tools** > **AD FS management**.
-1. In the navigation pane, select **Relying Party Trusts**.
-1. Under **Actions**, select **Add Relying Party Trust**. 
-1. In the **Add Relying Party Trust** wizard, select **Claims aware**, and then select **Start**.
-1. In the **Select Data Source** section, select the check box for **Import data about the relying party published online or on a local network**. Enter this federation metadata URL: `https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml`. Select **Next**.
-1. Leave the other settings in their default options. Continue to select **Next**, and finally select **Close** to close the wizard.
+1. On the AD FS server, go to **Tools** > **AD FS Management**.
+2. In the navigation pane, select **Relying Party Trusts**.
+3. Under **Actions**, select **Add Relying Party Trust**. 
+4. In the **Add Relying Party Trust** wizard, select **Claims aware**, and then select **Start**.
+5. In the **Select Data Source** section, select the check box for **Import data about the relying party published online or on a local network**. Enter this federation metadata URL: `https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml`. Select **Next**.
+6. Leave the other settings in their default options. Continue to select **Next**, and finally select **Close** to close the wizard.
+7. In **AD FS Management**, under **Relying Party Trusts**, right click the relying party trust you just created and select **Properties**.
+8. In the **Monitoring** tab, uncheck the box **Monitor relying party**.
+9. In the **Identifiers** tab, enter ``https://login.microsoftonline.com/<tenant ID>/`` in the **Relying party identifier** text box using the tenant ID of the service partner’s Azure AD tenant. Select **Add**.
+
+> [!NOTE]
+> Be sure to include a slash (/) after the tenant ID. For example, https://login.microsoftonline.com/094a6247-27d4-489f-a23b-b9672900084d/.
+
+10. Select **OK**.
 
 ### Create claims rules
 
@@ -124,42 +132,53 @@ Required claims for the WS-Fed token issued by the IdP:
 The next section illustrates how to configure the required attributes and claims using AD FS as an example of a WS-Fed IdP.
 
 ### Before you begin
-An AD FS server must already be set up and functioning before you begin this procedure. For help with setting up an AD FS server, see [Create a test AD FS 3.0 instance on an Azure virtual machine](https://medium.com/in-the-weeds/create-a-test-active-directory-federation-services-3-0-instance-on-an-azure-virtual-machine-9071d978e8ed).
+An AD FS server must already be set up and functioning before you begin this procedure. 
 
-### Add the relying party trust and claim rules
+### Add the relying party trust
 
 1. On the AD FS server, go to **Tools** > **AD FS management**.
-1. In the navigation pane, select **Trust Relationships** > **Relying Party Trusts**.
-1. Under **Actions**, select **Add Relying Party Trust**.
-1. In the **Select Data Source** section, select **Enter data about the relying party manually**, and then select **Next**.
-1. On the **Specify Display Name** page, type a name in **Display name**, under **Notes** type a description for this relying party trust, and then select **Next**.
-1. On the **Configure Certificate** page, if you have an optional token encryption certificate, select **Browse** to locate a certificate file, and then select **Next**.
-1. On the **Configure URL** page, select the **Enable support for the WS-Federation Passive protocol** check box. Under **Relying party WS-Federation Passive protocol URL**, type the URL for this relying party trust: `https://login.microsoftonline.com/login.srf`
-1. Select **Next**.
-1. On the **Configure Identifiers** page, specify the relying party trust identifier, including the tenant ID of the service partner’s Azure AD tenant: `https://login.microsoftonline.com/<tenant_ID>/`
-1. Select **Add** to add the identifier to the list, and then select **Next**.
-1. On the **Choose Access Control Policy** page, select a policy, and then select **Next**.
-1. On the **Ready to Add Trust** page, review the settings, and then select **Next** to save your relying party trust information.
-1. On the **Finish** page, select **Close**. This action automatically displays the **Edit Claim Rules** dialog box.
-1. In the **Edit Claim Rules** wizard, select **Add Rule**. In **Choose Rule Type**, select **Send Claims Using a Custom Rule**. Select *Next*.
-1. In **Configure Claim Rule**, specify the following values:
+2. In the navigation pane, select **Trust Relationships** > **Relying Party Trusts**.
+3. Under **Actions**, select **Add Relying Party Trust**.
+4. In the Add Relying Party Trust wizard, select **Claims aware**, and then select Start.
+5. In the **Select Data Source** section, select **Enter data about the relying party manually**, and then select **Next**.
+6. In the **Specify Display Name** page, type a name in **Display name**. You may optionally enter a description for this relying party trust in the **Notes** section. Select **Next**.
+7. Optionally, in the **Configure Certificate** page, if you have a token encryption certificate, select **Browse** to locate a certificate file. Select **Next**.
+8. In the **Configure URL** page, select the **Enable support for the WS-Federation Passive protocol** check box. Under **Relying party WS-Federation Passive protocol URL**, enter the following URL: `https://login.microsoftonline.com/login.srf`
+9. Select **Next**.
+10. In the **Configure Identifiers** page, enter the following URLs and select **Add**. In the second URL, enter the tenant ID of service partner's Azure AD tenant.
+      - `urn:federation:MicrosoftOnline`
+      - `https://login.microsoftonline.com/<tenant ID>/` 
+
+   > [!NOTE]
+   > Be sure to include a slash (/) after the tenant ID, for example: https://login.microsoftonline.com/094a6247-27d4-489f-a23b-b9672900084d/.
+
+11. Select **Next**.
+12. In the **Choose Access Control Policy** page, select a policy, and then select **Next**.
+13. In the **Ready to Add Trust** page, review the settings, and then select **Next** to save your relying party trust information.
+14. In the **Finish** page, select **Close**. select Relying Party Trust and click **Edit Claim Issuance Policy**.
 
-   - **Claim rule name**: Issue Immutable ID  
-   - **Custom rule**: `c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(store = "Active Directory", types = ("http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"), query = "samAccountName={0};objectGUID;{1}", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"), param = c.Value);`
 
-1. Select **Finish**.
-1. The **Edit Claim Rules** window will show the new rule. Click **Apply**.  
-1. In the same **Edit Claim Rules** wizard, select **Add Rule**. In **Choose Rule Type**, select **Send LDAP Attributes as Claims**. Select **Next**.
-1. In **Configure Claim Rule**, specify the following values:
+### Create claims rules
 
+1. Select the Relying Party Trust you just created, and then select **Edit Claim Issuance Policy**.
+2. Select **Add rule**.
+3. Select **Send LDAP Attributes as Claims**, and then select **Next**.
+4. In **Configure Claim Rule**, specify the following values:
    - **Claim rule name**: Email claim rule  
    - **Attribute store**: Active Directory  
    - **LDAP Attribute**: E-Mail-Addresses  
    - **Outgoing Claim Type**: E-Mail Address
 
-1.	Select **Finish**.
-1.	The **Edit Claim Rules** window will show the new rule. Click **Apply**.  
-1.	Click **OK**. The AD FS server is now configured for federation using WS-Fed.
+5. Select **Finish**. 
+6. In the same **Edit Claim Rules** wizard, select **Add Rule**. 
+7. Select **Send Claims Using a Custom Rule**, and then select **Next**.
+8. In **Configure Claim Rule**, specify the following values:
+
+   - **Claim rule name**: Issue Immutable ID  
+   - **Custom rule**: `c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(store = "Active Directory", types = ("http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"), query = "samAccountName={0};objectGUID;{1}", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"), param = c.Value);`
+
+9. Select **Finish**.  
+10. Select **OK**. The AD FS server is now configured for federation using WS-Fed.
 
 ## Next steps
 Next, you'll [configure SAML/WS-Fed IdP federation in Azure AD](direct-federation.md#step-3-configure-samlws-fed-idp-federation-in-azure-ad) either in the Azure AD portal or by using the Microsoft Graph API.
@@ -2,24 +2,17 @@
 title: Azure Active Directory activity logs in Azure Monitor | Microsoft Docs
 description: Introduction to Azure Active Directory activity logs in Azure Monitor
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 4b18127b-d1d0-4bdc-8f9c-6a4c991c5f75
 ms.service: active-directory
 ms.topic: conceptual
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/03/2022
+ms.author: sarahlipsey
 ms.reviewer: besiler
-
 ms.collection: M365-identity-device-management
 ---
-
 # Azure AD activity logs in Azure Monitor
 
 You can route Azure Active Directory (Azure AD) activity logs to several endpoints for long term retention and data insights. This feature allows you to:
@@ -31,25 +24,21 @@ You can route Azure Active Directory (Azure AD) activity logs to several endpoin
 
 > [!VIDEO https://www.youtube.com/embed/syT-9KNfug8]
 
-[!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-log-analytics-rebrand.md)]
-
 ## Supported reports
 
 You can route Azure AD audit logs and sign-in logs to your Azure Storage account, event hub, Azure Monitor logs, or custom solution by using this feature.
 
 * **Audit logs**: The [audit logs activity report](concept-audit-logs.md) gives you access to information about changes applied to your tenant, such as users and group management, or updates applied to your tenant’s resources.
 * **Sign-in logs**: With the [sign-in activity report](concept-sign-ins.md), you can determine who performed the tasks that are reported in the audit logs.
 
-
-
 ## Prerequisites
 
 To use this feature, you need:
 
 * An Azure subscription. If you don't have an Azure subscription, you can [sign up for a free trial](https://azure.microsoft.com/free/).
 * Azure AD Free, Basic, Premium 1, or Premium 2 [license](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing), to access the Azure AD audit logs in the Azure portal. 
 * An Azure AD tenant.
-* A user who's a **global administrator** or **security administrator** for the Azure AD tenant.
+* A user who's a **Global Administrator** or **Security Administrator** for the Azure AD tenant.
 * Azure AD Premium 1, or Premium 2 [license](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing), to access the Azure AD sign-in logs in the Azure portal. 
 
 Depending on where you want to route the audit log data, you need either of the following:
@@ -78,14 +67,6 @@ The following table contains a cost estimate of, depending on the size of the te
 | Sign-ins | 100,000 | 15&nbsp;million | 1.7 TB | $35.41 | $424.92 |
 
 
-
-
-
-
-
-
-
-
 ### Event Hub messages for activity logs
 
 Events are batched into approximately five-minute intervals and sent as a single message that contains all the events within that timeframe. A message in the Event Hub has a maximum size of 256 KB, and if the total size of all the messages within the timeframe exceeds that volume, multiple messages are sent. 
@@ -103,23 +84,12 @@ The following table contains estimated costs per month for a basic Event Hub in
 
 ### Azure Monitor logs cost considerations
 
-
-
 | Log category | Number of users | Events per day | Events per month (30 days) | Cost per month in USD (est.) |
 |:-|--|--|--|-:|
 | Audit and Sign-ins | 100,000 | 16,500,000 | 495,000,000 | $1093.00 |
 | Audit | 100,000 | 1,500,000 | 45,000,000 | $246.66 |
 | Sign-ins | 100,000 | 15,000,000 | 450,000,000 | $847.28 |
 
-
-
-
-
-
-
-
-
-
 To review costs related to managing the Azure Monitor logs, see [Azure Monitor Logs pricing details](../../azure-monitor/logs/cost-logs.md).
 
 ## Frequently asked questions
@@ -174,7 +144,7 @@ This section answers frequently asked questions and discusses known issues with
 
 **Q: What SIEM tools are currently supported?** 
 
-**A**: **A**: Currently, Azure Monitor is supported by [Splunk](./howto-integrate-activity-logs-with-splunk.md), IBM QRadar, [Sumo Logic](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Azure_Active_Directory), [ArcSight](./howto-integrate-activity-logs-with-arcsight.md), LogRhythm, and Logz.io. For more information about how the connectors work, see [Stream Azure monitoring data to an event hub for consumption by an external tool](../../azure-monitor/essentials/stream-monitoring-data-event-hubs.md).
+**A**: Currently, Azure Monitor is supported by [Splunk](./howto-integrate-activity-logs-with-splunk.md), IBM QRadar, [Sumo Logic](https://help.sumologic.com/Send-Data/Applications-and-Other-Data-Sources/Azure_Active_Directory), [ArcSight](./howto-integrate-activity-logs-with-arcsight.md), LogRhythm, and Logz.io. For more information about how the connectors work, see [Stream Azure monitoring data to an event hub for consumption by an external tool](../../azure-monitor/essentials/stream-monitoring-data-event-hubs.md).
 
 ---