Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: tynevi

.openpublishing.redirection.json

@@ -18014,6 +18014,11 @@
       "redirect_url": "/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/authentication/concept-mfa-whichversion.md",
+      "redirect_url": "/azure/active-directory/authentication/concept-mfa-howitworks",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/active-directory/active-directory-b2b-references-csv-file-format.md",
       "redirect_url": "/azure/active-directory/active-directory-b2b-invitation-email",

articles/active-directory/authentication/TOC.yml

@@ -43,8 +43,6 @@
     items:
     - name: How MFA works
       href: concept-mfa-howitworks.md
-    - name: What version is right?
-      href: concept-mfa-whichversion.md
     - name: License your users
       href: concept-mfa-licensing.md
     - name: Manage an Auth Provider

articles/active-directory/authentication/concept-mfa-authprovider.md

@@ -21,8 +21,6 @@ Two-step verification is available by default for global administrators who have
 
 An Azure Multi-Factor Auth Provider is used to take advantage of features provided by Azure Multi-Factor Authentication for users who **do not have licenses**.
 
-If you have licenses that cover all of the users in your organization, then you do not need an Azure Multi-Factor Auth Provider. Create an Azure Multi-Factor Authentication Provider only if you also need to provide two-step verification for some users that don't have licenses.
-
 > [!NOTE]
 > Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated. Multi-factor authentication will continue to be available as a feature in Azure AD Premium licenses.
 

articles/active-directory/authentication/concept-mfa-howitworks.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 10/11/2018
+ms.date: 06/03/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -33,10 +33,10 @@ Azure Multi-Factor Authentication (MFA) helps safeguard access to data and appli
 
 Multi-Factor Authentication comes as part of the following offerings:
 
-* **Azure Active Directory Premium licenses** - Full featured use of Azure Multi-Factor Authentication Service (Cloud) or Azure Multi-Factor Authentication Server (On-premises).
-   * **Azure MFA Service (Cloud)** - **This option is the recommended path for new deployments**. Azure MFA in the cloud requires no on-premises infrastructure and can be used with your federated or cloud-only users.
-   * **Azure MFA Server** - If your organization wants to manage the associated infrastructure elements and has deployed AD FS in your on-premises environment this way may be an option.
-* **Multi-Factor Authentication for Office 365** - A subset of Azure Multi-Factor Authentication capabilities are available as a part of your subscription. For more information about MFA for Office 365, see the article [Plan for multi-factor authentication for Office 365 Deployments](https://support.office.com/article/plan-for-multi-factor-authentication-for-office-365-deployments-043807b2-21db-4d5c-b430-c8a6dee0e6ba).
+* **Azure Active Directory Premium** or **Microsoft 365 Business** - Full featured use of Azure Multi-Factor Authentication using Conditional Access policies to require multi-factor authentication.
+
+* **Azure AD Free**, **Azure AD Basic**, or standalone **Office 365** licenses - Use pre-created [Conditional Access baseline protection policies](../conditional-access/concept-baseline-protection.md) to require multi-factor authentication for your users and administrators.
+
 * **Azure Active Directory Global Administrators** - A subset of Azure Multi-Factor Authentication capabilities are available as a means to protect global administrator accounts.
 
 > [!NOTE]
@@ -48,16 +48,9 @@ Since most users are accustomed to using only passwords to authenticate, it is i
 
 * Train your support staff to handle scenarios where the user can't sign in because they do not have access to their authentication methods or they are not working correctly.
    * Using conditional access policies for Azure MFA Service, your support staff can add a user to a group that is excluded from a policy requiring MFA.
-   * Support staff can enable a temporary one-time bypass for Azure MFA Server users to allow a user to authenticate without two-step verification. The bypass is temporary and expires after a specified number of seconds.   
-* Consider using Trusted IPs or named locations as a way to minimize two-step verification prompts. With this feature, administrators of a managed or federated tenant can bypass two-step verification for users that are signing in from a trusted network location such as their organization's intranet.
+* Consider using Conditional Access named locations as a way to minimize two-step verification prompts. With this functionality, administrators can bypass two-step verification for users that are signing in from a secure trusted network location such as a network segment used for new user onboarding.
 * Deploy [Azure AD Identity Protection](../active-directory-identityprotection.md) and trigger two-step verification based on risk events.
 
 ## Next steps
 
-- Get a step-by-step MFA [deployment plan](https://aka.ms/MFADeploymentPlan)
-
-- Find details about [licensing your users](concept-mfa-licensing.md)
-
-- Get details about [which version to deploy](concept-mfa-whichversion.md)
-
-- Find answers to [Frequently asked questions](multi-factor-authentication-faq.md)
+- [Step-by-step Azure Multi-Factor Authentication deployment](howto-mfa-getstarted.md)

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 01/11/2019
+ms.date: 06/03/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -28,9 +28,9 @@ The following table describes the differences between three versions of multi-fa
 
 | Version | Description |
 | --- | --- |
-| Multi-Factor Authentication for Office 365 <br> Microsoft 365 Business |This version works exclusively with Office 365 applications and is managed from the Office 365 or Microsoft 365 portal. Administrators can [secure Office 365 resources with two-step verification](https://support.office.com/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6). This version is part of an Office 365 or Microsoft 365 Business subscription. |
-| Multi-Factor Authentication for Azure AD Administrators | Users assigned the Azure AD Global Administrator role in Azure AD tenants can enable two-step verification at no additional cost.|
-| Azure Multi-Factor Authentication | Often referred to as the "full" version, Azure Multi-Factor Authentication offers the richest set of capabilities. It provides additional configuration options via the [Azure portal](https://portal.azure.com), advanced reporting, and support for a range of on-premises and cloud applications. Azure Multi-Factor Authentication is a feature of [Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory-features), and can be deployed either in the cloud or on-premises. |
+| Multi-Factor Authentication for Office 365 <br> Microsoft 365 Business | This version is managed from the Office 365 or Microsoft 365 portal. Administrators can [secure Office 365 resources with two-step verification](https://support.office.com/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6). This version is part of an Office 365 or Microsoft 365 Business subscription. |
+| Multi-Factor Authentication for Azure AD Administrators | Users assigned the Azure AD Global Administrator role in Azure AD tenants can enable two-step verification at no additional cost. |
+| Azure Multi-Factor Authentication | Often referred to as the "full" version, Azure Multi-Factor Authentication offers the richest set of capabilities. It provides additional configuration options via the [Azure portal](https://portal.azure.com), advanced reporting, and support for a range of on-premises and cloud applications. Azure Multi-Factor Authentication is a feature of [Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory-features). |
 
 > [!NOTE]
 > New customers may no longer purchase Azure Multi-Factor Authentication as a standalone offering effective September 1st, 2018. Multi-factor authentication will continue to be available as a feature in Azure AD Premium licenses.
@@ -51,7 +51,7 @@ The following table provides a list of the features that are available in the va
 | SMS as a second factor |● |● |● |
 | App passwords for clients that don't support MFA |● |● |● |
 | Admin control over verification methods |● |● |● |
-| Protect non-admin accounts with MFA |● (Only for Office 365 applications) | |● |
+| Protect non-admin accounts with MFA |● | |● |
 | PIN mode | | |● |
 | Fraud alert | | |● |
 | MFA Reports | | |● |
@@ -71,17 +71,13 @@ Users assigned the Global Administrator role in Azure AD tenants can enable two-
 
 ## How to purchase Azure Multi-Factor Authentication
 
-If you would like the full functionality offered by Azure Multi-Factor Authentication, there are several options:
+Purchase licenses that include Azure Multi-Factor Authentication, like Azure Active Directory Premium, or a license bundle that includes Azure AD Premium, or Conditional Access and assign them to your users in Azure Active Directory.
 
-### Option 1 - Licenses that include MFA
+### Consumption-based licensing
 
-Purchase licenses that include Azure Multi-Factor Authentication, like Azure Active Directory Premium or a license bundle that includes Azure AD Premium, and assign them to your users in Azure Active Directory.
+Consumption-based licensing is no longer available to new customers effective September 1, 2018.
 
-### Option 2 - MFA consumption-based model
-
-This option is no longer available to new customers effective September 1, 2018.
-
-Effective September 1st, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated. Multi-factor authentication will continue to be an available feature in Azure AD Premium licenses.
+Effective September 1, 2018 new auth providers may no longer be created. Existing auth providers may continue to be used and updated. Multi-factor authentication will continue to be an available feature in Azure AD Premium licenses.
 
 When using an Azure Multi-Factor Authentication Provider, there are two usage models available that are billed through your Azure subscription:
 

articles/active-directory/authentication/concept-mfa-whichversion.md

@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 11/26/2018
+ms.date: 06/03/2019
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -17,9 +17,9 @@ ms.collection: M365-identity-device-management
 ---
 # Configure Azure Multi-Factor Authentication settings
 
-This article helps you to manage Multi-Factor Authentication settings in the Azure portal. It covers various topics that help you to get the most out of Azure Multi-Factor Authentication. Not all of the features are available in every [version of Azure Multi-Factor Authentication](concept-mfa-whichversion.md#what-features-do-i-need).
+This article helps you to manage Multi-Factor Authentication settings in the Azure portal. It covers various topics that help you to get the most out of Azure Multi-Factor Authentication. Not all of the features are available in every version of Azure Multi-Factor Authentication.
 
-You can access settings related to Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **MFA**.
+You can access settings related to Azure Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **MFA**.
 
 ![Azure portal - Azure AD Multi-Factor Authentication settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-portal.png)
 
@@ -30,7 +30,7 @@ Some of these settings apply to MFA Server, Azure MFA, or both.
 | Feature | Description |
 | ------- | ----------- |
 | Account lockout | Temporarily lock accounts in the multi-factor authentication service if there are too many denied authentication attempts in a row. This feature only applies to users who enter a PIN to authenticate. (MFA Server) |
-| [Block/unblock users](#block-and-unblock-users) | Used to block specific users on MFA Server (on-premises) from being able to receive Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked. |
+| [Block/unblock users](#block-and-unblock-users) | Used to block specific users from being able to receive Multi-Factor Authentication requests. Any authentication attempts for blocked users are automatically denied. Users remain blocked for 90 days from the time that they are blocked. |
 | [Fraud alert](#fraud-alert) | Configure settings related to users ability to report fraudulent verification requests |
 | Notifications | Enable notifications of events from MFA Server. |
 | [OATH tokens](concept-authentication-methods.md#oath-hardware-tokens-public-preview) | Used in cloud-based Azure MFA environments to manage OATH tokens for users. |

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -97,7 +97,7 @@ Now that you have an application in Azure AD, you can install ADAL and write you
     link_with ['QuickStart']
     xcodeproj 'QuickStart'
 
-    pod 'ADALiOS'
+    pod 'ADAL'
     ```
 
 1. Load the podfile by using CocoaPods. This step creates a new XCode workspace that you load.