[Azure AD] Conditional Access - Branding bulk update 1

Author: MicrosoftGuyJFlo

articles/active-directory/authentication/concept-mfa-howitworks.md

@@ -47,7 +47,7 @@ Multi-Factor Authentication comes as part of the following offerings:
 Since most users are accustomed to using only passwords to authenticate, it is important that your organization communicates to all users regarding this process. Awareness can reduce the likelihood that users call your help desk for minor issues related to MFA. However, there are some scenarios where temporarily disabling MFA is necessary. Use the following guidelines to understand how to handle those scenarios:
 
 * Train your support staff to handle scenarios where the user can't sign in because they do not have access to their authentication methods or they are not working correctly.
-   * Using conditional access policies for Azure MFA Service, your support staff can add a user to a group that is excluded from a policy requiring MFA.
+   * Using Conditional Access policies for Azure MFA Service, your support staff can add a user to a group that is excluded from a policy requiring MFA.
 * Consider using Conditional Access named locations as a way to minimize two-step verification prompts. With this functionality, administrators can bypass two-step verification for users that are signing in from a secure trusted network location such as a network segment used for new user onboarding.
 * Deploy [Azure AD Identity Protection](../active-directory-identityprotection.md) and trigger two-step verification based on risk events.
 

articles/active-directory/authentication/concept-registration-mfa-sspr-combined.md

@@ -54,7 +54,7 @@ Combined registration supports the following authentication methods and actions:
 | App passwords | Yes | No | Yes |
 
 > [!NOTE]
-> App passwords are available only to users who have been enforced for Multi-Factor Authentication. App passwords are not available to users who are enabled for Multi-Factor Authentication via a conditional access policy.
+> App passwords are available only to users who have been enforced for Multi-Factor Authentication. App passwords are not available to users who are enabled for Multi-Factor Authentication via a Conditional Access policy.
 
 Users can set one of the following options as the default Multi-Factor Authentication method:
 
@@ -83,7 +83,7 @@ Here are several scenarios in which users might be prompted to register or refre
 
 - Multi-Factor Authentication registration enforced through Identity Protection: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
 - Multi-Factor Authentication registration enforced through per-user Multi-Factor Authentication: Users are asked to register during sign-in. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
-- Multi-Factor Authentication registration enforced through conditional access or other policies: Users are asked to register when they use a resource that requires Multi-Factor Authentication. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
+- Multi-Factor Authentication registration enforced through Conditional Access or other policies: Users are asked to register when they use a resource that requires Multi-Factor Authentication. They register Multi-Factor Authentication methods and SSPR methods (if the user is enabled for SSPR).
 - SSPR registration enforced: Users are asked to register during sign-in. They register only SSPR methods.
 - SSPR refresh enforced: Users are required to review their security info at an interval set by the admin. Users are shown their info and can confirm the current info or make changes if needed.
 

articles/active-directory/authentication/concept-resilient-controls.md

@@ -31,8 +31,8 @@ This document provides guidance on strategies an organization should adopt to pr
 There are four key takeaways in this document:
 
 * Avoid administrator lockout by using emergency access accounts.
-* Implement MFA using conditional access (CA) rather than per-user MFA.
-* Mitigate user lockout by using multiple conditional access (CA) controls.
+* Implement MFA using Conditional Access (CA) rather than per-user MFA.
+* Mitigate user lockout by using multiple Conditional Access (CA) controls.
 * Mitigate user lockout by provisioning multiple authentication methods or equivalents for each user.
 
 ## Before a disruption
@@ -52,11 +52,11 @@ To unlock admin access to your tenant, you should create emergency access accoun
 
 ### Mitigating user lockout
 
- To mitigate the risk of user lockout, use conditional access policies with multiple controls to give users a choice of how they will access apps and resources. By giving a user the choice between, for example, signing in with MFA **or** signing in from a managed device **or** signing in from the corporate network, if one of the access controls is unavailable the user has other options to continue to work.
+ To mitigate the risk of user lockout, use Conditional Access policies with multiple controls to give users a choice of how they will access apps and resources. By giving a user the choice between, for example, signing in with MFA **or** signing in from a managed device **or** signing in from the corporate network, if one of the access controls is unavailable the user has other options to continue to work.
 
 #### Microsoft recommendations
 
-Incorporate the following access controls in your existing conditional access policies for organization:
+Incorporate the following access controls in your existing Conditional Access policies for organization:
 
 1. Provision multiple authentication methods for each user that rely on different communication channels, for example the Microsoft Authenticator app (internet-based), OATH token (generated on-device), and SMS (telephonic).
 2. Deploy Windows Hello for Business on Windows 10 devices to satisfy MFA requirements directly from device sign-in.
@@ -103,7 +103,7 @@ Alternatively, your organization can also create contingency policies. To create
 
 #### Microsoft recommendations
 
-A contingency conditional access policy is a **disabled policy** that omits Azure MFA, third-party MFA, risk-based or device-based controls. Then, when your organization decides to activate your contingency plan, administrators can enable the policy and disable the regular control-based policies.
+A contingency Conditional Access policy is a **disabled policy** that omits Azure MFA, third-party MFA, risk-based or device-based controls. Then, when your organization decides to activate your contingency plan, administrators can enable the policy and disable the regular control-based policies.
 
 >[!IMPORTANT]
 > Disabling policies that enforce security on your users, even temporarily, will reduce your security posture while the contingency plan is in place.
@@ -241,7 +241,7 @@ Undo the changes you made as part of the activated contingency plan once the ser
 
 ## Emergency options
 
- In case of an emergency and your organization did not previously implement a mitigation or contingency plan, then follow the recommendations in the [Contingencies for user lockout](#contingencies-for-user-lockout) section if they already use conditional access policies to enforce MFA.
+ In case of an emergency and your organization did not previously implement a mitigation or contingency plan, then follow the recommendations in the [Contingencies for user lockout](#contingencies-for-user-lockout) section if they already use Conditional Access policies to enforce MFA.
  If your organization is using per-user MFA legacy policies, then you can consider the following alternative:
 
 1. If you have the corporate network outbound IP address, you can add them as trusted IPs to enable authentication only to the corporate network.
@@ -262,5 +262,5 @@ Undo the changes you made as part of the activated contingency plan once the ser
 * [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan)
 * [Windows Hello for Business Deployment Guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-deployment-guide)
   * [Password Guidance - Microsoft Research](https://research.microsoft.com/pubs/265143/microsoft_password_guidance.pdf)
-* [What are conditions in Azure Active Directory conditional access?](https://docs.microsoft.com/azure/active-directory/conditional-access/conditions)
-* [What are access controls in Azure Active Directory conditional access?](https://docs.microsoft.com/azure/active-directory/conditional-access/controls)
+* [What are conditions in Azure Active Directory Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/conditions)
+* [What are access controls in Azure Active Directory Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/controls)

articles/active-directory/authentication/howto-mfa-adfs.md

@@ -83,10 +83,10 @@ The first thing we need to do is to configure the AD FS claims. Create two claim
 Now that the claims are in place, we can configure trusted IPs.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Select **Azure Active Directory** > **Conditional access** > **Named locations**.
-3. From the **Conditional access - Named locations** blade, select **Configure MFA trusted IPs**
+2. Select **Azure Active Directory** > **Conditional Access** > **Named locations**.
+3. From the **Conditional Access - Named locations** blade, select **Configure MFA trusted IPs**
 
-   ![Azure AD conditional access named locations Configure MFA trusted IPs](./media/howto-mfa-adfs/trustedip6.png)
+   ![Azure AD Conditional Access named locations Configure MFA trusted IPs](./media/howto-mfa-adfs/trustedip6.png)
 
 4. On the Service Settings page, under **trusted IPs**, select **Skip multi-factor-authentication for requests from federated users on my intranet**.  
 5. Click **save**.

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -188,7 +188,7 @@ Some applications, like Office 2010 or earlier and Apple Mail before iOS 11, don
 Modern authentication is supported for the Microsoft Office 2013 clients and later. Office 2013 clients including Outlook, support modern authentication protocols and can be enabled to work with two-step verification. After the client is enabled, app passwords aren't required for the client.
 
 >[!NOTE]
->App passwords do not work with conditional access based multi-factor authentication policies and modern authentication.
+>App passwords do not work with Conditional Access based multi-factor authentication policies and modern authentication.
 
 ### Considerations about app passwords
 
@@ -256,7 +256,7 @@ Users can also create app passwords after registration. For more information and
 The _Trusted IPs_ feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet. The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators. For details on how to get the full version of Azure Multi-Factor Authentication, see [Azure Multi-Factor Authentication](multi-factor-authentication.md).
 
 > [!NOTE]
-> MFA trusted IPs and conditional access named locations only work with IPV4 addresses.
+> MFA trusted IPs and Conditional Access named locations only work with IPV4 addresses.
 
 If your organization deploys the NPS extension to provide MFA to on-premises applications note the source IP address will always appear to be the NPS server the authentication attempt flows through.
 
@@ -277,20 +277,20 @@ When the Trusted IPs feature is enabled, two-step verification is *not* required
 
 Regardless of whether the Trusted IPs feature is enabled, two-step verification is required for browser flows. App passwords are required for older rich client applications.
 
-### Enable named locations by using conditional access
+### Enable named locations by using Conditional Access
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **Conditional access** > **Named locations**.
+2. On the left, select **Azure Active Directory** > **Conditional Access** > **Named locations**.
 3. Select **New location**.
 4. Enter a name for the location.
 5. Select **Mark as trusted location**.
 6. Enter the IP Range in CIDR notation like **192.168.1.1/24**.
 7. Select **Create**.
 
-### Enable the Trusted IPs feature by using conditional access
+### Enable the Trusted IPs feature by using Conditional Access
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **Conditional access** > **Named locations**.
+2. On the left, select **Azure Active Directory** > **Conditional Access** > **Named locations**.
 3. Select **Configure MFA trusted IPs**.
 4. On the **Service Settings** page, under **Trusted IPs**, choose from any of the following two options:
 
@@ -364,7 +364,7 @@ The remember Multi-Factor Authentication feature sets a persistent cookie on the
 
 The **Don't ask again for X days** option isn't shown on non-browser applications, regardless of whether the app supports modern authentication. These apps use _refresh tokens_ that provide new access tokens every hour. When a refresh token is validated, Azure AD checks that the last two-step verification occurred within the specified number of days.
 
-The feature reduces the number of authentications on web apps, which normally prompt every time. The feature increases the number of authentications for modern authentication clients that normally prompt every 90 days. May also increase the number of authentications when combined with conditional access policies.
+The feature reduces the number of authentications on web apps, which normally prompt every time. The feature increases the number of authentications for modern authentication clients that normally prompt every 90 days. May also increase the number of authentications when combined with Conditional Access policies.
 
 >[!IMPORTANT]
 >The **remember Multi-Factor Authentication** feature is not compatible with the **keep me signed in** feature of AD FS, when users perform two-step verification for AD FS through Azure Multi-Factor Authentication Server or a third-party multi-factor authentication solution.

articles/active-directory/authentication/howto-mfa-nps-extension.md

@@ -131,7 +131,7 @@ Before you deploy and use the NPS extension, users that are required to perform
 Use these steps to get a test account started:
 1. Sign in to [https://aka.ms/mfasetup](https://aka.ms/mfasetup) with a test account. 
 2. Follow the prompts to set up a verification method.
-3. Either create a conditional access policy or [change the user state](howto-mfa-userstates.md) to require two-step verification for the test account. 
+3. Either create a Conditional Access policy or [change the user state](howto-mfa-userstates.md) to require two-step verification for the test account. 
 
 Your users also need to follow these steps to enroll before they can authenticate with the NPS extension.
 

articles/active-directory/authentication/howto-mfa-reporting.md

@@ -56,7 +56,7 @@ This data is available through the [Azure portal](https://portal.azure.com) and
 
 The sign-in activity reports for MFA give you access to the following information:
 
-**MFA required:** Whether MFA is required for the sign-in or not. MFA can be required due to per-user MFA, conditional access, or other reasons. Possible values are **Yes** or **No**.
+**MFA required:** Whether MFA is required for the sign-in or not. MFA can be required due to per-user MFA, Conditional Access, or other reasons. Possible values are **Yes** or **No**.
 
 **MFA Result:** More information on whether MFA was satisfied or denied:
 
@@ -112,7 +112,7 @@ The sign-in activity reports for MFA give you access to the following informatio
 
 **MFA authentication detail:** Scrubbed version of the phone number, for example: +X XXXXXXXX64.
 
-**Conditional Access** Find information about conditional access policies that affected the sign-in attempt including:
+**Conditional Access** Find information about Conditional Access policies that affected the sign-in attempt including:
 
 - Policy name
 - Grant controls

articles/active-directory/authentication/howto-registration-mfa-sspr-combined.md

@@ -48,17 +48,17 @@ If you have configured the Site to Zone Assignment List in Internet Explorer, th
 * [https://mysignins.microsoft.com](https://mysignins.microsoft.com)
 * [https://account.activedirectory.windowsazure.com](https://account.activedirectory.windowsazure.com)
 
-## Conditional access policies for combined registration
+## Conditional Access policies for combined registration
 
-Securing when and how users register for Azure Multi-Factor Authentication and self-service password reset is now possible with user actions in conditional access policy. This preview feature is available to organizations who have enabled the [combined registration preview](../authentication/concept-registration-mfa-sspr-combined.md). This functionality may be enabled in organizations where they want users to register for Azure Multi-Factor Authentication and SSPR from a central location such as a trusted network location during HR onboarding. For more information about creating trusted locations in conditional access, see the article [What is the location condition in Azure Active Directory conditional access?](../conditional-access/location-condition.md#named-locations)
+Securing when and how users register for Azure Multi-Factor Authentication and self-service password reset is now possible with user actions in Conditional Access policy. This preview feature is available to organizations who have enabled the [combined registration preview](../authentication/concept-registration-mfa-sspr-combined.md). This functionality may be enabled in organizations where they want users to register for Azure Multi-Factor Authentication and SSPR from a central location such as a trusted network location during HR onboarding. For more information about creating trusted locations in Conditional Access, see the article [What is the location condition in Azure Active Directory Conditional Access?](../conditional-access/location-condition.md#named-locations)
 
 ### Create a policy to require registration from a trusted location
 
 The following policy applies to all selected users, who attempt to register using the combined registration experience, and blocks access unless they are connecting from a location marked as trusted network.
 
 ![Create a CA policy to control security info registration](media/howto-registration-mfa-sspr-combined/conditional-access-register-security-info.png)
 
-1. In the **Azure portal**, browse to **Azure Active Directory** > **Conditional access**
+1. In the **Azure portal**, browse to **Azure Active Directory** > **Conditional Access**
 1. Select **New policy**
 1. In Name, Enter a Name for this policy. For example, **Combined Security Info Registration on Trusted Networks**
 1. Under **Assignments**, click **Users and groups**, and select the users and groups you want this policy to apply to
@@ -89,4 +89,4 @@ The following policy applies to all selected users, who attempt to register usin
 
 [Troubleshooting combined security info registration](howto-registration-mfa-sspr-combined-troubleshoot.md)
 
-[What is the location condition in Azure Active Directory conditional access?](../conditional-access/location-condition.md)
+[What is the location condition in Azure Active Directory Conditional Access?](../conditional-access/location-condition.md)