Merge pull request #223835 from shlipsey3/reports-issue-cleanup-011223

reports-issue-cleanup-011223

Author: JamesJBarnett

.openpublishing.redirection.active-directory.json

@@ -4371,6 +4371,11 @@
       "redirect_url": "/azure/active-directory/reports-monitoring/reports-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/active-directory/reports-monitoring/workbook-legacy authentication.md",
+      "redirect_url": "/azure/active-directory/reports-monitoring/workbook-legacy-authentication",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/active-directory/reports-monitoring/troubleshoot-missing-audit-data.md",
       "redirect_url": "/azure/active-directory/reports-monitoring/reports-faq",

articles/active-directory/authentication/howto-authentication-methods-activity.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 07/13/2021
+ms.date: 01/12/2023
 
 ms.author: justinha
 author: sopand
@@ -112,7 +112,7 @@ The registration details report shows the following information for each user:
 - SSPR Registered (Registered, Not Registered)
 - SSPR Enabled (Enabled, Not Enabled)
 - SSPR Capable (Capable, Not Capable) 
-- Methods registered (Email, Mobile Phone, Alternative Mobile Phone, Office Phone, Microsoft Authenticator Push, Software One Time Passcode, FIDO2, Security Key, Security questions)
+- Methods registered (Email, Mobile Phone, Alternative Mobile Phone, Office Phone, Microsoft Authenticator Push, Software One Time Passcode, FIDO2, Security Key, Security questions, Hardware OATH token)
 
   ![Screenshot of user registration details](media/how-to-authentication-methods-usage-insights/registration-details.png)
 
@@ -133,7 +133,7 @@ The registration details report shows the following information for each user:
 ## Limitations
 
 - The data in the report is not updated in real-time and may reflect a latency of up to a few hours.
-- The **PhoneAppNotification** or **PhoneAppOTP** methods that a user might have configured are not displayed in the dashboard. 
+- The **PhoneAppNotification** or **PhoneAppOTP** methods that a user might have configured are not displayed in the dashboard on **Azure AD Authentication methods - Policies**. 
 
 ## Next steps
 

articles/active-directory/reports-monitoring/concept-activity-logs-azure-monitor.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 12/02/2022
+ms.date: 01/12/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 ms.collection: M365-identity-device-management
@@ -57,11 +57,12 @@ Once you have your endpoint established, go to **Azure AD** and then **Diagnosti
 
 If you already have an Azure AD license, you need an Azure subscription to set up the storage account and Event Hubs. The Azure subscription comes at no cost, but you have to pay to utilize Azure resources, including the storage account that you use for archival and the Event Hubs that you use for streaming. The amount of data and, thus, the cost incurred, can vary significantly depending on the tenant size. 
 
+Azure Monitor provides the option to exclude whole events, fields, or parts of fields when ingesting logs from Azure AD. Learn more about this cost saving feature in [Data collection transformation in Azure Monitor](../../azure-monitor/essentials/data-collection-transformations.md).
+
 ### Storage size for activity logs
 
 Every audit log event uses about 2 KB of data storage. Sign in event logs are about 4 KB of data storage. For a tenant with 100,000 users, which would incur about 1.5 million events per day, you would need about 3 GB of data storage per day. Because writes occur in approximately five-minute batches, you can anticipate approximately 9,000 write operations per month. 
 
-
 The following table contains a cost estimate of, depending on the size of the tenant, a general-purpose v2 storage account in West US for at least one year of retention. To create a more accurate estimate for the data volume that you anticipate for your application, use the [Azure storage pricing calculator](https://azure.microsoft.com/pricing/details/storage/blobs/).
 
 
@@ -75,9 +76,6 @@ The following table contains a cost estimate of, depending on the size of the te
 
 If you want to know for how long the activity data is stored in a Premium tenant, see: [How long does Azure AD store the data?](reference-reports-data-retention.md#how-long-does-azure-ad-store-the-data)
 
-
-
-
 ### Event Hubs messages for activity logs
 
 Events are batched into approximately five-minute intervals and sent as a single message that contains all the events within that timeframe. A message in the Event Hubs has a maximum size of 256 KB. If the total size of all the messages within the timeframe exceeds that volume, multiple messages are sent. 

articles/active-directory/reports-monitoring/concept-all-sign-ins.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 01/05/2023
+ms.date: 01/12/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 ms.collection: M365-identity-device-management
@@ -262,6 +262,7 @@ When analyzing authentication details, take note of the following details:
 - The **Authentication details** tab can initially show incomplete or inaccurate data until log information is fully aggregated. Known examples include: 
     - A **satisfied by claim in the token** message is incorrectly displayed when sign-in events are initially logged. 
     - The **Primary authentication** row isn't initially logged. 
+- If you're unsure of a detail in the logs, gather the **Request ID** and **Correlation ID** to use for further analyzing or troubleshooting.
 
 ## Sign-in data used by other services
 

articles/active-directory/reports-monitoring/concept-sign-ins.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 11/04/2022
+ms.date: 01/12/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 ms.collection: M365-identity-device-management
@@ -156,7 +156,8 @@ When analyzing authentication details, take note of the following details:
 - **OATH verification code** is logged as the authentication method for both OATH hardware and software tokens (such as the Microsoft Authenticator app).
 - The **Authentication details** tab can initially show incomplete or inaccurate data until log information is fully aggregated. Known examples include: 
     - A **satisfied by claim in the token** message is incorrectly displayed when sign-in events are initially logged. 
-    - The **Primary authentication** row isn't initially logged. 
+    - The **Primary authentication** row isn't initially logged.
+- If you're unsure of a detail in the logs, gather the **Request ID** and **Correlation ID** to use for further analyzing or troubleshooting.
 
 ## Sign-in data used by other services
 

articles/active-directory/reports-monitoring/media/workbook-legacy-authentication/sign-ins-legacy-auth.png

@@ -95,10 +95,6 @@ items:
       href: concept-sign-in-diagnostics-scenarios.md
     - name: Troubleshoot sign-in errors for a user
       href: howto-troubleshoot-sign-in-errors.md
-    - name: Missing audit data
-      href: troubleshoot-missing-audit-data.md
-    - name: Missing data in download
-      href: troubleshoot-missing-data-download.md
     - name: Cannot access Graph APIs for reporting
       href: troubleshoot-graph-api.md
     - name: Audit data on verified domain change

articles/active-directory/reports-monitoring/toc.yml

@@ -25,7 +25,7 @@ This article gives you an overview of this workbook.
 
 ## Description
 
-![Workbook category](./media/workbook-risk-analysis/workbook-category.png)
+![Screenshot of workbook thumbnail.](./media/workbook-legacy-authentication/sign-ins-legacy-auth.png)
 
 Azure AD supports several of the most widely used authentication and authorization protocols including legacy authentication. Legacy authentication refers to basic authentication, which was once a widely used industry-standard method for passing user name and password information through a client to an identity provider.