MicrosoftDocs
diff --git a/‎articles/active-directory-b2c/enable-authentication-web-api.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory-b2c/enable-authentication-web-api.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory-b2c/relyingparty.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory-b2c/relyingparty.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/authentication/howto-mfa-nps-extension-errors.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/authentication/howto-mfa-nps-extension-errors.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/concept-conditional-access-grant.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/conditional-access/concept-conditional-access-grant.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/enterprise-users/groups-troubleshooting.md
Lines changed: 2 additions & 1 deletion b/‎articles/active-directory/enterprise-users/groups-troubleshooting.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/active-directory/enterprise-users/licensing-directory-independence.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/enterprise-users/licensing-directory-independence.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/enterprise-users/licensing-group-advanced.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/enterprise-users/licensing-group-advanced.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/enterprise-users/licensing-groups-assign.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/enterprise-users/licensing-groups-assign.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/active-directory/enterprise-users/licensing-groups-change-licenses.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/enterprise-users/licensing-groups-change-licenses.md
Lines changed: 2 additions & 2 deletions
@@ -126,7 +126,7 @@ npm install passport-azure-ad
 npm install morgan
 ```
 
-The [morgen package](https://www.npmjs.com/package/morgan) is an HTTP request logger middleware for Node.js.
+The [morgan package](https://www.npmjs.com/package/morgan) is an HTTP request logger middleware for Node.js.
 
 ---
 
 
@@ -8,7 +8,7 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 11/09/2021
+ms.date: 06/26/2022
 ms.custom: project-no-code
 ms.author: kengaderdus
 ms.subservice: B2C
@@ -286,7 +286,7 @@ The **SubjectNamingInfo** element contains the following attribute:
 
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
-| ClaimType | Yes | A reference to an output claim's **PartnerClaimType**. The output claims must be defined in the relying party policy **OutputClaims** collection. |
+| ClaimType | Yes | A reference to an output claim's **PartnerClaimType**. The output claims must be defined in the relying party policy **OutputClaims** collection with a **PartnerClaimType**. For example, `<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />`, or `<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInName" />`. |
 | Format | No | Used for SAML Relying parties to set the **NameId format** returned in the SAML Assertion. |
 
 The following example shows how to define an OpenID Connect relying party. The subject name info is configured as the `objectId`:
 
@@ -86,7 +86,7 @@ When you've completed all these steps, your app should be running and available.
 ## Considerations
 
 - Application Proxy is used to provide remote access to apps on-premises or on private cloud. Application Proxy is not recommended to handle traffic originating internally from the corporate network.
-- Access to header-based authentication applications should be restricted to only traffic from the connector or other permitted header-based authentication solution. This is commonly done through restricting network access to the application using a firewall or IP restriction on the application server.
+- **Access to header-based authentication applications should be restricted to only traffic from the connector or other permitted header-based authentication solution**. This is commonly done through restricting network access to the application using a firewall or IP restriction on the application server to avoid exposing to the attackers.
 
 ## Next steps
 
 
@@ -27,7 +27,7 @@ If you encounter errors with the NPS extension for Azure AD Multi-Factor Authent
 | **CONTACT_SUPPORT** | [Contact support](#contact-microsoft-support), and mention the list of steps for collecting logs. Provide as much information as you can about what happened before the error, including tenant ID, and user principal name (UPN). |
 | **CLIENT_CERT_INSTALL_ERROR** | There may be an issue with how the client certificate was installed or associated with your tenant. Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert problems. |
 | **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and security token problems. |
-| **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and that TLS 1.2 is enabled (default). If TLS 1.2 is disabled, user authentication will fail and event ID 36871 with source SChannel is entered in the System log in Event Viewer. To verify TLS 1.2 is enabled, see [TLS registry settings](/windows-server/security/tls/tls-registry-settings.md#tls-dtls-and-ssl-protocol-version-settings). |
+| **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and that TLS 1.2 is enabled (default). If TLS 1.2 is disabled, user authentication will fail and event ID 36871 with source SChannel is entered in the System log in Event Viewer. To verify TLS 1.2 is enabled, see [TLS registry settings](/windows-server/security/tls/tls-registry-settings#tls-dtls-and-ssl-protocol-version-settings). |
 | **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com/`. If those sites don't load, troubleshoot connectivity on that server. |
 | **NPS Extension for Azure AD MFA:** <br> NPS Extension for Azure AD MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com` using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
 | **REGISTRY_CONFIG_ERROR** | A key is missing in the registry for the application, which may be because the [PowerShell script](howto-mfa-nps-extension.md#install-the-nps-extension) wasn't run after installation. The error message should include the missing key. Make sure you have the key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa. |
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 01/27/2022
+ms.date: 06/27/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -99,7 +99,7 @@ The following client apps have been confirmed to support this setting:
 - Microsoft Invoicing
 - Microsoft Kaizala
 - Microsoft Launcher
-- Microsoft Lists (iOS)
+- Microsoft Lists
 - Microsoft Office
 - Microsoft OneDrive
 - Microsoft OneNote
 
@@ -8,14 +8,15 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: enterprise-users
 ms.topic: troubleshooting
-ms.date: 12/02/2020
+ms.date: 06/24/2022
 ms.author: curtand
 ms.reviewer: krbain
 ms.custom: it-pro
 ms.collection: M365-identity-device-management
 ---
 
 # Troubleshoot and resolve groups issues
+This article contains troubleshooting information for groups in Azure Active Directory (Azure AD), part of Microsoft Entra.
 
 ## Troubleshooting group creation issues
 
 
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.topic: overview
 ms.workload: identity
-ms.date: 12/02/2020
+ms.date: 06/24/2022
 ms.author: curtand
 ms.custom: it-pro
 ms.reviewer: sumitp
@@ -18,7 +18,7 @@ ms.collection: M365-identity-device-management
 
 # Understand how multiple Azure Active Directory tenant organizations interact
 
-In Azure Active Directory (Azure AD), each Azure AD organization is fully independent: a peer that is logically independent from the other Azure AD organizations that you manage. This independence between organizations includes resource independence, administrative independence, and synchronization independence. There is no parent-child relationship between organizations.
+In Azure Active Directory (Azure AD, part of Microsoft Entra, each Azure AD organization is fully independent: a peer that is logically independent from the other Azure AD organizations that you manage. This independence between organizations includes resource independence, administrative independence, and synchronization independence. There is no parent-child relationship between organizations.
 
 ## Resource independence
 
 
@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.topic: how-to
 ms.workload: identity
-ms.date: 09/22/2021
+ms.date: 06/24/2022
 ms.author: curtand
 ms.reviewer: sumitp
 ms.custom: it-pro
@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 # Scenarios, limitations, and known issues using groups to manage licensing in Azure Active Directory
 
-Use the following information and examples to gain a more advanced understanding of Azure Active Directory (Azure AD) group-based licensing.
+Use the following information and examples to gain a more advanced understanding of group-based licensing in Azure Active Directory (Azure AD), part of Microsoft Entra.
 
 ## Usage location
 
 
@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.topic: how-to
 ms.workload: identity
-ms.date: 05/26/2022
+ms.date: 06/24/2022
 ms.author: curtand
 ms.reviewer: sumitp
 ms.custom: it-pro
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 
 # Assign licenses to users by group membership in Azure Active Directory
 
-This article walks you through assigning product licenses to a group of users and verifying that they're licensed correctly in Azure Active Directory (Azure AD).
+This article walks you through assigning product licenses to a group of users and verifying that they're licensed correctly in Azure Active Directory (Azure AD), part of Microsoft Entra.
 
 In this example, the Azure AD organization contains a security group called **HR Department**. This group includes all members of the human resources department (around 1,000 users). You want to assign Office 365 Enterprise E3 licenses to the entire department. The Yammer Enterprise service that's included in the product must be temporarily disabled until the department is ready to start using it. You also want to deploy Enterprise Mobility + Security licenses to the same group of users.
 
 
@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.topic: how-to
 ms.workload: identity
-ms.date: 12/02/2020
+ms.date: 06/24/2022
 ms.author: curtand
 ms.reviewer: sumitp
 ms.custom: "it-pro;seo-update-azuread-jan"
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 
 # Change license assignments for a user or group in Azure Active Directory
 
-This article describes how to move users and groups between service license plans in Azure Active Directory (Azure AD). The goal Azure AD's approach is to ensure that there's no loss of service or data during the license change. Users should switch between services seamlessly. The license plan assignment steps in this article describe changing a user or group on Office 365 E1 to Office 365 E3, but the steps apply to all license plans. When you update license assignments for a user or group, the license assignment removals and new assignments are made simultaneously so that users do not lose access to their services during license changes or see license conflicts between plans.
+This article describes how to move users and groups between service license plans in Azure Active Directory (Azure AD), part of Microsoft Entra. The goal Azure AD's approach is to ensure that there's no loss of service or data during the license change. Users should switch between services seamlessly. The license plan assignment steps in this article describe changing a user or group on Office 365 E1 to Office 365 E3, but the steps apply to all license plans. When you update license assignments for a user or group, the license assignment removals and new assignments are made simultaneously so that users do not lose access to their services during license changes or see license conflicts between plans.
 
 ## Before you begin