MicrosoftDocs
diff --git a/‎articles/active-directory-domain-services/active-directory-ds-suspension.md
Lines changed: 8 additions & 8 deletions b/‎articles/active-directory-domain-services/active-directory-ds-suspension.md
Lines changed: 8 additions & 8 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-reporting.md
Lines changed: 86 additions & 2 deletions b/‎articles/active-directory/authentication/howto-mfa-reporting.md
Lines changed: 86 additions & 2 deletions
diff --git a/‎articles/active-directory/authentication/media/howto-mfa-reporting/sign-in-report.png
132 KB b/‎articles/active-directory/authentication/media/howto-mfa-reporting/sign-in-report.png
132 KB
@@ -19,14 +19,14 @@ ms.author: ergreenl
 
 ---
 # Suspended domains
-When Azure AD Domain Services is unable to service a managed domain for a long period of time, it puts the managed domain into a suspended state. This article explains why managed domains are suspended, and how to remediate a suspended domain.
+When Azure Active Directory Domain Services (Azure AD DS) is unable to service a managed domain for a long period of time, it puts the managed domain into a suspended state. This article explains why managed domains are suspended, and how to remediate a suspended domain.
 
 
 ## States your managed domain can be in
 
 ![Suspended domain timeline](media\active-directory-domain-services-suspension\suspension-timeline.PNG)
 
-The preceding graphic outlines the possible states an Azure AD Domain Services managed domain can be in.
+The preceding graphic outlines the possible states an Azure AD DS managed domain can be in.
 
 ### "Running" state
 A managed domain that is configured correctly and operating regularly is in the **Running** state.
@@ -62,15 +62,15 @@ In some cases (for example, if you have an invalid network configuration), the d
 ### The "Suspended" state
 A managed domain is put in the **Suspended** state for the following reasons:
 
-* One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources that are needed by Azure AD Domain Services.
+* One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources that are needed by Azure AD DS.
     * For example, the alert [AADDS104: Network Error](active-directory-ds-troubleshoot-nsg.md) has been unresolved for more than 15 days in the managed domain.
 * There's a billing issue with your Azure subscription or your Azure subscription has expired.
 
 Managed domains are suspended when Microsoft is unable to manage, monitor, patch, or back up the domain on an ongoing basis.
 
 **What to expect**
 * Domain controllers for your managed domain are de-provisioned and aren't reachable within the virtual network.
-* Secure LDAP access to the managed domain over the Internet (if it's enabled) stops working.
+* Secure LDAP access to the managed domain over the internet (if it's enabled) stops working.
 * You notice failures in authenticating to the managed domain, logging on to domain-joined virtual machines, or connecting over LDAP/LDAPS.
 * Backups for your managed domain are no longer taken.
 * Synchronization with Azure AD stops.
@@ -86,18 +86,18 @@ A managed domain that stays in the "Suspended" state for 15 days is **Deleted**.
 
 **What to expect**
 * All resources and backups for the managed domain are deleted.
-* You can't restore the managed domain, and need to create a new managed domain to use Azure AD Domain Services.
+* You can't restore the managed domain, and need to create a new managed domain to use Azure AD DS.
 * After it's deleted, you aren't billed for the managed domain.
 
 
 ## How do you know if your managed domain is suspended?
-You see an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD Domain Services Health page in the Azure portal that declares that the domain is suspended. The state of the domain also shows "Suspended".
+You see an [alert](active-directory-ds-troubleshoot-alerts.md) on the Azure AD DS Health page in the Azure portal that declares that the domain is suspended. The state of the domain also shows "Suspended".
 
 
 ## Restore a suspended domain
 To restore a domain that's in the "Suspended" state, take the following steps:
 
-1. Go to the [Azure AD Domain Services page](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.AAD%2FdomainServices) in the Azure portal.
+1. Go to the [Azure Active Directory Domain Services page](https://portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.AAD%2FdomainServices) in the Azure portal.
 2. Select the managed domain.
 3. In the left panel, select **Health**.
 4. Select the alert. The alert ID will be either AADDS503 or AADDS504, depending on the cause of suspension.
@@ -108,7 +108,7 @@ Your managed domain can only be restored to the date of the last backup. The dat
 
 ## Next steps
 - [Resolve alerts for your managed domain](active-directory-ds-troubleshoot-alerts.md)
-- [Read more about Azure AD Domain Services](active-directory-ds-overview.md)
+- [Read more about Azure Active Directory Domain Services](active-directory-ds-overview.md)
 - [Contact the product team](active-directory-ds-contact-us.md)
 
 ## Contact us
 
@@ -6,7 +6,7 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.component: authentication
 ms.topic: conceptual
-ms.date: 07/11/2018
+ms.date: 07/30/2018
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -26,14 +26,98 @@ Azure Multi-Factor Authentication provides several reports that can be used by y
 | Bypassed User History | Azure AD > MFA Server > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
 | Server status | Azure AD > MFA Server > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
 
-## View reports 
+## View MFA reports
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. On the left, select **Azure Active Directory** > **MFA Server**.
 3. Select the report that you wish to view.
 
    <center>![Cloud](./media/howto-mfa-reporting/report.png)</center>
 
+## Azure AD sign-ins report
+
+With the **sign-ins activity report** in the [Azure portal](https://portal.azure.com), you can get the information you need to determine how your environment is doing.
+
+The sign-ins report can provide you with information about the usage of managed applications and user sign-in activities, which includes information about multi-factor authentication (MFA) usage. The MFA data gives you insights into how MFA is working in your organization. It enables you to answer questions like:
+
+- Was the sign-in challenged with MFA?
+- How did the user complete MFA?
+- Why was the user unable to complete MFA?
+- How many users are challenged for MFA?
+- How many users are unable to complete the MFA challenge?
+- What are the common MFA issues end users are running into?
+
+This data is available through the [Azure portal](https://portal.azure.com) and the [reporting API](../active-directory-reporting-api-getting-started-azure-portal.md).
+
+![Cloud](./media/howto-mfa-reporting/sign-in-report.png)
+
+### Sign-ins report structure
+
+The sign-in activity reports for MFA give you access to the following information:
+
+**MFA required:** Whether MFA is required for the sign-in or not. MFA can be required due to per-user MFA, conditional access, or other reasons. Possible values are **Yes** or **No**.
+
+**MFA Result:** More information on whether MFA was satisfied or denied:
+
+- If MFA was satisfied, this column provides more information about how MFA was satisfied.
+   - Azure Multi-Factor Authentication
+      - completed in the cloud
+      - has expired due to the policies configured on tenant
+      - registration prompted
+      - satisfied by claim in the token
+      - satisfied by claim provided by external provider
+      - satisfied by strong authentication
+      - skipped as flow exercised was Windows broker logon flow
+      - skipped due to app password
+      - skipped due to location
+      - skipped due to registered device
+      - skipped due to remembered device
+      - successfully completed
+   - Redirected to external provider for multi-factor authentication
+
+- If MFA was denied, this column would provide the reason for denial.
+   - Azure Multi-Factor Authentication denied;
+      - authentication in-progress
+      - duplicate authentication attempt
+      - entered incorrect code too many times
+      - invalid authentication
+      - invalid mobile app verification code
+      - misconfiguration
+      - phone call went to voicemail
+      - phone number has an invalid format
+      - service error
+      - unable to reach the user’s phone
+      - unable to send the mobile app notification to the device
+      - unable to send the mobile app notification
+      - user declined the authentication
+      - user did not respond to mobile app notification
+      - user does not have any verification methods registered
+      - user entered incorrect code
+      - user entered incorrect PIN
+      - user hung up the phone call without succeeding the authentication
+      - user is blocked
+      - user never entered the verification code
+      - user not found
+      - verification code already used once
+
+**MFA authentication method:** The authentication method the user used to complete MFA. Possible values include:
+
+- Text message
+- Mobile app notification
+- Phone call (Authentication phone)
+- Mobile app verification code
+- Phone call (Office phone)
+- Phone call (Alternate authentication phone)
+
+**MFA authentication detail:** Scrubbed version of the phone number, for example: +X XXXXXXXX64.
+
+**Conditional Access** Find information about conditional access policies that affected the sign-in attempt including:
+
+- Policy name
+- Grant controls
+- Session controls
+- Result
+
 ## PowerShell reporting
 
 Identify users who have registered for MFA using the PowerShell that follows.