[Azure AD] tenant to organization 03

Author: curtand

articles/active-directory/users-groups-roles/licensing-ps-examples.md

@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.subservice: users-groups-roles
 ms.topic: article
 ms.workload: identity
-ms.date: 11/08/2019
+ms.date: 04/29/2020
 ms.author: curtand
 ms.reviewer: sumitp
 ms.collection: M365-identity-device-management
@@ -26,7 +26,7 @@ cmdlets](https://docs.microsoft.com/powershell/msonline/v1/azureactivedirectory)
 > Before you begin running cmdlets, make sure you connect to your organization first, by running the `Connect-MsolService` cmdlet.
 
 > [!WARNING]
-> This code is provided as an example for demonstration purposes. If you intend to use it in your environment, consider testing it first on a small scale, or in a separate test tenant. You may have to adjust the code to meet the specific needs of your environment.
+> This code is provided as an example for demonstration purposes. If you intend to use it in your environment, consider testing it first on a small scale, or in a separate test organization. You may have to adjust the code to meet the specific needs of your environment.
 
 ## View product licenses assigned to a group
 
@@ -251,12 +251,12 @@ HTTP/1.1 200 OK
 
 ```
 
-## Get all users with license errors in the entire tenant
+## Get all users with license errors in the entire organization
 
 The following script can be used to get all users who have license errors from one or more groups. The script prints one row per user, per license error, which allows you to clearly identify the source of each error.
 
 > [!NOTE]
-> This script enumerates all users in the tenant, which might not be optimal for large tenants.
+> This script enumerates all users in the organization, which might not be optimal for large organizations.
 
 ```powershell
 Get-MsolUser -All | Where {$_.IndirectLicenseErrors } | % {   
@@ -364,10 +364,10 @@ function UserHasLicenseAssignedFromGroup
 }
 ```
 
-This script executes those functions on each user in the tenant, using the SKU ID as input - in this example we are interested in the license for *Enterprise Mobility + Security*, which in our tenant is represented with ID *contoso:EMS*:
+This script executes those functions on each user in the organization, using the SKU ID as input - in this example we are interested in the license for *Enterprise Mobility + Security*, which in our organization is represented with ID *contoso:EMS*:
 
 ```powershell
-#the license SKU we are interested in. use Get-MsolAccountSku to see a list of all identifiers in your tenant
+#the license SKU we are interested in. use Get-MsolAccountSku to see a list of all identifiers in your organization
 $skuId = "contoso:EMS"
 
 #find all users that have the SKU license assigned

articles/active-directory/users-groups-roles/licensing-service-plan-reference.md

@@ -128,7 +128,7 @@ When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
 
 ## Service plans that cannot be assigned at the same time
 
-Some products contain service plans that cannot be assigned to the same user at the same time. For example, if you have *Office 365 E1* and *Office 365 E3* in your tenant, and you try to assign both licenses to the same user, the operation fails. This is because the E3 product contains the following service plans that conflict with their E1 counterparts:
+Some products contain service plans that cannot be assigned to the same user at the same time. For example, if you have *Office 365 E1* and *Office 365 E3* in your Azure AD organization, and you try to assign both licenses to the same user, the operation fails. This is because the E3 product contains the following service plans that conflict with their E1 counterparts:
 
 -   SharePoint Online (Plan 2) conflicts with SharePoint Online (Plan 1).
 -   Exchange Online (Plan 2) conflicts with Exchange Online (Plan 1).

articles/active-directory/users-groups-roles/linkedin-integration.md

@@ -25,8 +25,8 @@ You can allow users in your organization to access their LinkedIn connections wi
 > Exceptions:
 >
 > * The setting is not available for customers using Microsoft Cloud for US Government, Microsoft Cloud Germany, or Azure and Office 365 operated by 21Vianet in China.
-> * The setting is off by default for tenants provisioned in Germany. Note that the setting is not available for customers using Microsoft Cloud Germany.
-> * The setting is off by default for tenants provisioned in France.
+> * The setting is off by default for Azure AD organizations provisioned in Germany. Note that the setting is not available for customers using Microsoft Cloud Germany.
+> * The setting is off by default for organizations provisioned in France.
 >
 > Once LinkedIn account connections are enabled for your organization, the account connections work after users consent to apps accessing company data on their behalf. For information about the user consent setting, see [How to remove a user's access to an application](https://docs.microsoft.com/azure/active-directory/application-access-assignment-how-to-remove-assignment).
 

articles/active-directory/users-groups-roles/roles-assign-graph.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: users-groups-roles
 ms.topic: article
-ms.date: 11/08/2019
+ms.date: 04/29/2020
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -20,7 +20,7 @@ You can automate how you assign roles to user accounts using the Microsoft Graph
 
 ## Required permissions
 
-Connect to your Azure AD tenant using a Global administrator account or Privileged Identity administrator to assign or remove roles.
+Connect to your Azure AD organization using a Global administrator account or Privileged Identity administrator to assign or remove roles.
 
 ## POST Operations on RoleAssignment
 

articles/active-directory/users-groups-roles/roles-assign-powershell.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: users-groups-roles
 ms.topic: article
-ms.date: 11/08/2019
+ms.date: 04/29/2020
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -22,7 +22,7 @@ For more information about Azure AD admin roles, see [Assigning administrator r
 
 ## Required permissions
 
-Connect to your Azure AD tenant using a global administrator account to assign or remove roles.
+Connect to your Azure AD organization using a global administrator account to assign or remove roles.
 
 ## Prepare PowerShell
 

articles/active-directory/users-groups-roles/roles-concept-delegation.md

@@ -11,7 +11,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: users-groups-roles
 ms.topic: article
-ms.date: 01/31/2019
+ms.date: 04/29/2020
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -97,7 +97,7 @@ To maintain access to your identity management store when issue arises, prepare
 
 ## Secure your administrator roles
 
-Attackers who get control of privileged accounts can do tremendous damage, so protect these accounts first, using the [baseline access policy](https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/) that is available by default to all Azure AD tenants (in public preview). The policy enforces multi-factor authentication on privileged Azure AD accounts. The following Azure AD roles are covered by the Azure AD baseline policy:
+Attackers who get control of privileged accounts can do tremendous damage, so protect these accounts first, using the [baseline access policy](https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/) that is available by default to all Azure AD organizations (in public preview). The policy enforces multi-factor authentication on privileged Azure AD accounts. The following Azure AD roles are covered by the Azure AD baseline policy:
 
 * Global administrator
 * SharePoint administrator

articles/active-directory/users-groups-roles/roles-delegate-by-task.md

@@ -13,7 +13,7 @@ ms.date: 03/03/2020
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
-#As an Azure AD administrator, I want to know which role has the least privilege for a given task to make my Azure AD tenant more secure.
+#As an Azure AD administrator, I want to know which role has the least privilege for a given task to make my Azure AD organization more secure.
 
 ms.collection: M365-identity-device-management
 ---

articles/active-directory/users-groups-roles/signin-realm-discovery.md

@@ -23,7 +23,7 @@ We are changing our Azure Active Directory (Azure AD) sign-in behavior to make r
 
 Historically, home realm discovery was governed by the domain that is provided at sign-in or by a Home Realm Discovery policy for some legacy applications. For example, in our discovery behavior an Azure Active Directory user could mistype their username but would still arrive at their organization's credential collection screen. This occurs when the user correctly provides the organization's domain name “contoso.com”. This behavior does not allow the granularity to customize experiences for an individual user.
 
-To support a wider range of credentials and increase usability, Azure Active Directory’s username lookup behavior during the sign-in process is now updated. The new behavior makes intelligent decisions by reading tenant and user level settings based on the username entered on the sign-in page. To make this possible, Azure Active Directory will check to see if the username that is entered on the sign-in page exists in their specified domain or redirects the user to provide their credentials.
+To support a wider range of credentials and increase usability, Azure Active Directory’s username lookup behavior during the sign-in process is now updated. The new behavior makes intelligent decisions by reading organization-level and user-level settings based on the username entered on the sign-in page. To make this possible, Azure Active Directory will check to see if the username that is entered on the sign-in page exists in their specified domain or redirects the user to provide their credentials.
 
 An additional benefit of this work is improved error messaging. Here are some examples of the improved error messaging when signing in to an application that supports Azure Active Directory users only.
 

articles/active-directory/users-groups-roles/users-close-account.md

@@ -1,5 +1,5 @@
 ---
-title: Close work or school account in an unmanaged Azure AD directory
+title: Close work or school account in an unmanaged Azure AD organization
 description: How to close your work or school account in an unmanaged Azure Active Directory.
 services: active-directory
 author: rolyon
@@ -17,19 +17,19 @@ ms.custom: it-pro
 ms.collection: M365-identity-device-management
 ---
 
-# Close your work or school account in an unmanaged directory
+# Close your work or school account in an unmanaged Azure AD organization
 
-If you are a user in an unmanaged Azure Active Directory (Azure AD) organization, and you no longer need to use apps from that organization or maintain any association with it, you can close your account at any time. An unmanaged directory does not have a Global administrator. Users in an unmanaged directory can close their accounts on their own, without having to contact an administrator.
+If you are a user in an unmanaged Azure Active organization (Azure AD) organization, and you no longer need to use apps from that organization or maintain any association with it, you can close your account at any time. An unmanaged organization does not have a Global administrator. Users in an unmanaged organization can close their accounts on their own, without having to contact an administrator.
 
-Users in an unmanaged directory are often created during self-service sign-up. An example might be an information worker in an organization who signs up for a free service. For more information about self-service sign-up, see [What is self-service sign-up for Azure Active Directory?](directory-self-service-signup.md).
+Users in an unmanaged organization are often created during self-service sign-up. An example might be an information worker in an organization who signs up for a free service. For more information about self-service sign-up, see [What is self-service sign-up for Azure Active Directory?](directory-self-service-signup.md).
 
 [!INCLUDE [GDPR-related guidance](../../../includes/gdpr-intro-sentence.md)]
 
 ## Before you begin
 
 Before you can close your account, you should confirm the following items:
 
-* Make sure you are a user of an unmanaged Azure AD directory. You can't close your account if you belong to a managed directory. If you belong to a managed directory and want to close your account, you must contact your administrator. For information about how to determine whether you belong to an unmanaged directory, see [Delete the user from Unmanaged Tenant](https://docs.microsoft.com/flow/gdpr-dsr-delete#delete-the-user-from-unmanaged-tenant).
+* Make sure you are a user of an unmanaged Azure AD organization. You can't close your account if you belong to a managed organization. If you belong to a managed organization and want to close your account, you must contact your administrator. For information about how to determine whether you belong to an unmanaged organization, see [Delete the user from Unmanaged Tenant](https://docs.microsoft.com/flow/gdpr-dsr-delete#delete-the-user-from-unmanaged-tenant).
 
 * Save any data you want to keep. For information about how to submit an export request, see [Accessing and exporting system-generated logs for Unmanaged Tenants](https://docs.microsoft.com/power-platform/admin/powerapps-gdpr-dsr-guide-systemlogs#accessing-and-exporting-system-generated-logs-for-unmanaged-tenants).