Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into us1645361w

Author: TimShererWithAquent

.openpublishing.redirection.json

@@ -34101,6 +34101,21 @@
       "redirect_url": "/azure/active-directory-b2c/tutorial-create-tenant",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/active-directory/authentication/concept-mfa-get-started.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-mfa-get-started",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/concept-conditional-access-block-legacy-authentication.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/active-directory/conditional-access/concept-conditional-access-security-defaults.md",
+      "redirect_url": "/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/multi-factor-authentication/end-user/multi-factor-authentication-end-user-app-passwords.experimental.md",
       "redirect_url": "/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords",

articles/active-directory/authentication/TOC.yml

@@ -43,8 +43,6 @@
     items:
     - name: How MFA works
       href: concept-mfa-howitworks.md
-    - name: Enable MFA
-      href: concept-mfa-get-started.md
     - name: License your users
       href: concept-mfa-licensing.md
     - name: Manage an Auth Provider

articles/active-directory/authentication/howto-mfa-userstates.md

@@ -49,7 +49,10 @@ User accounts in Azure Multi-Factor Authentication have the following three dist
 
 A user's state reflects whether an admin has enrolled them in Azure MFA, and whether they completed the registration process.
 
-All users start out *Disabled*. When you enroll users in Azure MFA, their state changes to *Enabled*. When enabled users sign in and complete the registration process, their state changes to *Enforced*.  
+All users start out *Disabled*. When you enroll users in Azure MFA, their state changes to *Enabled*. When enabled users sign in and complete the registration process, their state changes to *Enforced*.
+
+> [!NOTE]
+> If MFA is re-enabled on a user object that already has registration details, such as phone or email, then administrators need to have that user re-register MFA via Azure portal or PowerShell. If the user doesn't re-register, their MFA state doesn't transition from *Enabled* to *Enforced* in MFA management UI.
 
 ### View the status for a user
 
@@ -176,6 +179,8 @@ Get-MsolUser -All | Set-MfaState -State Disabled
 
 > [!NOTE]
 > We recently changed the behavior and PowerShell script above accordingly. Previously, the script saved off the MFA methods, disabled MFA, and restored the methods. This is no longer necessary now that the default behavior for disable doesn't clear the methods.
+>
+> If MFA is re-enabled on a user object that already has registration details, such as phone or email, then administrators need to have that user re-register MFA via Azure portal or PowerShell. If the user doesn't re-register, their MFA state doesn't transition from *Enabled* to *Enforced* in MFA management UI.
 
 ## Next steps
 

articles/active-directory/conditional-access/TOC.yml

@@ -17,8 +17,6 @@
   items:
   - name: Common Conditional Access policies
     href: concept-conditional-access-policy-common.md
-  - name: Security defaults
-    href: concept-conditional-access-security-defaults.md
   - name: Conditional Access policy components
     href: concept-conditional-access-policies.md
   - name: Conditions

articles/active-directory/develop/active-directory-claims-mapping.md

@@ -1,5 +1,5 @@
 ---
-title: Customize claims for an Azure AD tenant app (Public Preview) 
+title: Customize claims for Azure AD tenant apps
 titleSuffix: Microsoft identity platform
 description: This page describes Azure Active Directory claims mapping.
 services: active-directory

articles/active-directory/develop/active-directory-configurable-token-lifetimes.md

@@ -1,5 +1,5 @@
 ---
-title: Configurable token lifetimes in Azure Active Directory 
+title: Configurable Azure AD token lifetimes
 titleSuffix: Microsoft identity platform
 description: Learn how to set lifetimes for tokens issued by Azure AD.
 services: active-directory

articles/active-directory/develop/active-directory-enterprise-app-role-management.md

@@ -1,5 +1,5 @@
 ---
-title: Configure the role claim for enterprise applications in Azure AD 
+title: Configure role claim for enterprise Azure AD apps | Azure
 titleSuffix: Microsoft identity platform
 description: Learn how to configure the role claim issued in the SAML token for enterprise applications in Azure Active Directory
 services: active-directory

articles/active-directory/develop/active-directory-how-applications-are-added.md

@@ -1,5 +1,5 @@
 ---
-title: How and why applications are added to Azure Active Directory 
+title: How and why to add apps to Azure AD
 titleSuffix: Microsoft identity platform
 description: What does it mean for an application to be added to Azure AD and how do they get there?
 services: active-directory

articles/active-directory/develop/active-directory-optional-claims.md

@@ -1,7 +1,7 @@
 ---
-title: Learn how to provide optional claims to your Azure AD app 
+title: Provide optional claims to Azure AD apps | Azure
 titleSuffix: Microsoft identity platform
-description: A guide for adding custom or additional claims to the SAML 2.0 and JSON Web Tokens (JWT) tokens issued by Azure Active Directory. 
+description: How to add custom or additional claims to the SAML 2.0 and JSON Web Tokens (JWT) tokens issued by Azure Active Directory. 
 author: rwike77
 manager: CelesteDG
 

articles/active-directory/develop/active-directory-saml-claims-customization.md

@@ -1,5 +1,5 @@
 ---
-title: Customize SAML token claims for enterprise apps in Azure AD 
+title: Customize Azure AD app SAML token claims
 titleSuffix: Microsoft identity platform
 description: Learn how to customize the claims issued in the SAML token for enterprise applications in Azure AD.
 services: active-directory