Merge pull request #95885 from MicrosoftDocs/master

11/13 PM Publish

Author: huypub

articles/active-directory/authentication/TOC.yml

@@ -139,8 +139,6 @@
         href: howto-authentication-passwordless-security-key.md
       - name: Passwordless Windows 10
         href: howto-authentication-passwordless-security-key-windows.md
-      - name: Passwordless on-premises
-        href: howto-authentication-passwordless-security-key-on-premises.md
       - name: Passwordless phone sign-in
         href: howto-authentication-passwordless-phone.md
       - name: Windows Hello for Business

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -19,7 +19,7 @@ ms.collection: M365-identity-device-management
 
 This article helps you to manage Multi-Factor Authentication settings in the Azure portal. It covers various topics that help you to get the most out of Azure Multi-Factor Authentication. Not all of the features are available in every version of Azure Multi-Factor Authentication.
 
-You can access settings related to Azure Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **MFA**.
+You can access settings related to Azure Multi-Factor Authentication from the Azure portal by browsing to **Azure Active Directory** > **Security** > **MFA**.
 
 ![Azure portal - Azure AD Multi-Factor Authentication settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-portal.png)
 
@@ -59,15 +59,15 @@ Use the _block and unblock users_ feature to prevent users from receiving authen
 ### Block a user
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Block/unblock users**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Block/unblock users**.
 3. Select **Add** to block a user.
 4. Select the **Replication Group**. Enter the username for the blocked user as **username\@domain.com**. Enter a comment in the **Reason** field.
 5. Select **Add** to finish blocking the user.
 
 ### Unblock a user
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Block/unblock users**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Block/unblock users**.
 3. Select **Unblock** in the **Action** column next to the user to unblock.
 4. Enter a comment in the **Reason for unblocking** field.
 5. Select **Unblock** to finish unblocking the user.
@@ -79,7 +79,7 @@ Configure the _fraud alert_ feature so that your users can report fraudulent att
 ### Turn on fraud alerts
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Fraud alert**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Fraud alert**.
 3. Set the **Allow users to submit fraud alerts** setting to **On**.
 4. Select **Save**.
 
@@ -121,7 +121,7 @@ You can use your own recordings or greetings for two-step verification with the
 Before you begin, be aware of the following restrictions:
 
 * The supported file formats are .wav and .mp3.
-* The file size limit is 5 MB.
+* The file size limit is 1 MB.
 * Authentication messages should be shorter than 20 seconds. Messages that are longer than 20 seconds can cause the verification to fail. The user might not respond before the message finishes and the verification times out.
 
 ### Custom message language behavior
@@ -142,7 +142,7 @@ For example, if there is only one custom message, with a language of German:
 ### Set up a custom message
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-1. Browse to **Azure Active Directory** > **MFA** > **Phone call settings**.
+1. Browse to **Azure Active Directory** > **Security** > **MFA** > **Phone call settings**.
 1. Select **Add greeting**.
 1. Choose the type of greeting.
 1. Choose the language.
@@ -181,7 +181,7 @@ The _one-time bypass_ feature allows a user to authenticate a single time withou
 ### Create a one-time bypass
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **One-time bypass**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **One-time bypass**.
 3. Select **Add**.
 4. If necessary, select the replication group for the bypass.
 5. Enter the username as **username\@domain.com**. Enter the number of seconds that the bypass should last. Enter the reason for the bypass.
@@ -190,7 +190,7 @@ The _one-time bypass_ feature allows a user to authenticate a single time withou
 ### View the one-time bypass report
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. Browse to **Azure Active Directory** > **MFA** > **One-time bypass**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **One-time bypass**.
 
 ## Caching rules
 
@@ -202,18 +202,20 @@ You can set a time period to allow authentication attempts after a user is authe
 ### Set up caching
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
-2. Browse to **Azure Active Directory** > **MFA** > **Caching rules**.
+2. Browse to **Azure Active Directory** > **Security** > **MFA** > **Caching rules**.
 3. Select **Add**.
 4. Select the **cache type** from the drop-down list. Enter the maximum number of **cache seconds**.
 5. If necessary, select an authentication type and specify an application.
 6. Select **Add**.
 
 ## MFA service settings
 
-Settings for app passwords, trusted IPs, verification options, and remember multi-factor authentication for Azure Multi-Factor Authentication can be found in service settings. Service settings can be accessed from the Azure portal by browsing to **Azure Active Directory** > **MFA** > **Getting started** > **Configure** > **Additional cloud-based MFA settings**.
+Settings for app passwords, trusted IPs, verification options, and remember multi-factor authentication for Azure Multi-Factor Authentication can be found in service settings. Service settings can be accessed from the Azure portal by browsing to **Azure Active Directory** > **Security** > **MFA** > **Getting started** > **Configure** > **Additional cloud-based MFA settings**.
 
 ![Azure Multi-Factor Authentication service settings](./media/howto-mfa-mfasettings/multi-factor-authentication-settings-service-settings.png)
 
+The trusted IP address ranges can be private or public.
+
 ## App passwords
 
 Some applications, like Office 2010 or earlier and Apple Mail before iOS 11, don't support two-step verification. The apps aren't configured to accept a second verification. To use these applications, take advantage of the _app passwords_ feature. You can use an app password in place of your traditional password to allow an app to bypass two-step verification and continue working.

articles/active-directory/authentication/howto-mfa-reporting.md

@@ -21,16 +21,16 @@ Azure Multi-Factor Authentication provides several reports that can be used by y
 
 | Report | Location | Description |
 |:--- |:--- |:--- |
-| Blocked User History | Azure AD > MFA Server > Block/unblock users | Shows the history of requests to block or unblock users. |
+| Blocked User History | Azure AD > Security > MFA > Block/unblock users | Shows the history of requests to block or unblock users. |
 | Usage and fraud alerts | Azure AD > Sign-ins | Provides information on overall usage, user summary, and user details; as well as a history of fraud alerts submitted during the date range specified. |
-| Usage for on-premises components | Azure AD > MFA Server > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
-| Bypassed User History | Azure AD > MFA Server > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
-| Server status | Azure AD > MFA Server > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
+| Usage for on-premises components | Azure AD > Security > MFA > Activity Report | Provides information on overall usage for MFA through the NPS extension, ADFS, and MFA server. |
+| Bypassed User History | Azure AD > Security > MFA > One-time bypass | Provides a history of requests to bypass Multi-Factor Authentication for a user. |
+| Server status | Azure AD > Security > MFA > Server status | Displays the status of Multi-Factor Authentication Servers associated with your account. |
 
 ## View MFA reports
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-2. On the left, select **Azure Active Directory** > **MFA Server**.
+2. On the left, select **Azure Active Directory** > **Security** > **MFA**.
 3. Select the report that you wish to view.
 
    ![MFA Server server status report in the Azure portal](./media/howto-mfa-reporting/report.png)

articles/active-directory/authentication/media/howto-mfa-mfasettings/multi-factor-authentication-settings-portal.png

@@ -48,7 +48,7 @@ A named location has the following components:
 - **IP ranges** - One or more IPv4 address ranges in CIDR format. Specifying an IPv6 address range is not supported.
 
    > [!NOTE]
-   > IPv6 address rangess cannot currently be included in a named location. This measn IPv6 ranges cannot be excluded from a Conditional Access policy.
+   > IPv6 address ranges cannot currently be included in a named location. This means IPv6 ranges cannot be excluded from a Conditional Access policy.
 
 - **Mark as trusted location** - A flag you can set for a named location to indicate a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce [false positives](../reports-monitoring/concept-risk-events.md#impossible-travel-to-atypical-locations-1).
 - **Countries/Regions** - This option enables you to select one or more country or region to define a named location.

articles/active-directory/conditional-access/location-condition.md

@@ -30,7 +30,7 @@ To do a controlled validation of hybrid Azure AD join on Windows current devices
 1. Clear the Service Connection Point (SCP) entry from Active Directory (AD) if it exists
 1. Configure client-side registry setting for SCP on your domain-joined computers using a Group Policy Object (GPO)
 1. If you are using AD FS, you must also configure the client-side registry setting for SCP on your AD FS server using a GPO  
-
+1. You may also need to [customize synchronization options](../hybrid/how-to-connect-post-installation.md#additional-tasks-available-in-azure-ad-connect) in Azure AD Connect to enable device synchronization. 
 
 
 ### Clear the SCP from AD
@@ -79,7 +79,7 @@ Use the following example to create a Group Policy Object (GPO) to deploy a regi
 If you are using AD FS, you first need to configure client-side SCP using the instructions mentioned above but linking the GPO to your AD FS servers. The SCP object defines the source of authority for device objects. It can be on-premises or Azure AD. When this is configured for AD FS, the source for device objects is established as Azure AD.
 
 > [!NOTE]
-> If you failed to configure client-side SCP on your AD FS servers, the source for device identities would be considered as on-premises, and if you have device writeback, AD FS would start deleting device objects from on-premises registered device container after a stipulated period.
+> If you failed to configure client-side SCP on your AD FS servers, the source for device identities would be considered as on-premises. ADFS will then start deleting device objects from on-premises directory after the stipulated period defined in the ADFS Device Registration's attribute "MaximumInactiveDays". ADFS Device Registration objects can be found using the [Get-AdfsDeviceRegistration cmdlet](https://docs.microsoft.com/powershell/module/adfs/get-adfsdeviceregistration?view=win10-ps).
 
 ## Controlled validation of hybrid Azure AD join on Windows down-level devices