Merge pull request #249271 from MicrosoftGuyJFlo/ConditionalAccessOverviewUpdate

[Microsoft Entra ID] Conditional Access Overview update

Author: v-dirichards

articles/active-directory/conditional-access/concept-conditional-access-policy-common.md

@@ -88,12 +88,12 @@ Policies in this category provide new ways to protect against compromise.
 
 ---
 
-Find these templates in the [Microsoft Entra admin center](https://entra.microsoft.com) > **Microsoft Entra ID (Azure AD)** > **Protection** > **Conditional Access** > **Create new policy from templates**. Select **Show more** to see all policy templates in each category.
+Find these templates in the [Microsoft Entra admin center](https://entra.microsoft.com) > **Protection** > **Conditional Access** > **Create new policy from templates**. Select **Show more** to see all policy templates in each category.
 
 :::image type="content" source="media/concept-conditional-access-policy-common/create-policy-from-template-identity.png" alt-text="Screenshot that shows how to create a Conditional Access policy from a preconfigured template in the Microsoft Entra admin center." lightbox="media/concept-conditional-access-policy-common/create-policy-from-template-identity.png":::
 
 > [!IMPORTANT]
-> Conditional Access template policies will exclude only the user creating the policy from the template. If your organization needs to [exclude other accounts](../roles/security-emergency-access.md), you will be able to modify the policy once they are created. You can find these policies in the [Microsoft Entra admin center](https://entra.microsoft.com) > **Microsoft Entra ID (Azure AD)** > **Protection** > **Conditional Access** > **Policies**. Select a policy to open the editor and modify the excluded users and groups to select accounts you want to exclude.
+> Conditional Access template policies will exclude only the user creating the policy from the template. If your organization needs to [exclude other accounts](../roles/security-emergency-access.md), you will be able to modify the policy once they are created. You can find these policies in the [Microsoft Entra admin center](https://entra.microsoft.com) > **Protection** > **Conditional Access** > **Policies**. Select a policy to open the editor and modify the excluded users and groups to select accounts you want to exclude.
 
 By default, each policy is created in [report-only mode](concept-conditional-access-report-only.md), we recommended organizations test and monitor usage, to ensure intended result, before turning on each policy.
 

articles/active-directory/conditional-access/howto-conditional-access-policy-authentication-strength-external.md

@@ -48,7 +48,7 @@ The authentication methods that external users can use to satisfy MFA requiremen
 Determine if one of the built-in authentication strengths will work for your scenario or if you'll need to create a custom authentication strength.
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator).
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Protection** > **Authentication methods** > **Authentication strengths**.
+1. Browse to **Protection** > **Authentication methods** > **Authentication strengths**.
 1. Review the built-in authentication strengths to see if one of them meets your requirements.
 1. If you want to enforce a different set of authentication methods, [create a custom authentication strength](https://aka.ms/b2b-auth-strengths).
 

articles/active-directory/conditional-access/howto-conditional-access-policy-location.md

@@ -25,7 +25,7 @@ With the location condition in Conditional Access, you can control access to you
 ## Define locations
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator).
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Protection** > **Conditional Access** > **Named locations**.
+1. Browse to **Protection** > **Conditional Access** > **Named locations**.
 1. Choose the type of location to create.
    1. **Countries location** or **IP ranges location**.
 1. Give your location a name.

articles/active-directory/conditional-access/media/overview/conditional-access-central-policy-engine-zero-trust.png

@@ -1,12 +1,12 @@
 ---
 title: What is Conditional Access in Azure Active Directory?
-description: Learn how Conditional Access is at the heart of the new identity-driven control plane.
+description: Conditional Access is the Zero Trust policy engine at the heart of the new identity-driven control plane.
 
 services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: overview
-ms.date: 06/20/2023
+ms.date: 08/24/2023
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -18,17 +18,15 @@ ms.custom: zt-include
 ---
 # What is Conditional Access?
 
-Microsoft is providing Conditional Access templates to organizations in report-only mode starting in January of 2023. We may add more policies as new threats emerge.
-
 The modern security perimeter extends beyond an organization's network perimeter to include user and device identity. Organizations now use identity-driven signals as part of their access control decisions.
 
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4MwZs]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4MwZs]
 
 Azure AD Conditional Access brings signals together, to make decisions, and enforce organizational policies. Conditional Access is Microsoft's [Zero Trust policy engine](/security/zero-trust/deploy/identity) taking signals from various sources into account when enforcing policy decisions.
 
 :::image type="content" source="media/overview/conditional-access-signal-decision-enforcement.png" alt-text="Diagram showing concept of Conditional Access signals plus decision to enforce organizational policy.":::
 
-Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multifactor authentication to access it.
+Conditional Access policies at their simplest are if-then statements; **if** a user wants to access a resource, **then** they must complete an action. For example: If a user wants to access an application or service like Microsoft 365, then they must perform multifactor authentication to gain access.
 
 Administrators are faced with two primary goals:
 
@@ -57,9 +55,9 @@ These signals include:
    - Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies.
    - Use filters for devices to target policies to specific devices like privileged access workstations.
 - Application
-   - Users attempting to access specific applications can trigger different Conditional Access policies. 
+   - Users attempting to access specific applications can trigger different Conditional Access policies.
 - Real-time and calculated risk detection
-   - Signals integration with [Azure AD Identity Protection](../identity-protection/overview-identity-protection.md) allows Conditional Access policies to identify and remediate risky users and sign-in behavior.
+   - Signals integration with [Microsoft Entra ID Protection](../identity-protection/overview-identity-protection.md) allows Conditional Access policies to identify and remediate risky users and sign-in behavior.
 - [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
    - Enables user application access and sessions to be monitored and controlled in real time. This integration increases visibility and control over access to and activities done within your cloud environment.
 
@@ -85,7 +83,7 @@ Many organizations have [common access concerns that Conditional Access policies
 - Requiring multifactor authentication for users with administrative roles
 - Requiring multifactor authentication for Azure management tasks
 - Blocking sign-ins for users attempting to use legacy authentication protocols
-- Requiring trusted locations for Azure AD Multifactor Authentication registration
+- Requiring trusted locations for security information registration
 - Blocking or granting access from specific locations
 - Blocking risky sign-in behaviors
 - Requiring organization-managed devices for specific applications
@@ -94,9 +92,9 @@ Administrators can create policies from scratch or start from a template policy
 
 ## Administrator experience
 
-Administrators with the [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) role can manage policies in Azure AD. 
+Administrators with the [Conditional Access Administrator](../roles/permissions-reference.md#conditional-access-administrator) role can manage policies. 
 
-Conditional Access is found in the [Microsoft Entra admin center](https://entra.microsoft.com) under **Microsoft Entra ID (Azure AD)** > **Protection** > **Conditional Access**.
+Conditional Access is found in the [Microsoft Entra admin center](https://entra.microsoft.com) under **Protection** > **Conditional Access**.
 
 :::image type="content" source="media/overview/conditional-access-overview.png" alt-text="Screenshot of the Conditional Access overview page." lightbox="media/overview/conditional-access-overview.png":::
 
@@ -110,7 +108,7 @@ Conditional Access is found in the [Microsoft Entra admin center](https://entra.
 
 Customers with [Microsoft 365 Business Premium licenses](/office365/servicedescriptions/office-365-service-descriptions-technet-library) also have access to Conditional Access features. 
 
-Risk-based policies require access to [Identity Protection](../identity-protection/overview-identity-protection.md), which is an Azure AD P2 feature.
+Risk-based policies require access to [Identity Protection](../identity-protection/overview-identity-protection.md), which requires P2 licenses.
 
 Other products and features that may interact with Conditional Access policies require appropriate licensing for those products and features.
 

articles/active-directory/conditional-access/overview.md

@@ -85,7 +85,7 @@ If you wish to roll back this feature, you can delete or disable any created pol
 
 The sign-in logs are used to review how policy is enforced for service principals or the expected affects of policy when using report-only mode.
 
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Monitoring & health** > **Sign-in logs** > **Service principal sign-ins**.
+1. Browse to **Identity** > **Monitoring & health** > **Sign-in logs** > **Service principal sign-ins**.
 1. Select a log entry and choose the **Conditional Access** tab to view evaluation information.
 
 Failure reason when Service Principal is blocked by Conditional Access: “Access has been blocked due to Conditional Access policies.” 
@@ -102,7 +102,7 @@ To view results of a risk-based policy, refer to the **Report-only** tab of even
 
 You can get the objectID of the service principal from Azure AD Enterprise Applications. The Object ID in Azure AD App registrations can’t be used. This identifier is the Object ID of the app registration, not of the service principal.
 
-1. Browse to **Microsoft Entra ID (Azure AD)** > **Applications** > **Enterprise Applications**, find the application you registered.
+1. Browse to **Identity** > **Applications** > **Enterprise Applications**, find the application you registered.
 1. From the **Overview** tab, copy the **Object ID** of the application. This identifier is the unique to the service principal, used by Conditional Access policy to find the calling app.
 
 ### Microsoft Graph