review fixes

Justinha · Justinha · commit a5a1bf8ada18 · 2022-09-01T17:10:41.000-07:00
diff --git a/articles/active-directory/authentication/how-to-mfa-additional-context.md b/articles/active-directory/authentication/how-to-mfa-additional-context.md
@@ -11,7 +11,7 @@ ms.collection: M365-identity-device-management
 
 # Customer intent: As an identity administrator, I want to encourage users to use the Microsoft Authenticator app in Azure AD to improve and secure user sign-in events.
 ---
-# How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication Methods Policy
+# How to use additional context in Microsoft Authenticator notifications (Preview) - Authentication methods policy
 
 This topic covers how to improve the security of user sign-in by adding the application name and geographic location of the sign-in to Microsoft Authenticator push and passwordless notifications. 
 
@@ -45,12 +45,12 @@ You can enable and disable application name and geographic location separately.
 
 Identify your single target group for each of the features. Then use the following API endpoint to change the displayAppInformationRequiredState or displayLocationInformationRequiredState properties under featureSettings to **enabled** and include or exclude the groups you want::
 
-https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
+`https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator`
 
 >[!NOTE]
 >For Passwordless phone sign-in, the Authenticator app does not retrieve policy information just in time for each sign-in request. Instead, the Authenticator app does a best effort retrieval of the policy once every 7 days. We understand this limitation is less than ideal and are working to optimize the behavior. In the meantime, if you want to force a policy update to test using additional context with Passwordless phone sign-in, you can remove and re-add the account in the Authenticator app. 
 
-#### MicrosoftAuthenticatorAuthenticationMethodConfiguration properties
+### MicrosoftAuthenticatorAuthenticationMethodConfiguration properties
 
 **PROPERTIES**
 
@@ -66,7 +66,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | includeTargets | [microsoftAuthenticatorAuthenticationMethodTarget](/graph/api/resources/passwordlessmicrosoftauthenticatorauthenticationmethodtarget) collection | A collection of users or groups who are enabled to use the authentication method. |
 | featureSettings | [microsoftAuthenticatorFeatureSettings](/graph/api/resources/passwordlessmicrosoftauthenticatorauthenticationmethodtarget) collection | A collection of Microsoft Authenticator features. |
  
-#### MicrosoftAuthenticator includeTarget properties
+### MicrosoftAuthenticator includeTarget properties
  
 **PROPERTIES**
 
@@ -76,7 +76,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | id | String | Object ID of an Azure AD user or group. |
 | targetType | authenticationMethodTargetType | Possible values are: **user**, **group**.|
 
-#### MicrosoftAuthenticator featureSettings properties
+### MicrosoftAuthenticator featureSettings properties
  
 **PROPERTIES**
 
@@ -86,7 +86,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | displayAppInformationRequiredState | authenticationMethodFeatureConfiguration | Determines whether the user is shown application name in Microsoft Authenticator notification. |
 | displayLocationInformationRequiredState | authenticationMethodFeatureConfiguration | Determines whether the user is shown geographic location context in Microsoft Authenticator notification. |
 
-#### Authentication Method Feature Configuration properties
+### Authentication Method Feature Configuration properties
 
 **PROPERTIES**
 
@@ -96,7 +96,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | includeTarget | featureTarget | A single entity that is included in this feature. <br>You can only include one group for each feature.|
 | State | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
-#### Feature Target properties
+### Feature Target properties
 
 **PROPERTIES**
 
@@ -105,7 +105,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | id | String | ID of the entity targeted. |
 | targetType | featureTargetType | The kind of entity targeted, such as group, role, or administrative unit. The possible values are: ‘group’, 'administrativeUnit’, ‘role’, unknownFutureValue’. |
 
-#### Example of how to enable additional context for all users
+### Example of how to enable additional context for all users
 
 In **featureSettings**, change **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** from **default** to **enabled**. 
 
@@ -162,7 +162,7 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 ```
  
  
-#### Example of how to enable application name and geographic location for separate groups
+### Example of how to enable application name and geographic location for separate groups
  
 In **featureSettings**, change **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** from **default** to **enabled.** 
 Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
@@ -213,10 +213,13 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 }
 ```
  
-To verify, RUN GET again and verify the ObjectID
+To verify, RUN GET again and verify the ObjectID:
+
+```http
 GET https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
- 
-#### Example of how to disable application name and only enable geographic location 
+```
+
+### Example of how to disable application name and only enable geographic location 
  
 In **featureSettings**, change the state of **displayAppInformationRequiredState** to **default** or **disabled** and **displayLocationInformationRequiredState** to **enabled.** 
 Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
@@ -267,7 +270,7 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 }
 ```
 
-#### Example of how to exclude a group from application name and geographic location 
+### Example of how to exclude a group from application name and geographic location 
  
 In **featureSettings**, change the states of **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** to from **default** to **enabled.** 
 Inside the **includeTarget** for each featureSetting, change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
@@ -319,7 +322,8 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
     ]
 }
 ```
-#### Example of removing the excluded group 
+
+### Example of removing the excluded group 
  
 In **featureSettings**, change the states of **displayAppInformationRequiredState** from **default** to **enabled.** 
 You need to change the **id** of the **excludeTarget** to `00000000-0000-0000-0000-000000000000`.
@@ -359,7 +363,7 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 }
 ```
 
-### Turn off additional context
+## Turn off additional context
 
 To turn off additional context, you'll need to PATCH **displayAppInformationRequiredState** and **displayLocationInformationRequiredState** from **enabled** to **disabled**/**default**. You can also turn off just one of the features.
 
diff --git a/articles/active-directory/authentication/how-to-mfa-number-match.md b/articles/active-directory/authentication/how-to-mfa-number-match.md
@@ -90,12 +90,12 @@ To create the registry key that overrides push notifications:
 
 Identify your single target group for the schema configuration. Then use the following API endpoint to change the numberMatchingRequiredState property under featureSettings to **enabled** and include or exclude groups:
 
-```
+```http
 https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
 ```
 
 
-#### MicrosoftAuthenticatorAuthenticationMethodConfiguration properties
+### MicrosoftAuthenticatorAuthenticationMethodConfiguration properties
 
 **PROPERTIES**
 
@@ -111,7 +111,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | includeTargets | [microsoftAuthenticatorAuthenticationMethodTarget](/graph/api/resources/passwordlessmicrosoftauthenticatorauthenticationmethodtarget?view=graph-rest-beta&preserve-view=true) collection | A collection of users or groups who are enabled to use the authentication method |
 | featureSettings | [microsoftAuthenticatorFeatureSettings](/graph/api/resources/passwordlessmicrosoftauthenticatorauthenticationmethodtarget) collection | A collection of Microsoft Authenticator features. |
  
-#### MicrosoftAuthenticator includeTarget properties
+### MicrosoftAuthenticator includeTarget properties
  
 **PROPERTIES**
 
@@ -123,7 +123,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 
 
 
-#### MicrosoftAuthenticator featureSettings properties
+### MicrosoftAuthenticator featureSettings properties
  
 **PROPERTIES**
 
@@ -133,7 +133,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | displayAppInformationRequiredState | authenticationMethodFeatureConfiguration | Determines whether the user is shown application name in Microsoft Authenticator notification. |
 | displayLocationInformationRequiredState | authenticationMethodFeatureConfiguration | Determines whether the user is shown geographic location context in Microsoft Authenticator notification. |
 
-#### Authentication Method Feature Configuration properties
+### Authentication Method Feature Configuration properties
 
 **PROPERTIES**
 
@@ -143,7 +143,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 | includeTarget | featureTarget | A single entity that is included in this feature. <br> Please note: You will be able to only set one group for number matching. |
 | State | advancedConfigState | Possible values are:<br>**enabled** explicitly enables the feature for the selected group.<br>**disabled** explicitly disables the feature for the selected group.<br>**default** allows Azure AD to manage whether the feature is enabled or not for the selected group. |
 
-#### Feature Target properties
+### Feature Target properties
 
 **PROPERTIES**
 
@@ -155,7 +155,7 @@ https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMetho
 >[!NOTE]
 >Number matching can be enabled only for a single group. 
 
-#### Example of how to enable number matching for all users
+### Example of how to enable number matching for all users
 
 In **featureSettings**, you will need to change the **numberMatchingRequiredState** from **default** to **enabled**. 
 
@@ -205,10 +205,12 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 ```
  
 To confirm this has applied, please run the GET request below using the endpoint below.
-GET - https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
- 
+
+```http
+GET https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
+```
  
-#### Example of how to enable number matching for a single group
+### Example of how to enable number matching for a single group
  
 In **featureSettings**, you will need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
 Inside the **includeTarget**, you will need to change the **id** from **all_users** to the ObjectID of the group from the Azure AD portal.
@@ -249,9 +251,12 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 ```
  
 To verify, RUN GET again and verify the ObjectID
+
+```http
 GET https://graph.microsoft.com/beta/authenticationMethodsPolicy/authenticationMethodConfigurations/MicrosoftAuthenticator
+```
  
-#### Example of removing the excluded group from number matching
+### Example of removing the excluded group from number matching
 
 In **featureSettings**, you will need to change the **numberMatchingRequiredState** value from **default** to **enabled.** 
 You need to change the **id** of the **excludeTarget** to `00000000-0000-0000-0000-000000000000`.
@@ -291,7 +296,7 @@ Only users who are enabled for Microsoft Authenticator under Microsoft Authentic
 }
 ```
 
-### Turn off number matching
+## Turn off number matching
 
 To turn number matching off, you will need to PATCH remove **numberMatchingRequiredState** from **enabled** to **disabled**/**default**.
 
