MicrosoftDocs
diff --git a/‎articles/active-directory/authentication/howto-sspr-windows.md
Lines changed: 12 additions & 13 deletions b/‎articles/active-directory/authentication/howto-sspr-windows.md
Lines changed: 12 additions & 13 deletions
diff --git a/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds.md
Lines changed: 3 additions & 1 deletion b/‎articles/active-directory/fundamentals/whats-new-sovereign-clouds.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎articles/active-directory/saas-apps/sap-successfactors-writeback-tutorial.md
Lines changed: 2 additions & 2 deletions b/‎articles/active-directory/saas-apps/sap-successfactors-writeback-tutorial.md
Lines changed: 2 additions & 2 deletions
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 03/18/2022
+ms.date: 10/13/2022
 
 ms.author: justinha
 author: justinha
@@ -17,9 +17,9 @@ ms.collection: M365-identity-device-management
 ---
 # Enable Azure Active Directory self-service password reset at the Windows sign-in screen
 
-Self-service password reset (SSPR) gives users in Azure Active Directory (Azure AD) the ability to change or reset their password, with no administrator or help desk involvement. Typically, users open a web browser on another device to access the [SSPR portal](https://aka.ms/sspr). To improve the experience on computers that run Windows 7, 8, 8.1, and 10, you can enable users to reset their password at the Windows sign-in screen.
+Self-service password reset (SSPR) gives users in Azure Active Directory (Azure AD) the ability to change or reset their password, with no administrator or help desk involvement. Typically, users open a web browser on another device to access the [SSPR portal](https://aka.ms/sspr). To improve the experience on computers that run Windows 7, 8, 8.1, 10, and 11 you can enable users to reset their password at the Windows sign-in screen.
 
-![Example Windows 7 and 10 login screens with SSPR link shown](./media/howto-sspr-windows/windows-reset-password.png)
+![Example Windows login screens with SSPR link shown](./media/howto-sspr-windows/windows-reset-password.png)
 
 > [!IMPORTANT]
 > This tutorial shows an administrator how to enable SSPR for Windows devices in an enterprise.
@@ -37,7 +37,6 @@ The following limitations apply to using SSPR from the Windows sign-in screen:
 - Hybrid Azure AD joined machines must have network connectivity line of sight to a domain controller to use the new password and update cached credentials. This means that devices must either be on the organization's internal network or on a VPN with network access to an on-premises domain controller.
 - If using an image, prior to running sysprep ensure that the web cache is cleared for the built-in Administrator prior to performing the CopyProfile step. More information about this step can be found in the support article [Performance poor when using custom default user profile](https://support.microsoft.com/help/4056823/performance-issue-with-custom-default-user-profile).
 - The following settings are known to interfere with the ability to use and reset passwords on Windows 10 devices:
-    - If Ctrl+Alt+Del is required by policy in Windows 10, **Reset password** won't work.
     - If lock screen notifications are turned off, **Reset password** won't work.
     - *HideFastUserSwitching* is set to enabled or 1
     - *DontDisplayLastUserName* is set to enabled or 1
@@ -55,11 +54,11 @@ The following limitations apply to using SSPR from the Windows sign-in screen:
 > These limitations also apply to Windows Hello for Business PIN reset from the device lock screen.
 >
 
-## Windows 10 password reset
+## Windows 11 and 10 password reset
 
-To configure a Windows 10 device for SSPR at the sign-in screen, review the following prerequisites and configuration steps.
+To configure a Windows 11 or 10 device for SSPR at the sign-in screen, review the following prerequisites and configuration steps.
 
-### Windows 10 prerequisites
+### Windows 11 and 10 prerequisites
 
 - An administrator [must enable Azure AD self-service password reset from the Azure portal](tutorial-enable-sspr.md).
 - Users must register for SSPR before using this feature at [https://aka.ms/ssprsetup](https://aka.ms/ssprsetup)
@@ -71,17 +70,17 @@ To configure a Windows 10 device for SSPR at the sign-in screen, review the foll
     - Azure AD joined
     - Hybrid Azure AD joined
 
-### Enable for Windows 10 using Microsoft Endpoint Manager
+### Enable for Windows 11 and 10 using Microsoft Endpoint Manager
 
 Deploying the configuration change to enable SSPR from the login screen using Microsoft Endpoint Manager is the most flexible method. Microsoft Endpoint Manager allows you to deploy the configuration change to a specific group of machines you define. This method requires Microsoft Endpoint Manager enrollment of the device.
 
 #### Create a device configuration policy in Microsoft Endpoint Manager
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and select **Endpoint Manager**.
 1. Create a new device configuration profile by going to **Device configuration** > **Profiles**, then select **+ Create Profile**
-   - For **Platform** choose *Windows 10 and later*
+   - For **Platform** choose *Windows 11 and later*
    - For **Profile type**, choose *Custom*
-1. Select **Create**, then provide a meaningful name for the profile, such as *Windows 10 sign-in screen SSPR*
+1. Select **Create**, then provide a meaningful name for the profile, such as *Windows 11 sign-in screen SSPR*
 
     Optionally, provide a meaningful description of the profile, then select **Next**.
 1. Under *Configuration settings*, select **Add** and provide the following OMA-URI setting to enable the reset password link:
@@ -99,7 +98,7 @@ Deploying the configuration change to enable SSPR from the login screen using Mi
 1. Configure applicability rules as desired for your environment, such as to *Assign profile if OS edition is Windows 10 Enterprise*, then select **Next**.
 1. Review your profile, then select **Create**.
 
-### Enable for Windows 10 using the Registry
+### Enable for Windows 11 and 10 using the Registry
 
 To enable SSPR at the sign-in screen using a registry key, complete the following steps:
 
@@ -112,13 +111,13 @@ To enable SSPR at the sign-in screen using a registry key, complete the followin
        "AllowPasswordReset"=dword:00000001
     ```
 
-### Troubleshooting Windows 10 password reset
+### Troubleshooting Windows 11 and 10 password reset
 
 If you have problems with using SSPR from the Windows sign-in screen, the Azure AD audit log includes information about the IP address and *ClientType* where the password reset occurred, as shown in the following example output:
 
 ![Example Windows 7 password reset in the Azure AD Audit log](media/howto-sspr-windows/windows-7-sspr-azure-ad-audit-log.png)
 
-When users reset their password from the sign-in screen of a Windows 10 device, a low-privilege temporary account called `defaultuser1` is created. This account is used to keep the password reset process secure.
+When users reset their password from the sign-in screen of a Windows 11 or 10 device, a low-privilege temporary account called `defaultuser1` is created. This account is used to keep the password reset process secure.
 
 The account itself has a randomly generated password, which is validated against an organizations password policy, doesn't show up for device sign-in, and is automatically removed after the user resets their password. Multiple `defaultuser` profiles may exist but can be safely ignored.
 
 
@@ -23,7 +23,7 @@ This page is updated monthly, so revisit it regularly.
 
 
 
-## September 2022
+## October 2022
 
 ### General Availability - Azure AD certificate-based authentication
 
@@ -65,6 +65,8 @@ For more information on how to use this feature, see: [Dynamic membership rule f
 
 ---
 
+## September 2022
+
 
 ### General Availability - No more waiting, provision groups on demand into your SaaS applications.
 
 
@@ -327,7 +327,7 @@ Once the SuccessFactors provisioning app configurations have been completed, you
    > ![Select Writeback scope](./media/sap-successfactors-inbound-provisioning/select-writeback-scope.png)
 
    > [!NOTE]
-   > The SuccessFactors Writeback provisioning app does not support "group assignment". Only "user assignment" is supported. 
+   > SuccessFactors Writeback provisioning apps created after 12-Oct-2022 support the "group assignment" feature. If you created the app prior to 12-Oct-2022, it will only have "user assignment" support. To use the "group assignment" feature, create a new instance of the SuccessFactors Writeback application and move your existing mapping configurations to this app. 
 
 1. Click **Save**.
 
@@ -350,4 +350,4 @@ Refer to the [Writeback scenarios section](../app-provisioning/sap-successfactor
 * [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
 * [Learn how to configure single sign-on between SuccessFactors and Azure Active Directory](successfactors-tutorial.md)
 * [Learn how to integrate other SaaS applications with Azure Active Directory](tutorial-list.md)
-* [Learn how to export and import your provisioning configurations](../app-provisioning/export-import-provisioning-configuration.md)
+* [Learn how to export and import your provisioning configurations](../app-provisioning/export-import-provisioning-configuration.md)