Merge pull request #251365 from Justinha/steps-auth-2

prmerger-automator[bot] · web-flow · commit a880913c17ac · 2023-09-14T00:01:58.000Z
revised portal steps
diff --git a/articles/active-directory/authentication/how-to-authentication-sms-supported-apps.md b/articles/active-directory/authentication/how-to-authentication-sms-supported-apps.md
@@ -25,7 +25,7 @@ SMS-based authentication is available to Microsoft apps integrated with the Micr
 | Microsoft One Note | ● |   |
 | Microsoft Teams | ● | ● |
 | Company portal | ● | ● |
-| My Apps Portal | ● |Not available|
+| My Apps portal | ● |Not available|
 | Microsoft Forms | ● |Not available|
 | Microsoft Edge | ● |   |
 | Microsoft Power BI | ● |   |
@@ -36,17 +36,17 @@ SMS-based authentication is available to Microsoft apps integrated with the Micr
 
 *_SMS sign-in isn't available for office applications, such as Word, Excel, etc., when accessed directly on the web, but is available when accessed through the [Office 365 web app](https://www.office.com)_
 
-The above mentioned Microsoft apps support SMS sign-in is because they use the Microsoft Identity login (`https://login.microsoftonline.com/`), which allows user to enter phone number and SMS code.
+The above mentioned Microsoft apps support SMS sign-in is because they use the Microsoft Identity login (`https://login.microsoftonline.com/`), which allows users to enter phone number and SMS code.
 
 ## Unsupported Microsoft apps
 
 Microsoft 365 desktop (Windows or Mac) apps and Microsoft 365 web apps (except MS One Note) that are accessed directly on the web don't support SMS sign-in. These apps use the Microsoft Office login (`https://office.live.com/start/*`) that requires a password to sign in.
-For the same reason, Microsoft Office mobile apps (except Microsoft Teams, Company Portal, and Microsoft Azure) don't support SMS sign-in.
+For the same reason, Microsoft Office mobile apps (except Microsoft Teams, Company portal, and Microsoft Azure) don't support SMS sign-in.
 
 | Unsupported Microsoft apps| Examples |
 | --- | --- |
 | Native desktop Microsoft apps | Microsoft Teams, O365 apps, Word, Excel, etc.|
-| Native mobile Microsoft apps (except Microsoft Teams, Company Portal, and Microsoft Azure) | Outlook, Edge, Power BI, Stream, SharePoint, Power Apps, Word, etc.|
+| Native mobile Microsoft apps (except Microsoft Teams, Company portal, and Microsoft Azure) | Outlook, Edge, Power BI, Stream, SharePoint, Power Apps, Word, etc.|
 | Microsoft 365 web apps (accessed directly on web) | [Outlook](https://outlook.live.com/owa/), [Word](https://office.live.com/start/Word.aspx), [Excel](https://office.live.com/start/Excel.aspx), [PowerPoint](https://office.live.com/start/PowerPoint.aspx)|  
 
 ## Support for Non-Microsoft apps 
diff --git a/articles/active-directory/authentication/how-to-mfa-registration-campaign.md b/articles/active-directory/authentication/how-to-mfa-registration-campaign.md
@@ -19,16 +19,16 @@ ms.collection: M365-identity-device-management
 
 # How to run a registration campaign to set up Microsoft Authenticator - Microsoft Authenticator
 
-You can nudge users to set up Microsoft Authenticator during sign-in. Users will go through their regular sign-in, perform multifactor authentication as usual, and then be prompted to set up Microsoft Authenticator. You can include or exclude users or groups to control who gets nudged to set up the app. This allows targeted campaigns to move users from less secure authentication methods to the Authenticator app.  
+You can nudge users to set up Microsoft Authenticator during sign-in. Users go through their regular sign-in, perform multifactor authentication as usual, and then get prompted to set up Microsoft Authenticator. You can include or exclude users or groups to control who gets nudged to set up the app. This allows targeted campaigns to move users from less secure authentication methods to Authenticator.  
 
-In addition to choosing who can be nudged, you can define how many days a user can postpone, or "snooze", the nudge. If a user taps **Not now** to postpone the app setup, they'll be nudged again on the next MFA attempt after the snooze duration has elapsed. Users with free and trial subscriptions can postpone the app setup up to three times.
+You can also define how many days a user can postpone, or "snooze," the nudge. If a user taps **Not now** to postpone the app setup, they get nudged again on the next MFA attempt after the snooze duration has elapsed. Users with free and trial subscriptions can postpone the app setup up to three times.
 
 >[!NOTE]
 >As users go through their regular sign-in, Conditional Access policies that govern security info registration apply before the user is prompted to set up Authenticator. For example, if a Conditional Access policy requires security info updates can only occur on an internal network, then users won't be prompted to set up Authenticator unless they are on the internal network. 
 
 ## Prerequisites 
 
-- Your organization must have enabled Azure AD Multi-Factor Authentication. Every edition of Azure AD includes Azure AD Multi-Factor Authentication. No additional license is needed for a registration campaign.
+- Your organization must have enabled Azure AD Multi-Factor Authentication. Every edition of Azure AD includes Azure AD Multi-Factor Authentication. No other license is needed for a registration campaign.
 - Users can't have already set up the Authenticator app for push notifications on their account. 
 - Admins need to enable users for the Authenticator app using one of these policies:  
   - MFA Registration Policy: Users will need to be enabled for **Notification through mobile app**.  
@@ -70,8 +70,10 @@ In addition to choosing who can be nudged, you can define how many days a user c
  
    ![Snooze installation](./media/how-to-nudge-authenticator-app/snooze.png)
 
+
 ## Enable the registration campaign policy using the Microsoft Entra admin center
 
+
 To enable a registration campaign in the Microsoft Entra admin center, complete the following steps:
 
 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
@@ -132,7 +134,7 @@ Here are a few sample JSONs you can use to get started!
 
 - Include all users 
   
-  If you want to include ALL users in your tenant simply [download this JSON](https://download.microsoft.com/download/1/4/E/14E6151E-C40A-42FB-9F66-D8D374D13B40/All%20Users%20Enabled.json) and paste it in Graph Explorer and run `PATCH` on the endpoint. 
+  If you want to include ALL users in your tenant, [download this JSON](https://download.microsoft.com/download/1/4/E/14E6151E-C40A-42FB-9F66-D8D374D13B40/All%20Users%20Enabled.json) and paste it in Graph Explorer and run `PATCH` on the endpoint. 
 
   ```json
   {
@@ -219,8 +221,7 @@ Here are a few sample JSONs you can use to get started!
 
 ### Identify the GUIDs of users to insert in the JSONs
 
-1. Navigate to the Azure portal.
-1. Tap **Azure Active Directory**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
 1. In the **Manage** blade, tap **Users**.
 1. In the **Users** page, identify the specific user you want to target.
 1. When you tap the specific user, you’ll see their **Object ID**, which is the user’s GUID.
@@ -229,8 +230,7 @@ Here are a few sample JSONs you can use to get started!
 
 ### Identify the GUIDs of groups to insert in the JSONs
 
-1. Navigate to the Azure portal.
-1. Tap **Azure Active Directory**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
 1. In the **Manage** blade, tap **Groups**.
 1. In the **Groups** page, identify the specific group you want to target.
 1. Tap the group and get the **Object ID**.
@@ -271,9 +271,9 @@ Nudge is available only on browsers and not on applications.
 
 Nudge is not available on mobile devices.
 
-**How long will the campaign run for?** 
+**How long does the campaign run for?** 
 
-You can use the APIs to enable the campaign for as long as you like. Whenever you want to be done running the campaign, simply use the APIs to disable the campaign.  
+You can enable the campaign for as long as you like. Whenever you want to be done running the campaign, use the admin center or APIs to disable the campaign.  
 
 **Can each group of users have a different snooze duration?** 
 
@@ -291,7 +291,7 @@ If this user doesn’t have the Authenticator app set up for push notifications
 
 Yes. If the Authenticator app is not set up for push notifications and the user is enabled for it by policy, yes, the user will see the nudge.
 
-**If a user just went through MFA registration, will they be nudged in the same sign-in session?** 
+**If a user just went through MFA registration, are they nudged in the same sign-in session?** 
 
 No. To provide a good user experience, users won't be nudged to set up the Authenticator in the same session that they registered other authentication methods.  
 
@@ -301,11 +301,11 @@ No. The feature, for now, aims to nudge users to set up the Authenticator app on
 
 **Is there a way for me to hide the snooze option and force my users to setup the Authenticator app?**  
 
-Users in organizations with free and trial subscriptions can postpone the app setup up to three times. There is no way to hide the snooze option on the nudge for organizations with paid subscriptions yet. You can set the snoozeDuration to 0, which will ensure that users will see the nudge during each MFA attempt.  
+Users in organizations with free and trial subscriptions can postpone the app setup up to three times. There is no way to hide the snooze option on the nudge for organizations with paid subscriptions yet. You can set the snoozeDuration to 0, which ensures that users see the nudge during each MFA attempt.  
 
 **Will I be able to nudge my users if I am not using Azure AD Multi-Factor Authentication?** 
 
-No. The nudge will only work for users who are doing MFA using the Azure AD Multi-Factor Authentication service. 
+No. The nudge only works for users who are doing MFA using the Azure AD Multi-Factor Authentication service. 
 
 **Will Guest/B2B users in my tenant be nudged?** 
 
diff --git a/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md b/articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md
@@ -271,7 +271,7 @@ For information about compliant security keys, see [FIDO2 security keys](concept
 
 ### What can I do if I lose my security key?
 
-To delete an enrolled security key, sign in to the [Azure portal](https://portal.azure.com), and then go to the **Security info** page.
+To delete an enrolled security key, sign in to the [Microsoft Entra admin center](https://entra.microsoft.com), and then go to the **Security info** page.
 
 ### What can I do if I'm unable to use the FIDO security key immediately after I create a hybrid Azure AD-joined machine?
 
diff --git a/articles/active-directory/authentication/howto-authentication-sms-signin.md b/articles/active-directory/authentication/howto-authentication-sms-signin.md
@@ -59,9 +59,8 @@ There are three main steps to enable and use SMS-based authentication in your or
 
 First, let's enable SMS-based authentication for your Azure AD tenant.
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
-1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
-1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** >  **Policies**.
 1. From the list of available authentication methods, select **SMS**.
 
     ![Screenshot that shows how to select the SMS authentication method.](./media/howto-authentication-sms-signin/authentication-methods-policy.png)
diff --git a/articles/active-directory/authentication/howto-authentication-temporary-access-pass.md b/articles/active-directory/authentication/howto-authentication-temporary-access-pass.md
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 06/14/2023
+ms.date: 09/23/2023
 
 ms.author: justinha
 author: tilarso 
@@ -27,7 +27,7 @@ A Temporary Access Pass is a time-limited passcode that can be configured for si
 
 A Temporary Access Pass also makes recovery easier when a user has lost or forgotten their strong authentication factor like a FIDO2 security key or Microsoft Authenticator app, but needs to sign in to register new strong authentication methods.
 
-This article shows you how to enable and use a Temporary Access Pass in Azure AD using the Azure portal. 
+This article shows you how to enable and use a Temporary Access Pass in Azure AD using the the [Microsoft Entra admin center](https://entra.microsoft.com). 
 You can also perform these actions using the REST APIs. 
 
 ## Enable the Temporary Access Pass policy
@@ -39,9 +39,8 @@ Although you can create a Temporary Access Pass for any user, only users include
 Global administrator and Authentication Policy administrator role holders can update the Temporary Access Pass authentication method policy.
 To configure the Temporary Access Pass authentication method policy:
 
-1. Sign in to the [Azure portal](https://portal.azure.com) using an account with *global administrator* permissions.
-1. Search for and select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
-1. Under the **Manage** menu header, select **Authentication methods** >  **Policies**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods** >  **Policies**.
 1. From the list of available authentication methods, select **Temporary Access Pass**.
 
    :::image type="content" border="true" source="./media/how-to-authentication-temporary-access-pass/select-temporary-access-pass-policy.png" alt-text="Screenshot of how to manage Temporary Access Pass within the authentication method policy experience.":::
@@ -76,11 +75,9 @@ These roles can perform the following actions related to a Temporary Access Pass
 - Authentication Administrators can create, delete, and view a Temporary Access Pass on members  (except themselves)
 - Global Reader can view the Temporary Access Pass details on the user (without reading the code itself).
 
-1. Sign in to the [Azure portal](https://portal.azure.com) by using one of the preceding roles. 
-1. Select **Azure Active Directory**, browse to Users, select a user, such as *Chris Green*, then choose **Authentication methods**.
-1. If needed, select the option to **Try the new user authentication methods experience**.
-1. Select the option to **Add authentication methods**.
-1. Below **Choose method**, select **Temporary Access Pass**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
+1. Browse to **Protection** > **Authentication methods**.
+1. Select **Temporary Access Pass**.
 1. Define a custom activation time or duration and select **Add**.
 
    ![Screenshot of how to create a Temporary Access Pass.](./media/how-to-authentication-temporary-access-pass/create.png)
