MicrosoftDocs
diff --git a/‎.acrolinx-config.edn
Lines changed: 1 addition & 1 deletion b/‎.acrolinx-config.edn
Lines changed: 1 addition & 1 deletion
diff --git a/‎.openpublishing.redirection.active-directory.json
Lines changed: 18 additions & 0 deletions b/‎.openpublishing.redirection.active-directory.json
Lines changed: 18 additions & 0 deletions
diff --git a/‎articles/active-directory/fundamentals/active-directory-deployment-checklist-p2.md
Lines changed: 18 additions & 18 deletions b/‎articles/active-directory/fundamentals/active-directory-deployment-checklist-p2.md
Lines changed: 18 additions & 18 deletions
@@ -1,2 +1,2 @@
 {:allowed-branchname-matches ["master" "release-.*"]
- :allowed-filename-matches ["articles/" "includes/"]}
+ :allowed-filename-matches ["(?i)articles/(?:(?!active-directory/saas-apps/toc.yml))" "includes/"]}
@@ -10599,7 +10599,25 @@
             "source_path": "articles/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-rest.md",
             "redirect_url": "/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-rest",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/verifiable-credentials/enable-your-tenant-verifiable-credentials.md",
+            "redirect_url": "/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant",
+            "redirect_document_id": false
+        }
+        ,
+        {
+            "source_path": "articles/active-directory/verifiable-credentials/issue-verify-verifiable-credentials-your-tenant.md",
+            "redirect_url": "/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/active-directory/verifiable-credentials/get-started-verifiable-credentials.md",
+            "redirect_url": "/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant",
+            "redirect_document_id": false
         }
+
+
 
 
     ]
 
@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: fundamentals
 ms.topic: conceptual
-ms.date: 10/29/2020
+ms.date: 12/07/2021
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -17,11 +17,11 @@ ms.collection: M365-identity-device-management
 ---
 # Azure Active Directory feature deployment guide
 
-It can seem daunting to deploy Azure Active Directory (Azure AD) for your organization and keep it secure. This article identifies common tasks that customers find helpful to complete in phases, over the course of 30, 60, 90 days, or more, to enhance their security posture. Even organizations who have already deployed Azure AD can use this guide to ensure they are getting the most out of their investment.
+It can seem scary to deploy Azure Active Directory (Azure AD) for your organization and keep it secure. This article identifies common tasks that customers find helpful to complete in phases, over the course of 30, 60, 90 days, or more, to enhance their security posture. Even organizations who have already deployed Azure AD can use this guide to ensure they're getting the most out of their investment.
 
 A well-planned and executed identity infrastructure paves the way for secure access to your productivity workloads and data by known users and devices only.
 
-Additionally customers can check their [identity secure score](identity-secure-score.md) to see how aligned they are to Microsoft best practices. Check your secure score before and after implementing these recommendations to see how well you are doing compared to others in your industry and to other organizations of your size.
+Additionally customers can check their [identity secure score](identity-secure-score.md) to see how aligned they're to Microsoft best practices. Check your secure score before and after implementing these recommendations to see how well you're doing compared to others in your industry and to other organizations of your size.
 
 ## Prerequisites
 
@@ -30,8 +30,8 @@ Many of the recommendations in this guide can be implemented with Azure AD Free
 Additional information about licensing can be found on the following pages:
 
 * [Azure AD licensing](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing)
-* [Microsoft 365 Enterprise](https://www.microsoft.com/en-us/licensing/product-licensing/microsoft-365-enterprise)
-* [Enterprise Mobility + Security](https://www.microsoft.com/en-us/licensing/product-licensing/enterprise-mobility-security)
+* [Microsoft 365 Enterprise](https://www.microsoft.com/licensing/product-licensing/microsoft-365-enterprise)
+* [Enterprise Mobility + Security](https://www.microsoft.com/licensing/product-licensing/enterprise-mobility-security)
 * [Azure AD External Identities pricing](../external-identities/external-identities-pricing.md)
 
 ## Phase 1: Build a foundation of security
@@ -40,33 +40,33 @@ In this phase, administrators enable baseline security features to create a more
 
 | Task | Detail | Required license |
 | ---- | ------ | ---------------- |
-| [Designate more than one global administrator](../roles/security-emergency-access.md) | Assign at least two cloud-only permanent global administrator accounts for use if there is an emergency. These accounts are not be used daily and should have long and complex passwords. | Azure AD Free |
+| [Create more than one global administrator](../roles/security-emergency-access.md) | Assign at least two cloud-only permanent global administrator accounts for use in an emergency. These accounts aren't be used daily and should have long and complex passwords. | Azure AD Free |
 | [Use non-global administrative roles where possible](../roles/permissions-reference.md) | Give your administrators only the access they need to only the areas they need access to. Not all administrators need to be global administrators. | Azure AD Free |
 | [Enable Privileged Identity Management for tracking admin role use](../privileged-identity-management/pim-getting-started.md) | Enable Privileged Identity Management to start tracking administrative role usage. | Azure AD Premium P2 |
-| [Roll out self-service password reset](../authentication/howto-sspr-deployment.md) | Reduce helpdesk calls for password resets by allowing staff to reset their own passwords using policies you as an administrator control. | |
-| [Create an organization specific custom banned password list](../authentication/tutorial-configure-custom-password-protection.md) | Prevent users from creating passwords that include common words or phrases from your organization or area. | |
+| [Roll out self-service password reset](../authentication/howto-sspr-deployment.md) | Reduce helpdesk calls for password resets by allowing staff to reset their own passwords using policies you as an administrator control. | Azure AD Premium P1 |
+| [Create an organization specific custom banned password list](../authentication/tutorial-configure-custom-password-protection.md) | Prevent users from creating passwords that include common words or phrases from your organization or area. | Azure AD Premium P1 |
 | [Enable on-premises integration with Azure AD password protection](../authentication/concept-password-ban-bad-on-premises.md) | Extend the banned password list to your on-premises directory, to ensure passwords set on-premises are also in compliance with the global and tenant-specific banned password lists. | Azure AD Premium P1 |
 | [Enable Microsoft's password guidance](https://www.microsoft.com/research/publication/password-guidance/) | Stop requiring users to change their password on a set schedule, disable complexity requirements, and your users are more apt to remember their passwords and keep them something that is secure. | Azure AD Free |
 | [Disable periodic password resets for cloud-based user accounts](../authentication/concept-sspr-policy.md#set-a-password-to-never-expire) | Periodic password resets encourage your users to increment their existing passwords. Use the guidelines in Microsoft's password guidance doc and mirror your on-premises policy to cloud-only users. | Azure AD Free |
-| [Customize Azure Active Directory smart lockout](../authentication/howto-password-smart-lockout.md) | Stop lockouts from cloud-based users from being replicated to on-premises Active Directory users | |
-| [Enable Extranet Smart Lockout for AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection) | AD FS extranet lockout protects against brute force password guessing attacks, while letting valid AD FS users continue to use their accounts. | |
+| [Customize Azure Active Directory smart lockout](../authentication/howto-password-smart-lockout.md) | Stop lockouts from cloud-based users from being replicated to on-premises Active Directory users | Azure AD Premium P1 |
+| [Enable Extranet Smart Lockout for AD FS](/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection) | AD FS extranet lockout protects against brute force password-guessing attacks, while letting valid AD FS users continue to use their accounts. | |
 | [Block legacy authentication to Azure AD with Conditional Access](../conditional-access/block-legacy-authentication.md) | Block legacy authentication protocols like POP, SMTP, IMAP, and MAPI that can't enforce Multi-Factor Authentication, making them a preferred entry point for adversaries. | Azure AD Premium P1 |
-| [Deploy Azure AD Multi-Factor Authentication using Conditional Access policies](../authentication/howto-mfa-getstarted.md) | Require users to perform two-step verification when accessing sensitive applications using Conditional Access policies. | Azure AD Premium P1 |
+| [Deploy Azure AD Multi-Factor Authentication using Conditional Access policies](../authentication/howto-mfa-getstarted.md) | Require users to do two-step verification when accessing sensitive applications using Conditional Access policies. | Azure AD Premium P1 |
 | [Enable Azure Active Directory Identity Protection](../identity-protection/overview-identity-protection.md) | Enable tracking of risky sign-ins and compromised credentials for users in your organization. | Azure AD Premium P2 |
 | [Use risk detections to trigger multi-factor authentication and password changes](../authentication/tutorial-risk-based-sspr-mfa.md) | Enable automation that can trigger events such as multi-factor authentication, password reset, and blocking of sign-ins based on risk. | Azure AD Premium P2 |
 | [Enable combined registration for self-service password reset and Azure AD Multi-Factor Authentication](../authentication/concept-registration-mfa-sspr-combined.md) | Allow your users to register from one common experience for both Azure AD Multi-Factor Authentication and self-service password reset. | Azure AD Premium P1 |
 
 ## Phase 2: Import users, enable synchronization, and manage devices
 
-Next, we add to the foundation laid in phase 1 by importing our users and enabling synchronization, planning for guest access, and preparing to support additional functionality.
+Next, we add to the foundation laid in phase 1 by importing our users and enabling synchronization, planning for guest access, and preparing to support more functionality.
 
 | Task | Detail | Required license |
 | ---- | ------ | ---------------- |
 | [Install Azure AD Connect](../hybrid/how-to-connect-install-select-installation.md) | Prepare to synchronize users from your existing on-premises directory to the cloud. | Azure AD Free |
 | [Implement Password Hash Sync](../hybrid/how-to-connect-password-hash-synchronization.md) | Synchronize password hashes to allow password changes to be replicated, bad password detection and remediation, and leaked credential reporting. | Azure AD Free |
 | [Implement Password Writeback](../authentication/tutorial-enable-sspr-writeback.md) | Allow password changes in the cloud to be written back to an on-premises Windows Server Active Directory environment. | Azure AD Premium P1 |
 | [Implement Azure AD Connect Health](../hybrid/whatis-azure-ad-connect.md#what-is-azure-ad-connect-health) | Enable monitoring of key health statistics for your Azure AD Connect servers, AD FS servers, and domain controllers. | Azure AD Premium P1 |
-| [Assign licenses to users by group membership in Azure Active Directory](../enterprise-users/licensing-groups-assign.md) | Save time and effort by creating licensing groups that enable or disable features by group instead of setting per user. | |
+| [Assign licenses to users by group membership in Azure Active Directory](../enterprise-users/licensing-groups-assign.md) | Save time and effort by creating licensing groups that enable or disable features by group instead of setting per user. | Azure AD Premium P1 |
 | [Create a plan for guest user access](../external-identities/what-is-b2b.md) | Collaborate with guest users by letting them sign in to your apps and services with their own work, school, or social identities. | [Azure AD External Identities pricing](../external-identities/external-identities-pricing.md) |
 | [Decide on device management strategy](../devices/overview.md) | Decide what your organization allows regarding devices. Registering vs joining, Bring Your Own Device vs company provided. | |
 | [Deploy Windows Hello for Business in your organization](/windows/security/identity-protection/hello-for-business/hello-manage-in-organization) | Prepare for passwordless authentication using Windows Hello | |
@@ -80,19 +80,19 @@ As we continue to build on the previous phases, we identify candidate applicatio
 | ---- | ------ | ---------------- |
 | Identify your applications | Identify applications in use in your organization: on-premises, SaaS applications in the cloud, and other line-of-business applications. Determine if these applications can and should be managed with Azure AD. | No license required |
 | [Integrate supported SaaS applications in the gallery](../manage-apps/add-application-portal.md) | Azure AD has a gallery that contains thousands of pre-integrated applications. Some of the applications your organization uses are probably in the gallery accessible directly from the Azure portal. | Azure AD Free |
-| [Use Application Proxy to integrate on-premises applications](../app-proxy/application-proxy-add-on-premises-application.md) | Application Proxy enables users to access on-premises applications by signing in with their Azure AD account. | |
+| [Use Application Proxy to integrate on-premises applications](../app-proxy/application-proxy-add-on-premises-application.md) | Application Proxy enables users to access on-premises applications by signing in with their Azure AD account. | Azure AD Premium P1 |
 
 ## Phase 4: Audit privileged identities, complete an access review, and manage user lifecycle
 
 Phase 4 sees administrators enforcing least privilege principles for administration, completing their first access reviews, and enabling automation of common user lifecycle tasks.
 
 | Task | Detail | Required license |
 | ---- | ------ | ---------------- |
-| [Enforce the use of Privileged Identity Management](../privileged-identity-management/pim-security-wizard.md) | Remove administrative roles from normal day to day user accounts. Make administrative users eligible to use their role after succeeding a multi-factor authentication check, providing a business justification, or requesting approval from designated approvers. | Azure AD Premium P2 |
+| [Enforce the use of Privileged Identity Management](../privileged-identity-management/pim-security-wizard.md) | Remove administrative roles from normal day-to-day user accounts. Make administrative users eligible to use their role after succeeding a multi-factor authentication check, providing a business justification, or requesting approval from approvers. | Azure AD Premium P2 |
 | [Complete an access review for Azure AD directory roles in PIM](../privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review.md) | Work with your security and leadership teams to create an access review policy to review administrative access based on your organization's policies. | Azure AD Premium P2 |
-| [Implement dynamic group membership policies](../enterprise-users/groups-dynamic-membership.md) | Use dynamic groups to automatically assign users to groups based on their attributes from HR (or your source of truth), such as department, title, region, and other attributes. |  |
-| [Implement group based application provisioning](../manage-apps/what-is-access-management.md) | Use group-based access management provisioning to automatically provision users for SaaS applications. |  |
-| [Automate user provisioning and deprovisioning](../app-provisioning/user-provisioning.md) | Remove manual steps from your employee account lifecycle to prevent unauthorized access. Synchronize identities from your source of truth (HR System) to Azure AD. |  |
+| [Implement dynamic group membership policies](../enterprise-users/groups-dynamic-membership.md) | Use dynamic groups to automatically assign users to groups based on their attributes from HR (or your source of truth), such as department, title, region, and other attributes. | Azure AD Premium P1 |
+| [Implement group based application provisioning](../manage-apps/what-is-access-management.md) | Use group-based access management provisioning to automatically provision users for SaaS applications. | Azure AD Premium P1 |
+| [Automate user provisioning and deprovisioning](../app-provisioning/user-provisioning.md) | Remove manual steps from your employee account lifecycle to prevent unauthorized access. Synchronize identities from your source of truth (HR System) to Azure AD. | Azure AD Premium P1 |
 
 ## Next steps
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`{:allowed-branchname-matches ["master" "release-.*"]`
`2`		`- :allowed-filename-matches ["articles/" "includes/"]}`
	`2`	`+ :allowed-filename-matches ["(?i)articles/(?:(?!active-directory/saas-apps/toc.yml))" "includes/"]}`