MicrosoftDocs
diff --git a/‎.openpublishing.redirection.json
Lines changed: 40 additions & 0 deletions b/‎.openpublishing.redirection.json
Lines changed: 40 additions & 0 deletions
diff --git a/‎articles/active-directory/authentication/howto-mfa-reporting.md
Lines changed: 52 additions & 0 deletions b/‎articles/active-directory/authentication/howto-mfa-reporting.md
Lines changed: 52 additions & 0 deletions
diff --git a/‎articles/active-directory/conditional-access/howto-baseline-protect-end-users.md
Lines changed: 1 addition & 1 deletion b/‎articles/active-directory/conditional-access/howto-baseline-protect-end-users.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/active-directory/conditional-access/howto-baseline-protect-legacy-auth.md
Lines changed: 3 additions & 3 deletions b/‎articles/active-directory/conditional-access/howto-baseline-protect-legacy-auth.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/active-directory/develop/authentication-national-cloud.md
Lines changed: 13 additions & 13 deletions b/‎articles/active-directory/develop/authentication-national-cloud.md
Lines changed: 13 additions & 13 deletions
@@ -13740,6 +13740,26 @@
       "redirect_url": "/azure/sql-database/sql-database-auditing",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-migrate-code.md",
+      "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-overview-develop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-migrate-data.md",
+      "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-overview-develop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-migrate-schema.md",
+      "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-overview-develop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sql-data-warehouse/sql-data-warehouse-overview-migrate.md",
+      "redirect_url": "/azure/sql-data-warehouse/sql-data-warehouse-overview-develop",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/sql-database/sql-database-auditing-get-started.md",
       "redirect_url": "/azure/sql-database/sql-database-auditing",
@@ -39343,6 +39363,26 @@
       "redirect_url": "/azure/media-services/video-indexer/use-editor-create-project",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/app-service-mobile-migrating-from-mobile-services.md",
+      "redirect_url": "/azure/app-service-mobile",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/app-service-mobile-net-upgrading-from-mobile-services.md",
+      "redirect_url": "/azure/app-service-mobile",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/app-service-mobile-node-backend-upgrading-from-mobile-services.md",
+      "redirect_url": "/azure/app-service-mobile",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "articles/app-service-mobile-value-prop-migration-from-mobile-services.md",
+      "redirect_url": "/azure/app-service-mobile",
+      "redirect_document_id": true
+    },
     {
       "source_path": "articles/azure-monitor/app/asp-net-core-no-visualstudio.md",
       "redirect_url": "/azure/azure-monitor/app/asp-net-core",
 
@@ -131,6 +131,58 @@ Identify users who have not registered for MFA using the PowerShell that follows
 
 ```Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName```
 
+## Possible results in activity reports
+
+The following table may be used to troubleshoot multi-factor authentication using the downloaded version of the multi-factor authentication activity report. They will not appear directly in the Azure portal.
+
+| Call Result | Description | Broad description |
+| --- | --- | --- |
+| SUCCESS_WITH_PIN | PIN Entered | The user entered a PIN.  If authentication succeeded then they entered the correct PIN.  If authentication is denied, then they entered an incorrect PIN or the user is set to Standard mode. |
+| SUCCESS_NO_PIN | Only # Entered | If the user is set to PIN mode and the authentication is denied, this means the user did not enter their PIN and only entered #.  If the user is set to Standard mode and the authentication succeeds this means the user only entered # which is the correct thing to do in Standard mode. |
+| SUCCESS_WITH_PIN_BUT_TIMEOUT | # Not Pressed After Entry | The user did not send any DTMF digits since # was not entered.  Other digits entered are not sent unless # is entered indicating the completion of the entry. |
+|SUCCESS_NO_PIN_BUT_TIMEOUT | No Phone Input - Timed Out | The call was answered, but there was no response.  This typically indicates the call was picked up by voicemail. |
+| SUCCESS_PIN_EXPIRED | PIN Expired and Not Changed | The user's PIN is expired and they were prompted to change it, but the PIN change was not successfully completed. |
+| SUCCESS_USED_CACHE | Used Cache | Authentication succeeded without a Multi-Factor Authentication call since a previous successful authentication for the same username occurred within the configured cache timeframe. |
+| SUCCESS_BYPASSED_AUTH | Bypassed Auth | Authentication succeeded using a One-Time Bypass initiated for the user.  See the Bypassed User History Report for more details on the bypass. |
+| SUCCESS_USED_IP_BASED_CACHE | Used IP-based Cache | Authentication succeeded without a Multi-Factor Authentication call since a previous successful authentication for the same username, authentication type, application name, and IP occurred within the configured cache timeframe. |
+| SUCCESS_USED_APP_BASED_CACHE | Used App-based Cache | Authentication succeeded without a Multi-Factor Authentication call since a previous successful authentication for the same username, authentication type, and application name within the configured cache timeframe. |
+| SUCCESS_INVALID_INPUT | Invalid Phone Input | The response sent from the phone is not valid.  This could be from a fax machine or modem or the user may have entered * as part of their PIN. |
+| SUCCESS_USER_BLOCKED | User is Blocked | The user's phone number is blocked.  A blocked number can be initiated by the user during an authentication call or by an administrator using the Azure portal. <br> NOTE:  A blocked number is also a byproduct of a Fraud Alert. |
+| SUCCESS_SMS_AUTHENTICATED | Text Message Authenticated | For two-way test message, the user correctly replied with their one-time passcode (OTP) or OTP + PIN. |
+| SUCCESS_SMS_SENT | Text Message Sent | For Text Message, the text message containing the one-time passcode (OTP) was successfully sent.  The user will enter the OTP or OTP + PIN in the application to complete the authentication. |
+| SUCCESS_PHONE_APP_AUTHENTICATED | Mobile App Authenticated | The user successfully authenticated via the mobile app. |
+| SUCCESS_OATH_CODE_PENDING | OATH Code Pending | The user was prompted for their OATH code but didn't respond. |
+| SUCCESS_OATH_CODE_VERIFIED | OATH Code Verified | The user entered a valid OATH code when prompted. |
+| SUCCESS_FALLBACK_OATH_CODE_VERIFIED | Fallback OATH Code Verified | The user was denied authentication using their primary Multi-Factor Authentication method and then provided a valid OATH code for fallback. |
+| SUCCESS_FALLBACK_SECURITY_QUESTIONS_ANSWERED | Fallback Security Questions Answered | The user was denied authentication using their primary Multi-Factor Authentication method and then answered their security questions correctly for fallback. |
+| FAILED_PHONE_BUSY | Auth Already In Progress | Multi-Factor Authentication is already processing an authentication for this user.  This is often caused by RADIUS clients that send multiple authentication requests during the same sign-on. |
+| CONFIG_ISSUE | Phone Unreachable | Call was attempted, but either could not be placed or was not answered.  This includes busy signal, fast busy signal (disconnected), tri-tones (number no longer in service), timed out while ringing, etc. |
+| FAILED_INVALID_PHONENUMBER | Invalid Phone Number Format | The phone number has an invalid format.  Phone numbers must be numeric and must be 10 digits for country code +1 (United States & Canada). |
+| FAILED_USER_HUNGUP_ON_US | User Hung Up the Phone | The user answered the phone, but then hung up without pressing any buttons. |
+| FAILED_INVALID_EXTENSION | Invalid Extension | The extension contains invalid characters.  Only digits, commas, *, and # are allowed.  An @ prefix may also be used. |
+| FAILED_FRAUD_CODE_ENTERED | Fraud Code Entered | The user elected to report fraud during the call resulting in a denied authentication and a blocked phone number.| 
+| FAILED_SERVER_ERROR | Unable to Place Call | The Multi-Factor Authentication service was unable to place the call. |
+| FAILED_SMS_NOT_SENT | Text Message Could Not Be Sent | The text message could not be sent.  The authentication is denied. |
+| FAILED_SMS_OTP_INCORRECT | Text Message OTP Incorrect | The user entered an incorrect one-time passcode (OTP) from the text message they received.  The authentication is denied. |
+| FAILED_SMS_OTP_PIN_INCORRECT | Text Message OTP + PIN Incorrect | The user entered an incorrect one-time passcode (OTP) and/or an incorrect user PIN.  The authentication is denied. |
+| FAILED_SMS_MAX_OTP_RETRY_REACHED | Exceeded Maximum Text Message OTP Attempts | The user has exceeded the maximum number of one-time passcode (OTP) attempts. |
+| FAILED_PHONE_APP_DENIED | Mobile App Denied | The user denied the authentication in the mobile app by pressing the Deny button. |
+| FAILED_PHONE_APP_INVALID_PIN | Mobile App Invalid PIN | The user entered an invalid PIN when authenticating in the mobile app. |
+| FAILED_PHONE_APP_PIN_NOT_CHANGED | Mobile App PIN Not Changed | The user did not successfully complete a required PIN change in the mobile app. |
+| FAILED_FRAUD_REPORTED | Fraud Reported | The user reported fraud in the mobile app. |
+| FAILED_PHONE_APP_NO_RESPONSE | Mobile App No Response | The user did not respond to the mobile app authentication request. |
+| FAILED_PHONE_APP_ALL_DEVICES_BLOCKED | Mobile App All Devices Blocked | The mobile app devices for this user are no longer responding to notifications and have been blocked. |
+| FAILED_PHONE_APP_NOTIFICATION_FAILED | Mobile App Notification Failed | A failure occurred when attempting to send a notification to the mobile app on the user's device. |
+| FAILED_PHONE_APP_INVALID_RESULT | Mobile App Invalid Result | The mobile app returned an invalid result. |
+| FAILED_OATH_CODE_INCORRECT | OATH Code Incorrect | The user entered an incorrect OATH code.  The authentication is denied. |
+| FAILED_OATH_CODE_PIN_INCORRECT | OATH Code + PIN Incorrect | The user entered an incorrect OATH code and/or an incorrect user PIN.  The authentication is denied. |
+| FAILED_OATH_CODE_DUPLICATE | Duplicate OATH Code | The user entered an OATH code that was previously used.  The authentication is denied. |
+| FAILED_OATH_CODE_OLD | OATH Code Out of Date | The user entered an OATH code that precedes an OATH code that was previously used.  The authentication is denied. |
+| FAILED_OATH_TOKEN_TIMEOUT | OATH Code Result Timeout | The user took too long to enter the OATH code and the Multi-Factor Authentication attempt had already timed out. |
+| FAILED_SECURITY_QUESTIONS_TIMEOUT | Security Questions Result Timeout | The user took too long to enter answer to security questions and the Multi-Factor Authentication attempt had already timed out. |
+| FAILED_AUTH_RESULT_TIMEOUT | Auth Result Timeout | The user took too long to complete the Multi-Factor Authentication attempt. |
+| FAILED_AUTHENTICATION_THROTTLED | Authentication Throttled | The Multi-Factor Authentication attempt was throttled by the service. |
+
 ## Next steps
 
 * [For Users](../user-help/multi-factor-authentication-end-user.md)
 
@@ -72,7 +72,7 @@ This baseline policy provides you the option to exclude users. Before enabling t
 
 The policy **Baseline policy: End user protection (preview)** comes pre-configured and will show up at the top when you navigate to the Conditional Access blade in Azure portal.
 
-To enable this policy and protect your administrators:
+To enable this policy and protect your users:
 
 1. Sign in to the **Azure portal** as global administrator, security administrator, or conditional access administrator.
 1. Browse to **Azure Active Directory** > **Conditional Access**.
 
@@ -20,7 +20,7 @@ ms.collection: M365-identity-device-management
 To give your users easy access to your cloud apps, Azure Active Directory (Azure AD) supports a broad variety of authentication protocols including legacy authentication. Legacy authentication is a term that refers to an authentication request made by:
 
 * Older Office clients that do not use modern authentication (for example, Office 2010 client)
-* Any client that uses legacy mail protocols such as IMAP/SMPT/POP3
+* Any client that uses legacy mail protocols such as IMAP/SMTP/POP3
 
 Today, majority of all compromising sign-in attempts come from legacy authentication. Legacy authentication does not support multi-factor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can authenticate using a legacy protocol and bypass MFA.
 
@@ -102,7 +102,7 @@ Steps for enabling modern authentication be found in the following articles:
 
 The policy **Baseline policy: Block legacy authentication (preview)** comes pre-configured and will show up at the top when you navigate to the Conditional Access blade in Azure portal.
 
-To enable this policy and protect your administrators:
+To enable this policy and protect your organization:
 
 1. Sign in to the **Azure portal** as global administrator, security administrator, or conditional access administrator.
 1. Browse to **Azure Active Directory** > **Conditional Access**.
@@ -117,4 +117,4 @@ For more information, see:
 
 * [Conditional access baseline protection policies](concept-baseline-protection.md)
 * [Five steps to securing your identity infrastructure](../../security/azure-ad-secure-steps.md)
-* [What is conditional access in Azure Active Directory?](overview.md)
+* [What is conditional access in Azure Active Directory?](overview.md)
@@ -24,19 +24,19 @@ ms.collection: M365-identity-device-management
 
 National clouds are physically isolated instances of Azure. These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries.
 
-Including global cloud, Azure Active Directory is deployed in the following National clouds:  
+Including the global cloud, Azure Active Directory (Azure AD) is deployed in the following national clouds:  
 
-- Azure US Government
+- Azure Government
 - Azure Germany
 - Azure China 21Vianet
 
-National clouds are unique and different environment than Azure global. Therefore, it is important to be aware of some key differences while developing your application for these environments such as registering applications, acquiring tokens, and configuring endpoints.
+National clouds are unique and a separate environment from Azure global. It's important to be aware of key differences while developing your application for these environments. Differences include registering applications, acquiring tokens, and configuring endpoints.
 
 ## App registration endpoints
 
-There's a separate Azure portal for each one of the national clouds. To integrate applications with the Microsoft Identity Platform in a national cloud, you are required to register your application separately in each of the Azure portal specific to the environment.
+There's a separate Azure portal for each one of the national clouds. To integrate applications with the Microsoft identity platform in a national cloud, you're required to register your application separately in each Azure portal that's specific to the environment.
 
-The following table lists the base URLs for the Azure Active Directory (Azure AD) endpoints used to register an application for each national cloud.
+The following table lists the base URLs for the Azure AD endpoints used to register an application for each national cloud.
 
 | National cloud | Azure AD portal endpoint |
 |----------------|--------------------------|
@@ -49,33 +49,33 @@ The following table lists the base URLs for the Azure Active Directory (Azure AD
 
 All the national clouds authenticate users separately in each environment and have separate authentication endpoints.
 
-The following table lists the base URLs for the Azure Active Directory (Azure AD) endpoints used to acquire tokens for each national cloud.
+The following table lists the base URLs for the Azure AD endpoints used to acquire tokens for each national cloud.
 
-| National cloud | Azure AD auth endpoint |
+| National cloud | Azure AD authentication endpoint |
 |----------------|-------------------------|
 | Azure AD for US Government | `https://login.microsoftonline.us` |
 | Azure AD Germany| `https://login.microsoftonline.de` |
 | Azure AD China operated by 21Vianet | `https://login.chinacloudapi.cn` |
 | Azure AD (global service)| `https://login.microsoftonline.com` |
 
-- Requests to the Azure AD authorization or token endpoints can be formed using the appropriate region-specific base URL. For example, for Azure Germany:
+You can form requests to the Azure AD authorization or token endpoints by using the appropriate region-specific base URL. For example, for Azure Germany:
 
   - Authorization common endpoint is `https://login.microsoftonline.de/common/oauth2/authorize`.
   - Token common endpoint is `https://login.microsoftonline.de/common/oauth2/token`.
 
-- For single-tenant applications, replace common in the previous URLs with your tenant ID or name, for example, `https://login.microsoftonline.de/contoso.com`.
+For single-tenant applications, replace "common" in the previous URLs with your tenant ID or name. An example is `https://login.microsoftonline.de/contoso.com`.
 
 > [!NOTE]
-> The [Azure AD v2.0 authorization]( https://docs.microsoft.com/azure/active-directory/develop/active-directory-appmodel-v2-overview) and token endpoints are only available for the global service. It is not yet supported for national cloud deployments.
+> The [Azure AD v2.0 authorization]( https://docs.microsoft.com/azure/active-directory/develop/active-directory-appmodel-v2-overview) and token endpoints are available only for the global service. They're not supported for national cloud deployments.
 
 ## Microsoft Graph API
 
-To learn how to call the Microsoft Graph APIs in National Cloud environment go to [Microsoft Graph in national cloud](https://developer.microsoft.com/graph/docs/concepts/deployments).
+To learn how to call the Microsoft Graph APIs in a national cloud environment, go to [Microsoft Graph in national cloud deployments](https://developer.microsoft.com/graph/docs/concepts/deployments).
 
 > [!IMPORTANT]
-> Certain services and features that are in specific regions of the global service might not be available in all of the National clouds. To find out what services are available go to [products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=all&regions=usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-iowa,usgov-texas,usgov-virginia,china-non-regional,china-east,china-east-2,china-north,china-north-2,germany-non-regional,germany-central,germany-northeast).
+> Certain services and features that are in specific regions of the global service might not be available in all of the national clouds. To find out what services are available, go to [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=all&regions=usgov-non-regional,us-dod-central,us-dod-east,usgov-arizona,usgov-iowa,usgov-texas,usgov-virginia,china-non-regional,china-east,china-east-2,china-north,china-north-2,germany-non-regional,germany-central,germany-northeast).
 
-Follow this [Microsoft Authentication Library (MSAL) tutorial](msal-national-cloud.md) to learn how to build an application using Microsoft identity platform. Specifically, this app will sign in a user, get an access token to call the Microsoft Graph API.
+To learn how to build an application by using the Microsoft identity platform, follow the [Microsoft Authentication Library (MSAL) tutorial](msal-national-cloud.md). Specifically, this app will sign in a user and get an access token to call the Microsoft Graph API.
 
 ## Next steps