Merge pull request #196710 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md

@@ -64,7 +64,7 @@ If you are already using Conditional Access to determine when users are prompted
 As users are migrated to cloud authentication, they will start using Azure AD MFA as defined by your existing Conditional Access policies. 
 They won’t be redirected to AD FS and MFA Server anymore.
 
-If your federated domain(s) have the [federatedIdpMfaBehavior](/graph/api/resources/federatedIdpMfaBehavior?view=graph-rest-beta) set to `enforceMfaByFederatedIdp` or **SupportsMfa** flag set to `$True` (the **federatedIdpMfaBehavior** overrides **SupportsMfa** when both are set), you are likely enforcing MFA on AD FS using claims rules. 
+If your federated domain(s) have the **federatedIdpMfaBehavior** set to `enforceMfaByFederatedIdp` or **SupportsMfa** flag set to `$True` (the **federatedIdpMfaBehavior** overrides **SupportsMfa** when both are set), you are likely enforcing MFA on AD FS using claims rules. 
 In this case, you will need to analyze your claims rules on the Azure AD relying party trust and create Conditional Access policies that support the same security goals.
 
 If you need to configure Conditional Access policies, you need to do so before enabling staged rollout. 
@@ -393,4 +393,4 @@ For more information on migrating applications to Azure, see [Resources for migr
 
 - [Migrate from Microsoft MFA Server to Azure multi-factor authentication (Overview)](how-to-migrate-mfa-server-to-azure-mfa.md)
 - [Migrate applications from Windows Active Directory to Azure Active Directory](../manage-apps/migrate-application-authentication-to-azure-active-directory.md)
-- [Plan your cloud authentication strategy](../fundamentals/active-directory-deployment-plans.md)
+- [Plan your cloud authentication strategy](../fundamentals/active-directory-deployment-plans.md)

articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa-with-federation.md

@@ -174,6 +174,7 @@ This section covers final steps before migrating user phone numbers.
 
 ### Set federatedIdpMfaBehavior to enforceMfaByFederatedIdp
 
+
 For federated domains, MFA may be enforced by Azure AD Conditional Access or by the on-premises federation provider. Each federated domain has a Microsoft Graph PowerShell security setting named **federatedIdpMfaBehavior**. You can set **federatedIdpMfaBehavior** to `enforceMfaByFederatedIdp` so Azure AD accepts MFA that's performed by the federated identity provider. If the federated identity provider didn't perform MFA, Azure AD redirects the request to the federated identity provider to perform MFA. For more information, see [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values).
 
 >[!NOTE]
@@ -418,9 +419,3 @@ Possible considerations when decommissions the MFA Servers include:
 - [Deploy password hash synchronization](../hybrid/whatis-phs.md)
 - [Learn more about Conditional Access](../conditional-access/overview.md)
 - [Migrate applications to Azure AD](../manage-apps/migrate-application-authentication-to-azure-active-directory.md)
-
- 
-
- 
-
-