Merge pull request #216630 from shlipsey3/recommendations-individual-updates-101822

Recommendations updates 101822

Author: v-stsavell

articles/active-directory/reports-monitoring/recommendation-integrate-third-party-apps.md

@@ -2,60 +2,47 @@
 title: Azure Active Directory recommendation - Integrate third party apps with Azure AD | Microsoft Docs
 description: Learn why you should integrate third party apps with Azure AD
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
 
-ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/31/2022
+ms.author: sarahlipsey
 ms.reviewer: hafowler
 
 ms.collection: M365-identity-device-management
 ---
 
-# Azure AD recommendation: Integrate your third party apps 
+# Azure AD recommendation: Integrate third party apps 
 
-[Azure AD recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
-
-This article covers the recommendation to integrate third party apps. 
+[Azure Active Directory (Azure AD) recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
 
+This article covers the recommendation to integrate your third party apps with Azure AD. 
 
 ## Description
 
-As an Azure AD admin responsible for managing applications, you want to use the Azure AD security features with your third party apps. Integrating these apps into Azure AD enables:
-
-- You to use one unified method to manage access to your third party apps.
-- Your users to benefit from using single sign-on to access all your apps with a single password.
-
+As an Azure AD admin responsible for managing applications, you want to use the Azure AD security features with your third party apps. Integrating these apps into Azure AD enables you to use one unified method to manage access to your third party apps. Your users also benefit from using single sign-on to access all your apps with a single password.
 
-## Logic 
-
-If Azure AD determines that none of your users are using Azure AD to authenticate to your third party apps, this recommendation shows up.
+If Azure AD determines that none of your users are using Azure AD to authenticate to your third party apps, this recommendation shows up. 
 
 ## Value 
 
-Integrating third party apps with Azure AD allows you to use Azure AD's security features.
-The integration:
+Integrating third party apps with Azure AD allows you to utilize the core identity and access features provided by Azure AD. Manage access, single sign-on, and other properties. Add an extra security layer by using [Conditional Access](../conditional-access/overview.md) to control how your users can access your apps.
+
+Integrating third party apps with Azure AD:
 - Improves the productivity of your users.
 
 - Lowers your app management cost.
 
-You can then add an extra security layer by using conditional access to control how your users can access your apps.
-
 ## Action plan
 
 1. Review the configuration of your apps. 
-2. For each app that isn't integrated into Azure AD yet, verify whether an integration is possible.
+2. For each app that isn't integrated into Azure AD, verify whether an integration is possible.
 
 
 ## Next steps
 
-- [Tutorials for integrating SaaS applications with Azure Active Directory](../saas-apps/tutorial-list.md)
-- [Azure AD reports overview](overview-reports.md)
+- [Explore tutorials for integrating SaaS applications with Azure AD](../saas-apps/tutorial-list.md)

articles/active-directory/reports-monitoring/recommendation-mfa-from-known-devices.md

@@ -2,19 +2,14 @@
 title: Azure Active Directory recommendation - Minimize MFA prompts from known devices in Azure AD | Microsoft Docs
 description: Learn why you should minimize MFA prompts from known devices in Azure AD.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/31/2022
+ms.author: sarahlipsey
 ms.reviewer: hafowler
 
 ms.collection: M365-identity-device-management
@@ -30,7 +25,7 @@ This article covers the recommendation to convert minimize multi-factor authenti
 
 ## Description
 
-As an admin, you want to maintain security for my company’s resources, but you also want your employees to easily access resources as needed.
+As an admin, you want to maintain security for your company’s resources, but you also want your employees to easily access resources as needed.
 
 MFA enables you to enhance the security posture of your tenant. While enabling MFA is a good practice, you should try to keep the number of MFA prompts your users have to go through at a minimum. One option you have to accomplish this goal is to **allow users to remember multi-factor authentication on devices they trust**.
 

articles/active-directory/reports-monitoring/recommendation-migrate-apps-from-adfs-to-azure-ad.md

@@ -2,19 +2,14 @@
 title: Azure Active Directory recommendation - Migrate apps from ADFS to Azure AD in Azure AD | Microsoft Docs
 description: Learn why you should migrate apps from ADFS to Azure AD in Azure AD
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/31/2022
+ms.author: sarahlipsey
 ms.reviewer: hafowler
 
 ms.collection: M365-identity-device-management
@@ -25,7 +20,7 @@ ms.collection: M365-identity-device-management
 [Azure AD recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
 
 
-This article covers the recommendation to migrate apps from ADFS to Azure AD. 
+This article covers the recommendation to migrate apps from ADFS to Azure Active Directory (Azure AD). 
 
 
 ## Description

articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md

@@ -2,19 +2,14 @@
 title: Azure Active Directory recommendation - Migrate to Microsoft authenticator | Microsoft Docs
 description: Learn why you should migrate your users to the Microsoft authenticator app in Azure AD.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/31/2022
+ms.author: sarahlipsey
 ms.reviewer: hafowler
 
 ms.collection: M365-identity-device-management

articles/active-directory/reports-monitoring/recommendation-turn-off-per-user-mfa.md

@@ -2,63 +2,54 @@
 title: Azure Active Directory recommendation - Turn off per user MFA in Azure AD | Microsoft Docs
 description: Learn why you should turn off per user MFA in Azure AD
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
 
-ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
 ms.service: active-directory
 ms.topic: reference
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 10/31/2022
+ms.author: sarahlipsey
 ms.reviewer: hafowler
 
 ms.collection: M365-identity-device-management
 ---
 
-# Azure AD recommendation: Turn off per user MFA 
+# Azure AD recommendation: Convert per-user MFA to Conditional Access MFA
 
 [Azure AD recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
 
-
-This article covers the recommendation to turn off per user MFA. 
-
+This article covers the recommendation to convert per-user Multi-factor authentication (MFA) accounts to Conditional Access (CA) MFA accounts. 
 
 ## Description
 
-As an admin, you want to maintain security for my company’s resources, but you also want your employees to easily access resources as needed.
-
-Multi-factor authentication (MFA) enables you to enhance the security posture of your tenant. In your tenant, you can enable MFA on a per-user basis. In this scenario, your users perform MFA each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remember MFA on trusted devices feature is turned on). 
-
-While enabling MFA is a good practice, you can reduce the number of times your users are prompted for MFA by converting per-user MFA to MFA based on conditional access.   
-
+As an admin, you want to maintain security for your company’s resources, but you also want your employees to easily access resources as needed. MFA enables you to enhance the security posture of your tenant.
 
-## Logic 
+In your tenant, you can enable MFA on a per-user basis. In this scenario, your users perform MFA each time they sign in, with some exceptions, such as when they sign in from trusted IP addresses or when the remember MFA on trusted devices feature is turned on. While enabling MFA is a good practice, converting per-user MFA to MFA based on [Conditional Access](../conditional-access/overview.md) can reduce the number of times your users are prompted for MFA.
 
-This recommendation shows up, if:
+This recommendation shows up if:
 
-- You have per-user MFA configured for at least 5% of your users
-- Conditional access policies are active for more than 1% of your users (indicating familiarity with CA policies).
+- You have per-user MFA configured for at least 5% of your users.
+- Conditional Access policies are active for more than 1% of your users (indicating familiarity with CA policies).
 
 ## Value 
 
-This recommendation improves your user's productivity and minimizes the sign-in time with fewer MFA prompts. Ensure that your most sensitive resources can have the tightest controls, while your least sensitive resources can be more freely accessible.
+This recommendation improves your user's productivity and minimizes the sign-in time with fewer MFA prompts. CA and MFA used together help ensure that your most sensitive resources can have the tightest controls, while your least sensitive resources can be more freely accessible.
 
 ## Action plan
 
-1. To get started, confirm that there's an existing conditional access policy with an MFA requirement. Ensure that you're covering all resources and users you would like to secure with MFA. Review your [conditional access policies](https://portal.azure.com/?Microsoft_AAD_IAM_enableAadvisorFeaturePreview=true&amp%3BMicrosoft_AAD_IAM_enableAadvisorFeature=true#blade/Microsoft_AAD_IAM/PoliciesTemplateBlade).
+1. Confirm that there's an existing CA policy with an MFA requirement. Ensure that you're covering all resources and users you would like to secure with MFA.
+    - Review your [Conditional Access policies](https://portal.azure.com/?Microsoft_AAD_IAM_enableAadvisorFeaturePreview=true&amp%3BMicrosoft_AAD_IAM_enableAadvisorFeature=true#blade/Microsoft_AAD_IAM/PoliciesTemplateBlade).
 
-2.	To require MFA using a conditional access policy, follow the steps in [Secure user sign-in events with Azure AD Multi-Factor Authentication](../authentication/tutorial-enable-azure-mfa.md).
+2.	Require MFA using a Conditional Access policy.
+    - [Secure user sign-in events with Azure AD Multi-Factor Authentication](../authentication/tutorial-enable-azure-mfa.md).
 
 3. Ensure that the per-user MFA configuration is turned off. 
 
- 
+After all users have been migrated to CA MFA accounts, the recommendation status automatically updates the next time the service runs. Continue to review your CA policies to improve the overall health of your tenant.
 
 ## Next steps
 
-- [Tutorials for integrating SaaS applications with Azure Active Directory](../saas-apps/tutorial-list.md)
-- [Azure AD reports overview](overview-reports.md)
+- [Learn about requiring MFA for all users using Conditional Access](../conditional-access/howto-conditional-access-policy-all-users-mfa.md)
+- [View the MFA CA policy tutorial](../authentication/tutorial-enable-azure-mfa.md)

articles/active-directory/reports-monitoring/toc.yml

@@ -145,7 +145,7 @@
 
 - name: Recommendations
   items:
-    - name: Convert to conditional access MFA
+    - name: Convert to Conditional Access MFA
       href: recommendation-turn-off-per-user-mfa.md
     - name: Integrate your third party apps
       href: recommendation-integrate-third-party-apps.md