Merge pull request #216808 from shlipsey3/reports-metadata-updates-110122

troubleshooting-workbooks-updates

Author: ShannonLeavitt

articles/active-directory/reports-monitoring/troubleshoot-audit-data-verified-domain.md

@@ -3,32 +3,29 @@
 title: 'Troubleshoot audit data of verified domain change  | Microsoft Docs'
 description: Provides you with information that will appear in the Azure Active Directory activity logs when you change a users verified domain.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
 ms.service: active-directory
 ms.topic: troubleshooting
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.collection: M365-identity-device-management
 ---
 
 # Troubleshoot: Audit data on verified domain change 
 
 
-## I have a lot of changes to my users and I am not sure what the cause of it is.
+## I have a lot of changes to my users and I'm not sure what the cause of it is.
 
 ### Symptoms
 
-I check the Azure AD audit logs, and see multiple user updates occurring in my Azure AD tenant. These **Update User** events do not display **Actor** information, which causes uncertainty as to what/who triggered the mass changes to users. 
+I check the Azure AD audit logs, and see multiple user updates occurring in my Azure AD tenant. These **Update User** events don't display **Actor** information, which causes uncertainty as to what/who triggered the mass changes to users. 
 
 ### Cause
 
- A common reason behind mass object changes is a non-synchronous backend operation called **ProxyCalc**.  **ProxyCalc** is the logic that determines the appropriate **UserPrincipalName** and **Proxy Addresses**, that are updated in Azure AD users, groups or contacts. The design behind **ProxyCalc** is to ensure that all **UserPrincipalName** and **Proxy Addresses** are consistent in Azure AD at any time. **ProxyCalc** must be triggered by an explicit change like a verified domain change and does not perpetually run in the background as a task. 
+ A common reason behind mass object changes is a non-synchronous backend operation called **ProxyCalc**.  **ProxyCalc** is the logic that determines the appropriate **UserPrincipalName** and **Proxy Addresses** that are updated in Azure AD users, groups, or contacts. The design behind **ProxyCalc** is to ensure that all **UserPrincipalName** and **Proxy Addresses** are consistent in Azure AD at any time. **ProxyCalc** must be triggered by an explicit change like a verified domain change and doesn't perpetually run in the background as a task. 
 
 
 
@@ -54,17 +51,17 @@ One of the admin tasks that could trigger **ProxyCalc** is whenever there’s a
 
 For example, if you add a verified domain Fabrikam.com to your Contoso.onmicrosoft.com tenant, this action will trigger a ProxyCalc operation on all objects in the tenant. This event will be captured in the Azure AD Audit logs as **Update User** events preceded by an **Add verified domain** event. On the other hand, if Fabrikam.com was removed from the Contoso.onmicrosoft.com tenant, then all the **Update User** events will be preceded by a **Remove verified domain** event.   
 
-#### Additional notes:
+#### Notes:
 
-ProxyCalc does not cause changes to certain objects that: 
+ProxyCalc doesn't cause changes to certain objects that: 
 
-- do not have an active Exchange license 
+- don't have an active Exchange license 
 - have **MSExchRemoteRecipientType** set to Null 
-- are not considered a shared resource. Shared Resource is when **CloudMSExchRecipientDisplayType** contains one of the following values: **MailboxUser (shared)**, **PublicFolder**, **ConferenceRoomMailbox**, **EquipmentMailbox**, **ArbitrationMailbox**, **RoomList**, **TeamMailboxUser**, **Group mailbox**, **Scheduling mailbox**, **ACLableMailboxUser**, **ACLableTeamMailboxUser** 
+- aren't considered a shared resource. Shared Resource is when **CloudMSExchRecipientDisplayType** contains one of the following values: **MailboxUser (shared)**, **PublicFolder**, **ConferenceRoomMailbox**, **EquipmentMailbox**, **ArbitrationMailbox**, **RoomList**, **TeamMailboxUser**, **Group mailbox**, **Scheduling mailbox**, **ACLableMailboxUser**, **ACLableTeamMailboxUser** 
 
  In order to build more correlation between these two disparate events, Microsoft is working on updating the **Actor** info in the audit logs to identify these changes as triggered by a verified domain change. This action will help check when the verified domain change event took place and started to mass update the objects in their tenant. 
 
-Additionally, in most cases, there are no changes to users as their **UserPrincipalName** and **Proxy Addresses** are consistent, so we are working to display in Audit Logs only those updates that caused an actual change to the object. This action will prevent noise in the audit logs and help admins correlate the remaining user changes to verified domain change event as explained above. 
+Additionally, in most cases, there are no changes to users as their **UserPrincipalName** and **Proxy Addresses** are consistent, so we're working to display in Audit Logs only those updates that caused an actual change to the object. This action will prevent noise in the audit logs and help admins correlate the remaining user changes to verified domain change event as explained above. 
 
 ## Next Steps
 

articles/active-directory/reports-monitoring/troubleshoot-graph-api.md

@@ -3,19 +3,14 @@
 title: 'Troubleshoot errors in Azure Active Directory reporting API | Microsoft Docs'
 description: Provides you with a resolution to errors while calling Azure Active Directory Reporting APIs.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 0030c5a4-16f0-46f4-ad30-782e7fea7e40
 ms.service: active-directory
 ms.topic: troubleshooting
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.reviewer: dhanyahk
 
 ms.collection: M365-identity-device-management
@@ -37,7 +32,7 @@ Accessing sign-in reports requires an Azure Active Directory premium 1 (P1) lice
 
 If you see this error message while trying to access audit logs or sign-ins using the API, make sure that your account is part of the **Security Reader** or **Report Reader** role in your Azure Active Directory tenant. 
 
-### Error: Application missing AAD 'Read directory data' permission 
+### Error: Application missing Azure AD 'Read directory data' permission 
 
 Follow the steps in the [Prerequisites to access the Azure Active Directory reporting API](howto-configure-prerequisites-for-reporting-api.md) to ensure your application is running with the right set of permissions. 
 

articles/active-directory/reports-monitoring/troubleshoot-missing-audit-data.md

@@ -3,19 +3,14 @@
 title: 'Troubleshoot Missing data in activity logs  | Microsoft Docs'
 description: Provides you with a resolution to missing data in Azure Active Directory activity logs.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: 7cbe4337-bb77-4ee0-b254-3e368be06db7
 ms.service: active-directory
 ms.topic: troubleshooting
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.reviewer: dhanyahk
 
 ms.collection: M365-identity-device-management
@@ -27,7 +22,7 @@ ms.collection: M365-identity-device-management
 
 ### Symptoms
 
-I performed some actions in the Azure portal and expected to see the audit logs for those actions in the `Activity logs > Audit Logs` blade, but I can’t find them.
+I performed some actions in the Azure portal and expected to see the audit logs for those actions in the `Activity logs > Audit Logs`, but I can’t find them.
 
  ![Screenshot shows Audit Log entries.](./media/troubleshoot-missing-audit-data/01.png)
 
@@ -42,13 +37,13 @@ Actions don’t appear immediately in the activity logs. The table below enumera
 
 ### Resolution
 
-Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
+Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, [file a support request,](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we'll look into it.
 
 ## I can’t find recent user sign-ins in the Azure Active Directory sign-ins activity log
 
 ### Symptoms
 
-I recently signed into the Azure portal and expected to see the sign-in logs for those actions in the `Activity logs > Sign-ins` blade, but I can’t find them.
+I recently signed into the Azure portal and expected to see the sign-in logs for those actions in the `Activity logs > Sign-ins`, but I can’t find them.
 
  ![Screenshot shows Sign-ins in the Activity log.](./media/troubleshoot-missing-audit-data/02.png)
 
@@ -63,7 +58,7 @@ Actions don’t appear immediately in the activity logs. The table below enumera
 
 ### Resolution
 
-Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, please [file a support ticket](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we will look into it.
+Wait for 15 minutes to two hours and see if the actions appear in the log. If you don’t see the logs even after two hours, [file a support request,](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest) and we'll look into it.
 
 ## I can't view more than 30 days of report data in the Azure portal
 
@@ -80,7 +75,7 @@ Depending on your license, Azure Active Directory Actions stores activity report
 | Report           | Azure AD Free | Azure AD Premium P1 | Azure AD Premium P2 |
 | ---              | ---           | ---                 | ---                 |
 | Directory Audit  |  7 days       | 30 days             | 30 days             |
-| Sign-in Activity | Not available. You can access your own sign-ins for 7 days from the individual user profile blade | 30 days | 30 days             |
+| Sign-in Activity | Not available. You can access your own sign-ins for 7 days from the individual user profile | 30 days | 30 days             |
 
 For more information, see [Azure Active Directory report retention policies](reference-reports-data-retention.md).  
 

articles/active-directory/reports-monitoring/troubleshoot-missing-data-download.md

@@ -3,19 +3,14 @@
 title: 'Troubleshooting: Missing data in the downloaded activity logs | Microsoft Docs'
 description: Provides you with a resolution to missing data in downloaded Azure Active Directory activity logs.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
-ms.assetid: ffce7eb1-99da-4ea7-9c4d-2322b755c8ce
 ms.service: active-directory
 ms.topic: troubleshooting
-ms.tgt_pltfrm: na
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.reviewer: dhanyahk
 
 ms.collection: M365-identity-device-management
@@ -35,7 +30,7 @@ When you download activity logs in the Azure portal, we limit the scale to 250,0
 
 ## Resolution
 
-You can leverage [Azure AD Reporting APIs](concept-reporting-api.md) to fetch up to a million records at any given point.
+You can use [Azure AD Reporting APIs](concept-reporting-api.md) to fetch up to a million records at any given point.
 
 ## Next steps
 

articles/active-directory/reports-monitoring/workbook-authentication-prompts-analysis.md

@@ -3,17 +3,14 @@
 title: Authentication prompts analysis workbook in Azure AD | Microsoft Docs
 description: Learn how to use the authentication prompts analysis workbook.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.reviewer: sarbar 
 
 ms.collection: M365-identity-device-management
@@ -33,7 +30,7 @@ This article provides you with an overview of this workbook.
 
 Have you recently heard of complaints from your users about getting too many authentication prompts?
 
-Over prompting users impacts your user's productivity and often leads users getting phished for MFA. To be clear, MFA is essential! We are not talking about if you should require MFA but how frequently you should prompt your users.
+Overprompting users can affect your user's productivity and often leads users getting phished for MFA. To be clear, MFA is essential! We are not talking about if you should require MFA but how frequently you should prompt your users.
 
 Typically, this scenario is caused by:
 
@@ -77,7 +74,7 @@ In many environments, the most used apps are business productivity apps. Anythin
 
 ![Authentication prompts by application](./media/workbook-authentication-prompts-analysis/authentication-prompts-by-application.png)
 
-The prompts by application list-view shows additional information such as timestamps, and request IDs that help with investigations.
+The prompts by application list view shows additional information such as timestamps, and request IDs that help with investigations.
 
 Additionally, you get a summary of the average and median prompts count for your tenant. 
 
@@ -106,7 +103,7 @@ Filtering for a specific user that has many authentication requests or only show
 ## Best practices
 
 
-If data isn't showing up or seems to be showing up incorrectly, please confirm that you have set the **Log Analytics Workspace** and **Subscriptions** on the proper resources.
+If data isn't showing up or seems to be showing up incorrectly, confirm that you have set the **Log Analytics Workspace** and **Subscriptions** on the proper resources.
 
 
 ![Set workspace and subscriptions](./media/workbook-authentication-prompts-analysis/workspace-and-subscriptions.png)
@@ -120,9 +117,9 @@ If the visuals are taking too much time to load, try reducing the Time filter to
 
 ## Next steps
 
-- To understand more about the different policies that impact MFA prompts, see [Optimize reauthentication prompts and understand session lifetime for Azure AD Multi-Factor Authentication](../authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md). 
+- To understand more about the different policies that affect MFA prompts, see [Optimize reauthentication prompts and understand session lifetime for Azure AD Multi-Factor Authentication](../authentication/concepts-azure-multi-factor-authentication-prompts-session-lifetime.md). 
 
-- To learn more about the different vulnerabilities of different MFA methods, see [All your creds are belong to us!](https://aka.ms/allyourcreds).
+- To learn more about the different vulnerabilities of different MFA methods, see [All your creds belong to us!](https://aka.ms/allyourcreds).
 
 - To learn how to move users from telecom-based methods to the Authenticator app, see [How to run a registration campaign to set up Microsoft Authenticator - Microsoft Authenticator app](../authentication/how-to-mfa-registration-campaign.md).
 

articles/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer.md

@@ -3,17 +3,14 @@
 title: Conditional access gap analyzer workbook in  Azure AD | Microsoft Docs
 description: Learn how to use the conditional access gap analyzer workbook.
 services: active-directory
-documentationcenter: ''
-author: MarkusVi
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: markvi
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 ms.reviewer: sarbar 
 
 ms.collection: M365-identity-device-management
@@ -49,11 +46,11 @@ The workbook has four sections:
 
 - Users signing in using legacy authentication 
 
-- Number of sign-ins by applications that are not impacted by conditional access policies 
+- Number of sign-ins by applications that aren't impacted by conditional access policies 
 
 - High risk sign-in events bypassing conditional access policies 
 
-- Number of sign-ins by location that were not affected by conditional access policies 
+- Number of sign-ins by location that weren't affected by conditional access policies 
 
 
 ![Conditional access coverage by location](./media/workbook-conditional-access-gap-analyzer/conditianal-access-by-location.png)

articles/active-directory/reports-monitoring/workbook-cross-tenant-access-activity.md

@@ -3,17 +3,14 @@
 title: Cross-tenant access activity workbook in Azure AD | Microsoft Docs
 description: Learn how to use the cross-tenant access activity workbook.
 services: active-directory
-documentationcenter: ''
-author: msmimart
+author: shlipsey3
 manager: amycolannino
-editor: ''
-
 ms.service: active-directory
 ms.topic: reference
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/26/2022
-ms.author: mimart
+ms.date: 11/01/2022
+ms.author: sarahlipsey
 
 ms.collection: M365-identity-device-management
 ---