Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into godonnell-update-gtd-portal-instructions

Author: garrodonnell

.openpublishing.redirection.active-directory.json

@@ -1185,6 +1185,11 @@
       "redirect_url": "/azure/role-based-access-control/change-history-report",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md",
+      "redirect_url": "/azure/active-directory/authentication/concept-mfa-licensing",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/conditional-access-azure-management.md",
       "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps",

.openpublishing.redirection.json

@@ -8767,6 +8767,11 @@
             "redirect_url": "/azure/developer/mobile-apps/azure-maps",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/azure-maps/choose-pricing-tier.md",
+            "redirect_url": "/azure/azure-maps/how-to-manage-pricing-tier",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/azure-maps/how-to-request-real-time-data.md",
             "redirect_url": "/azure/azure-maps",

.openpublishing.redirection.managed-grafana.json

@@ -0,0 +1,9 @@
+{
+    "redirections": [
+        {
+            "source_path_from_root": "/articles/managed-grafana/how-to-sync-teams-with-aad-groups.md",
+            "redirect_url": "/azure/managed-grafana/how-to-sync-teams-with-azure-ad-groups",
+            "redirect_document_id": false
+        }
+    ]
+}

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 09/06/2023
+ms.date: 09/13/2023
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/app-provisioning/inbound-provisioning-api-issues.md

@@ -40,10 +40,13 @@ This document covers commonly encountered errors and issues with inbound provisi
 
 **Probable causes**
 1. Your API-driven provisioning app is paused. 
-1. The provisioning service is yet to update the provisioning logs with the bulk request processing details. 
+1. The provisioning service is yet to update the provisioning logs with the bulk request processing details.
+2. Your On-premises provisioning agent status is inactive (If you are running the [/API-driven inbound user provisioning to on-premises Active Directory](https://go.microsoft.com/fwlink/?linkid=2245182)).
+
 
 **Resolution:**
 1. Verify that your provisioning app is running. If it isn't running, select the menu option **Start provisioning** to process the data.
+2. Turn your On-premises provisioning agent status to active by restarting the On-premise agent.
 1. Expect 5 to 10-minute delay between processing the request and writing to the provisioning logs. If your API client is sending data to the provisioning /bulkUpload API endpoint, then introduce a time delay between the request invocation and provisioning logs query. 
 
 ### Forbidden 403 response code 

articles/active-directory/authentication/concept-authentication-phone-options.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/12/2023
+ms.date: 08/23/2023
 
 ms.author: justinha
 author: justinha
@@ -19,9 +19,9 @@ ms.collection: M365-identity-device-management
 
 # Authentication methods in Azure Active Directory - phone options
 
-Microsoft recommends users move away from using text message or voice calls for multifactor authentication (MFA). Modern authentication methods like [Microsoft Authenticator](concept-authentication-authenticator-app.md) are a recommended alternative. For more information, see [It's Time to Hang Up on Phone Transports for Authentication](https://aka.ms/hangup). Users can still verify themselves using a mobile phone or office phone as secondary form of authentication used for multifactor authentication (MFA) or self-service password reset (SSPR).
+Microsoft recommends users move away from using text messages or voice calls for multifactor authentication (MFA). Modern authentication methods like [Microsoft Authenticator](concept-authentication-authenticator-app.md) are a recommended alternative. For more information, see [It's Time to Hang Up on Phone Transports for Authentication](https://aka.ms/hangup). Users can still verify themselves using a mobile phone or office phone as secondary form of authentication used for multifactor authentication (MFA) or self-service password reset (SSPR).
 
-You can [configure and enable users for SMS-based authentication](howto-authentication-sms-signin.md) for direct authentication using SMS. SMS sign-in is convenient for Frontline workers. With SMS sign-in, users don't need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface.
+You can [configure and enable users for SMS-based authentication](howto-authentication-sms-signin.md) for direct authentication using text message. Text messages are convenient for Frontline workers. With text messages, users don't need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface.
 
 >[!NOTE]
 >Phone call verification isn't available for Azure AD tenants with trial subscriptions. For example, if you sign up for a trial license Microsoft Enterprise Mobility and Security (EMS), phone call verification isn't available. Phone numbers must be provided in the format *+CountryCode PhoneNumber*, for example, *+1 4251234567*. There must be a space between the country/region code and the phone number.
@@ -46,10 +46,14 @@ Microsoft doesn't guarantee consistent text message or voice-based Azure AD Mult
 
 With text message verification during SSPR or Azure AD Multi-Factor Authentication, a text message is sent to the mobile phone number containing a verification code. To complete the sign-in process, the verification code provided is entered into the sign-in interface. 
 
-Android users can enable Rich Communication Services (RCS) on their devices. RCS offers encryption and other improvements over Simple Message Service (SMS). For Android, MFA text messages may be sent over RCS rather than SMS. The experience is similar to text message, but RCS messages have more Microsoft branding and a verified checkmark so users know they can trust the message.
+Text messages can be sent over channels such as Short Message Service (SMS), Rich Communication Services (RCS), or WhatsApp.
+
+Android users can enable RCS on their devices. RCS offers encryption and other improvements over SMS. For Android, MFA text messages may be sent over RCS rather than SMS. The MFA text message is similar to SMS, but RCS messages have more Microsoft branding and a verified checkmark so users know they can trust the message.
 
 :::image type="content" source="media/concept-authentication-methods/brand.png" alt-text="Screenshot of Microsoft branding in RCS messages.":::
 
+Some users with phone numbers that have country codes belonging to India, Indonesia and New Zealand may receive their verification codes via WhatsApp. Like RCS, these messages are similar to SMS, but have more Microsoft branding and a verified checkmark. Only users that have WhatsApp will receive verification codes via this channel. To determine whether a user has WhatsApp, we silently attempt delivering them a message via the app using the phone number they already registered for text message verification and see if it's successfully delivered. If users don't have any internet connectivity or uninstall WhatsApp, they'll receive their verification codes via SMS. The phone number associated with Microsoft's WhatsApp Business Agent is: *+1 (217) 302 1989*.
+
 ### Phone call verification
 
 With phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad.
@@ -78,13 +82,13 @@ If you have problems with phone authentication for Azure AD, review the followin
    * Ensure that the user has their phone turned on and that service is available in their area, or use alternate method.
 * User is blocked
    * Have an Azure AD administrator unblock the user in the Azure portal.
-* text message is not subscribed on the device.
-   * Have the user change methods or activate text message on the device.
-* Faulty telecom providers such as no phone input detected, missing DTMF tones issues, blocked caller ID on multiple devices, or blocked text messages across multiple devices.
-   * Microsoft uses multiple telecom providers to route phone calls and text messages for authentication. If you see any of the above issues, have a user attempt to use the method at least five times within 5 minutes and have that user's information available when contacting Microsoft support.
+* Text messaging platforms like SMS, RCS, or WhatsApp aren't subscribed on the device.
+   * Have the user change methods or activate a text messaging platform on the device.
+* Faulty telecom providers, such as when no phone input is detected, missing DTMF tones issues, blocked caller ID on multiple devices, or blocked text messages across multiple devices.
+   * Microsoft uses multiple telecom providers to route phone calls and text messages for authentication. If you see any of these issues, have a user attempt to use the method at least five times within 5 minutes and have that user's information available when contacting Microsoft support.
 *  Poor signal quality.
    * Have the user attempt to log in using a wi-fi connection by installing the Authenticator app.
-   * Or, use text message authentication instead of phone (voice) authentication.
+   * Or use a text message instead of phone (voice) authentication.
 
 * Phone number is blocked and unable to be used for Voice MFA 
 

articles/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive.md

@@ -79,17 +79,17 @@ Azure AD CBA is an MFA (Multi factor authentication) capable method, that is Azu
 If CBA enabled user only has a Single Factor (SF) certificate and need MFA
    1. Use Password + SF certificate.
    1. Issue Temporary Access Pass (TAP)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user.
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user.
 
 If CBA enabled user has not yet been issued a certificate and need MFA
    1. Issue Temporary Access Pass (TAP)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user.
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user.
 
 If CBA enabled user cannot use MF cert (such as on mobile device without smart card support) and need MFA
    1. Issue Temporary Access Pass (TAP)
    1. User Register another MFA method (when user can use MF cert)
    1. Use Password + MF cert (when user can use MF cert)
-   1. Admin adds Phone Number to user account and allows Voice/SMS method for user
+   1. Admin adds Phone Number to user account and allows Voice/text message method for user
 
 
 ## MFA with Single-factor certificate-based authentication

articles/active-directory/authentication/concept-certificate-based-authentication.md

@@ -51,7 +51,7 @@ The following images show how Azure AD CBA simplifies the customer environment b
 The following scenarios are supported:
 
 - User sign-ins to web browser-based applications on all platforms.
-- User sign-ins to Office mobile apps, including Outlook, OneDrive, and so on.
+- User sign-ins to Office mobile apps on iOS/Android platforms as well as Office native apps in Windows, including Outlook, OneDrive, and so on.
 - User sign-ins on mobile native browsers.
 - Support for granular authentication rules for multifactor authentication by using the certificate issuer **Subject** and **policy OIDs**.
 - Configuring certificate-to-user account bindings by using any of the certificate fields:

articles/active-directory/authentication/concept-mfa-licensing.md

@@ -44,7 +44,7 @@ The following table provides a list of the features that are available in the va
 | Protect Azure AD tenant admin accounts with MFA | ● | ● (*Azure AD Global Administrator* accounts only) | ● | ● | ● |
 | Mobile app as a second factor | ● | ● | ● | ● | ● |
 | Phone call as a second factor | | | ● | ● | ● |
-| SMS as a second factor | | ● | ● | ● | ● |
+| Text message as a second factor | | ● | ● | ● | ● |
 | Admin control over verification methods | | ● | ● | ● | ● |
 | Fraud alert | | | | ● | ● |
 | MFA Reports | | | | ● | ● |
@@ -70,7 +70,7 @@ Our recommended approach to enforce MFA is using [Conditional Access](../conditi
 | Configuration flexibility | | ● |  |
 | **Functionality** | 
 | Exempt users from the policy | | ● | ● |
-| Authenticate by phone call or SMS | ● | ● | ● |
+| Authenticate by phone call or text message | ● | ● | ● |
 | Authenticate by Microsoft Authenticator and Software tokens | ● | ● | ● |
 | Authenticate by FIDO2, Windows Hello for Business, and Hardware tokens | | ● | ● |
 | Blocks legacy authentication protocols | ● | ● | ● |

articles/active-directory/authentication/concept-mfa-regional-opt-in.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/11/2023
+ms.date: 09/12/2023
 
 author: aloom3
 ms.author: justinha
@@ -24,12 +24,12 @@ As a protection for our customers, Microsoft doesn't automatically support telep
 
 In today's digital world, telecommunication services have become ingrained into our lives. But advancements come with a risk of fraudulent activities. International Revenue Share Fraud (IRSF) is a threat with severe financial implications that also makes using services more difficult. Let's look at IRSF fraud more in-depth.  
 
-IRSF is a type of telephony fraud where criminals exploit the billing system of telecommunication services providers to make profit for themselves. Bad actors gain unauthorized access to a telecommunication network and divert traffic to those networks to skim profit for every transaction that is sent to that network. To divert traffic, bad actors steal existing usernames and passwords, create new usernames and passwords, or try a host of other things to send SMS messages and voice calls through their telecommunication network. Bad actors take advantage of multifactor authentication screens, which require an SMS or voice call before a user can access their account. This activity causes exorbitant charges and makes services unreliable for our customers, causing downtime, and system errors.  
+IRSF is a type of telephony fraud where criminals exploit the billing system of telecommunication services providers to make profit for themselves. Bad actors gain unauthorized access to a telecommunication network and divert traffic to those networks to skim profit for every transaction that is sent to that network. To divert traffic, bad actors steal existing usernames and passwords, create new usernames and passwords, or try a host of other things to send text message messages and voice calls through their telecommunication network. Bad actors take advantage of multifactor authentication screens, which require a text message or voice call before a user can access their account. This activity causes exorbitant charges and makes services unreliable for our customers, causing downtime, and system errors.  
 
 Here's how an IRSF attack may happen:  
 
 1. A bad actor first gets premium rate phone numbers and registers them.  
-1. A bad actor uses automated scripts to request voice calls or SMS messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services. The bad actor skims some of the profits of the increased traffic.  
+1. A bad actor uses automated scripts to request voice calls or text messages. The bad actor is colluding with number providers and the telecommunication network to drive more traffic to those services. The bad actor skims some of the profits of the increased traffic.  
 1. A bad actor will hop around different region codes to continue to drive traffic and make it hard for them to get caught.  
 
 The most common way to conduct IRSF is through an end-user experience that requires a two-factor authentication code. Bad actors add those premium rate phone numbers and pump traffic to them by requesting two-factor authentication codes. This activity results in revenue-skimming, and can lead to billions of dollars in loss.  
@@ -46,7 +46,7 @@ For SMS verification, the following region codes require an opt-in.
 | 998         |  Uzbek                                         |
 
 ## Voice verification
-For Voice verification, the following region codes require an opt-in.
+For voice verification, the following region codes require an opt-in.
 
 | Region Code | Region Name                                    |
 |:----------- |:---------------------------------------------- |