Merge pull request #251357 from MicrosoftDocs/main

9/13/2023 PM Publish

Author: Taojunshen

.openpublishing.redirection.active-directory.json

@@ -1185,6 +1185,11 @@
       "redirect_url": "/azure/role-based-access-control/change-history-report",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/active-directory/fundamentals/concept-fundamentals-mfa-get-started.md",
+      "redirect_url": "/azure/active-directory/authentication/concept-mfa-licensing",
+      "redirect_document_id": true
+    },
     {
       "source_path_from_root": "/articles/active-directory/conditional-access-azure-management.md",
       "redirect_url": "/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps",

articles/active-directory/authentication/concept-authentication-phone-options.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: conceptual
-ms.date: 09/12/2023
+ms.date: 08/23/2023
 
 ms.author: justinha
 author: justinha
@@ -19,9 +19,9 @@ ms.collection: M365-identity-device-management
 
 # Authentication methods in Azure Active Directory - phone options
 
-Microsoft recommends users move away from using text message or voice calls for multifactor authentication (MFA). Modern authentication methods like [Microsoft Authenticator](concept-authentication-authenticator-app.md) are a recommended alternative. For more information, see [It's Time to Hang Up on Phone Transports for Authentication](https://aka.ms/hangup). Users can still verify themselves using a mobile phone or office phone as secondary form of authentication used for multifactor authentication (MFA) or self-service password reset (SSPR).
+Microsoft recommends users move away from using text messages or voice calls for multifactor authentication (MFA). Modern authentication methods like [Microsoft Authenticator](concept-authentication-authenticator-app.md) are a recommended alternative. For more information, see [It's Time to Hang Up on Phone Transports for Authentication](https://aka.ms/hangup). Users can still verify themselves using a mobile phone or office phone as secondary form of authentication used for multifactor authentication (MFA) or self-service password reset (SSPR).
 
-You can [configure and enable users for SMS-based authentication](howto-authentication-sms-signin.md) for direct authentication using SMS. SMS sign-in is convenient for Frontline workers. With SMS sign-in, users don't need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface.
+You can [configure and enable users for SMS-based authentication](howto-authentication-sms-signin.md) for direct authentication using text message. Text messages are convenient for Frontline workers. With text messages, users don't need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface.
 
 >[!NOTE]
 >Phone call verification isn't available for Azure AD tenants with trial subscriptions. For example, if you sign up for a trial license Microsoft Enterprise Mobility and Security (EMS), phone call verification isn't available. Phone numbers must be provided in the format *+CountryCode PhoneNumber*, for example, *+1 4251234567*. There must be a space between the country/region code and the phone number.
@@ -46,10 +46,14 @@ Microsoft doesn't guarantee consistent text message or voice-based Azure AD Mult
 
 With text message verification during SSPR or Azure AD Multi-Factor Authentication, a text message is sent to the mobile phone number containing a verification code. To complete the sign-in process, the verification code provided is entered into the sign-in interface. 
 
-Android users can enable Rich Communication Services (RCS) on their devices. RCS offers encryption and other improvements over Simple Message Service (SMS). For Android, MFA text messages may be sent over RCS rather than SMS. The experience is similar to text message, but RCS messages have more Microsoft branding and a verified checkmark so users know they can trust the message.
+Text messages can be sent over channels such as Short Message Service (SMS), Rich Communication Services (RCS), or WhatsApp.
+
+Android users can enable RCS on their devices. RCS offers encryption and other improvements over SMS. For Android, MFA text messages may be sent over RCS rather than SMS. The MFA text message is similar to SMS, but RCS messages have more Microsoft branding and a verified checkmark so users know they can trust the message.
 
 :::image type="content" source="media/concept-authentication-methods/brand.png" alt-text="Screenshot of Microsoft branding in RCS messages.":::
 
+Some users with phone numbers that have country codes belonging to India, Indonesia and New Zealand may receive their verification codes via WhatsApp. Like RCS, these messages are similar to SMS, but have more Microsoft branding and a verified checkmark. Only users that have WhatsApp will receive verification codes via this channel. To determine whether a user has WhatsApp, we silently attempt delivering them a message via the app using the phone number they already registered for text message verification and see if it's successfully delivered. If users don't have any internet connectivity or uninstall WhatsApp, they'll receive their verification codes via SMS. The phone number associated with Microsoft's WhatsApp Business Agent is: *+1 (217) 302 1989*.
+
 ### Phone call verification
 
 With phone call verification during SSPR or Azure AD Multi-Factor Authentication, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad.
@@ -78,13 +82,13 @@ If you have problems with phone authentication for Azure AD, review the followin
    * Ensure that the user has their phone turned on and that service is available in their area, or use alternate method.
 * User is blocked
    * Have an Azure AD administrator unblock the user in the Azure portal.
-* text message is not subscribed on the device.
-   * Have the user change methods or activate text message on the device.
-* Faulty telecom providers such as no phone input detected, missing DTMF tones issues, blocked caller ID on multiple devices, or blocked text messages across multiple devices.
-   * Microsoft uses multiple telecom providers to route phone calls and text messages for authentication. If you see any of the above issues, have a user attempt to use the method at least five times within 5 minutes and have that user's information available when contacting Microsoft support.
+* Text messaging platforms like SMS, RCS, or WhatsApp aren't subscribed on the device.
+   * Have the user change methods or activate a text messaging platform on the device.
+* Faulty telecom providers, such as when no phone input is detected, missing DTMF tones issues, blocked caller ID on multiple devices, or blocked text messages across multiple devices.
+   * Microsoft uses multiple telecom providers to route phone calls and text messages for authentication. If you see any of these issues, have a user attempt to use the method at least five times within 5 minutes and have that user's information available when contacting Microsoft support.
 *  Poor signal quality.
    * Have the user attempt to log in using a wi-fi connection by installing the Authenticator app.
-   * Or, use text message authentication instead of phone (voice) authentication.
+   * Or use a text message instead of phone (voice) authentication.
 
 * Phone number is blocked and unable to be used for Voice MFA 
 

articles/active-directory/authentication/how-to-mfa-registration-campaign.md

@@ -62,7 +62,7 @@ In addition to choosing who can be nudged, you can define how many days a user c
 
       ![Confirmation of approval](./media/how-to-nudge-authenticator-app/approved.png)
 
-   1. Authenticator app is now successfully set up as the user’s default sign-in method.
+   1. Authenticator app is now successfully set up as the user's default sign-in method.
 
       ![Installation complete](./media/how-to-nudge-authenticator-app/finish.png)
 
@@ -88,7 +88,7 @@ In addition to using the Azure portal, you can also enable the registration camp
 
 To configure the policy using Graph Explorer:
 
-1. Sign in to Graph Explorer and ensure you’ve consented to the **Policy.Read.All** and **Policy.ReadWrite.AuthenticationMethod** permissions.
+1. Sign in to Graph Explorer and ensure you've consented to the **Policy.Read.All** and **Policy.ReadWrite.AuthenticationMethod** permissions.
 
    To open the Permissions panel:
 

articles/active-directory/authentication/howto-mfa-mfasettings.md

@@ -206,7 +206,7 @@ The following table lists more numbers for different countries.
 | Vietnam              | +84 2039990161  |
 
 > [!NOTE]
-> When Azure AD Multi-Factor Authentication calls are placed through the public telephone network, sometimes the calls are routed through a carrier that doesn't support caller ID. Because of this, caller ID isn't guaranteed, even though Azure AD Multi-Factor Authentication always sends it. This applies both to phone calls and text messages provided by Azure AD Multi-Factor Authentication. If you need to validate that a text message is from Azure AD Multi-Factor Authentication, see [What SMS short codes are used for sending messages?](multi-factor-authentication-faq.yml#what-sms-short-codes-are-used-for-sending-sms-messages-to-my-users-).
+> When Azure AD Multi-Factor Authentication calls are placed through the public telephone network, sometimes the calls are routed through a carrier that doesn't support caller ID. Because of this, caller ID isn't guaranteed, even though Azure AD Multi-Factor Authentication always sends it. This applies both to phone calls and text messages provided by Azure AD Multi-Factor Authentication. If you need to validate that a text message is from Azure AD Multi-Factor Authentication, see [What short codes are used for sending messages?](multi-factor-authentication-faq.yml#what-short-codes-are-used-for-sending-text-messages-to-my-users-).
 
 To configure your own caller ID number, complete the following steps:
 
@@ -215,7 +215,7 @@ To configure your own caller ID number, complete the following steps:
 1. Select **Save**.
 
 > [!NOTE]
-> When Azure AD Multi-Factor Authentication calls are placed through the public telephone network, sometimes the calls are routed through a carrier that doesn't support caller ID. Because of this, caller ID isn't guaranteed, even though Azure AD Multi-Factor Authentication always sends it. This applies both to phone calls and text messages provided by Azure AD Multi-Factor Authentication. If you need to validate that a text message is from Azure AD Multi-Factor Authentication, see [What SMS short codes are used for sending messages?](multi-factor-authentication-faq.yml#what-sms-short-codes-are-used-for-sending-sms-messages-to-my-users-).
+> When Azure AD Multi-Factor Authentication calls are placed through the public telephone network, sometimes the calls are routed through a carrier that doesn't support caller ID. Because of this, caller ID isn't guaranteed, even though Azure AD Multi-Factor Authentication always sends it. This applies both to phone calls and text messages provided by Azure AD Multi-Factor Authentication. If you need to validate that a text message is from Azure AD Multi-Factor Authentication, see [What short codes are used for sending messages?](multi-factor-authentication-faq.yml#what-short-codes-are-used-for-sending-text-messages-to-my-users-).
 
 ### Custom voice messages
 

articles/active-directory/authentication/multi-factor-authentication-faq.yml

@@ -34,7 +34,7 @@ sections:
           * **Unique ID** (either user name or on-premises Multi-Factor Authentication Server ID)
           * **First and Last Name** (optional)
           * **Email Address** (optional)
-          * **Phone Number** (when using a voice call or SMS authentication)
+          * **Phone Number** (when using a voice call or text message authentication)
           * **Device Token** (when using mobile app authentication)
           * **Authentication Mode**
           * **Authentication Result**
@@ -49,27 +49,24 @@ sections:
           For more information, see [Data residency and customer data for Azure AD Multi-Factor Authentication](concept-mfa-data-residency.md).
           
       - question: |
-          What SMS short codes are used for sending SMS messages to my users?
+          What short codes are used for sending text messages to my users?
         answer: |
-          In the United States, we use the following SMS short codes:
+          In the United States, we use the following short codes:
           
           * *97671*
           * *69829*
           * *51789*
           * *99399*
           
-          In Canada, we use the following SMS short codes:
+          In Canada, we use the following short codes:
           
           * *759731*
           * *673801*
           
-          There's no guarantee of consistent SMS or voice-based Multi-Factor Authentication prompt delivery by the same number. In the interest of our users, we may add or remove short codes at any time as we make route adjustments to improve SMS deliverability.
+          There's no guarantee of consistent text message or voice-based multifactor authentication prompt delivery by the same number. In the interest of our users, we may add or remove short codes at any time as we make route adjustments to improve text message deliverability.
           
           We don't support short codes for countries or regions besides the United States and Canada.
           
-          ## Billing
-          Most billing questions can be answered by referring to either the [Multi-Factor Authentication Pricing page](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) or the documentation for [Azure AD Multi-Factor Authentication versions and consumption plans](concept-mfa-licensing.md).
-
       - question: |
           Does Azure AD Multi-Factor Authentication throttle user sign-ins?
         answer: |
@@ -135,7 +132,7 @@ sections:
       - question: |
           What should I tell my users to do if they don't receive a response on their phone?
         answer: |
-          Have your users attempt up to five times in 5 minutes to get a phone call or SMS for authentication. Microsoft uses multiple providers for delivering calls and SMS messages. If this approach doesn't work, open a support case to troubleshoot further.
+          Have your users attempt up to five times in 5 minutes to get a phone call or text message for authentication. Microsoft uses multiple providers for delivering calls and text messages. If this approach doesn't work, open a support case to troubleshoot further.
           
           Third-party security apps may also block the verification code text message or phone call. If using a third-party security app, try disabling the protection, then request another MFA verification code be sent.
           
@@ -168,7 +165,7 @@ sections:
       - question: |
           My users say that sometimes they don't receive the text message or the verification times out.
         answer: |
-          Delivery of SMS messages aren't guaranteed because there are uncontrollable factors that might affect the reliability of the service. These factors include the destination country or region, the mobile phone carrier, and the signal strength.
+          Delivery of text messages isn't guaranteed because uncontrollable factors might affect the reliability of the service. These factors include the destination country or region, the mobile phone carrier, and the signal strength.
           
           Third-party security apps may also block the verification code text message or phone call. If using a third-party security app, try disabling the protection, then request another MFA verification code be sent.
           

articles/active-directory/authentication/passwords-faq.yml

@@ -95,25 +95,25 @@ sections:
             >
             > Users can attempt to validate their information (such as their phone number), but if they're unable to prove their identity five times within a 24-hour period, they're locked out for 24 hours.
             >
-            > Users can try to validate a phone number, auth app, send a SMS, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
+            > Users can try to validate a phone number, auth app, send a text message, or validate security questions and answers only five times within an hour before they're locked out for 24 hours. 
             >
             > Users can send an email a maximum of 10 times within a 10 minute period before they're locked out for 24 hours.
             >
             > The counters are reset once a user resets their password.
             >
             >
       - question: |
-          How long should I wait to receive an email, SMS, or phone call from password reset? 
+          How long should I wait to receive an email, text message, or phone call from password reset? 
         answer: |
-            > Emails, SMS messages, and phone calls should arrive in under a minute. The normal case is 5 to 20 seconds.
+            > Emails, text messages, and phone calls should arrive in under a minute. The normal case is 5 to 20 seconds.
             > If you don't receive the notification in this time frame:
             > * Check your junk folder.
             > * Check that the number or email being contacted is the one you expect.
             > * Check that the authentication data in the directory is correctly formatted, for example, +1 4255551234 or *user\@contoso.com*. 
       - question: |
           What languages are supported by password reset? 
         answer: |
-            > The password reset UI, SMS messages, and voice calls are localized in the same languages that are supported in Microsoft 365.
+            > The password reset UI, text messages, and voice calls are localized in the same languages that are supported in Microsoft 365.
             >
             >
       - question: |
@@ -201,9 +201,9 @@ sections:
             >
             >
       - question: |
-          How long are the email and SMS one-time passcodes valid? 
+          How long are the email and text message one-time passcodes valid? 
         answer: |
-            > The session lifetime for password reset is 15 minutes. From the start of the password reset operation, the user has 15 minutes to reset their password. The email and SMS one-time passcode are valid for 5 minutes during the password reset session.
+            > The session lifetime for password reset is 15 minutes. From the start of the password reset operation, the user has 15 minutes to reset their password. The one-time passcodes are valid for 5 minutes during the password reset session.
             >
             >
       - question: |

articles/active-directory/cloud-infrastructure-entitlement-management/how-to-add-remove-user-to-group.md

@@ -21,7 +21,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Add a user
 
-1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com/#home).
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/#home).
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to add the user to.
@@ -37,7 +37,7 @@ This article describes how you can add or remove a new user for a group in Permi
 
 ## Remove a user
 
-1. Navigate to the Microsoft [Entra admin center](https://entra.microsoft.com/#home). 
+1. Sign in to the Microsoft [Entra admin center](https://entra.microsoft.com/#home). 
 1. From the Azure Active Directory tile, select **Go to Azure Active Directory**. 
 1. From the navigation pane, select the **Groups** drop-down menu, then **All groups**.
 1. Select the group name for the group you want to remove the user from.