Merge branch 'main' into patch-29

Author: mikewill4

articles/active-directory-b2c/enable-authentication-web-api.md

@@ -126,7 +126,7 @@ npm install passport-azure-ad
 npm install morgan
 ```
 
-The [morgen package](https://www.npmjs.com/package/morgan) is an HTTP request logger middleware for Node.js.
+The [morgan package](https://www.npmjs.com/package/morgan) is an HTTP request logger middleware for Node.js.
 
 ---
 

articles/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers.md

@@ -86,7 +86,7 @@ When you've completed all these steps, your app should be running and available.
 ## Considerations
 
 - Application Proxy is used to provide remote access to apps on-premises or on private cloud. Application Proxy is not recommended to handle traffic originating internally from the corporate network.
-- Access to header-based authentication applications should be restricted to only traffic from the connector or other permitted header-based authentication solution. This is commonly done through restricting network access to the application using a firewall or IP restriction on the application server.
+- **Access to header-based authentication applications should be restricted to only traffic from the connector or other permitted header-based authentication solution**. This is commonly done through restricting network access to the application using a firewall or IP restriction on the application server to avoid exposing to the attackers.
 
 ## Next steps
 

articles/active-directory/authentication/howto-mfa-nps-extension-errors.md

@@ -27,7 +27,7 @@ If you encounter errors with the NPS extension for Azure AD Multi-Factor Authent
 | **CONTACT_SUPPORT** | [Contact support](#contact-microsoft-support), and mention the list of steps for collecting logs. Provide as much information as you can about what happened before the error, including tenant ID, and user principal name (UPN). |
 | **CLIENT_CERT_INSTALL_ERROR** | There may be an issue with how the client certificate was installed or associated with your tenant. Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert problems. |
 | **ESTS_TOKEN_ERROR** | Follow the instructions in [Troubleshooting the MFA NPS extension](howto-mfa-nps-extension.md#troubleshooting) to investigate client cert and security token problems. |
-| **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and that TLS 1.2 is enabled (default). If TLS 1.2 is disabled, user authentication will fail and event ID 36871 with source SChannel is entered in the System log in Event Viewer. To verify TLS 1.2 is enabled, see [TLS registry settings](/windows-server/security/tls/tls-registry-settings.md#tls-dtls-and-ssl-protocol-version-settings). |
+| **HTTPS_COMMUNICATION_ERROR** | The NPS server is unable to receive responses from Azure AD MFA. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and that TLS 1.2 is enabled (default). If TLS 1.2 is disabled, user authentication will fail and event ID 36871 with source SChannel is entered in the System log in Event Viewer. To verify TLS 1.2 is enabled, see [TLS registry settings](/windows-server/security/tls/tls-registry-settings#tls-dtls-and-ssl-protocol-version-settings). |
 | **HTTP_CONNECT_ERROR** | On the server that runs the NPS extension, verify that you can reach  `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com/`. If those sites don't load, troubleshoot connectivity on that server. |
 | **NPS Extension for Azure AD MFA:** <br> NPS Extension for Azure AD MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request. | This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from `https://adnotifications.windowsazure.com` and `https://login.microsoftonline.com` using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license. |
 | **REGISTRY_CONFIG_ERROR** | A key is missing in the registry for the application, which may be because the [PowerShell script](howto-mfa-nps-extension.md#install-the-nps-extension) wasn't run after installation. The error message should include the missing key. Make sure you have the key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa. |

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: conditional-access
 ms.topic: conceptual
-ms.date: 01/27/2022
+ms.date: 06/27/2022
 
 ms.author: joflore
 author: MicrosoftGuyJFlo
@@ -99,7 +99,7 @@ The following client apps have been confirmed to support this setting:
 - Microsoft Invoicing
 - Microsoft Kaizala
 - Microsoft Launcher
-- Microsoft Lists (iOS)
+- Microsoft Lists
 - Microsoft Office
 - Microsoft OneDrive
 - Microsoft OneNote

articles/active-directory/saas-apps/alexishr-tutorial.md

@@ -130,7 +130,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In the **New identity provider** section, perform the following steps:
 
-    ![Screenshot shows the Account Settings.](./media/alexishr-tutorial/account.png " Settings")
+    ![Screenshot shows the Account Settings.](./media/alexishr-tutorial/account.png "Settings")
 
     1. In the **Identity provider SSO URL** textbox, paste the **Login URL** value which you have copied from the Azure portal.
 

articles/active-directory/saas-apps/amazon-managed-grafana-tutorial.md

@@ -147,7 +147,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In the **Review and create** page, verify all the workspace details and click **Create workspace**.
 
-	![Screenshot shows review and create page.](./media/amazon-managed-grafana-tutorial/review-workspace.png " Create Workspace")
+	![Screenshot shows review and create page.](./media/amazon-managed-grafana-tutorial/review-workspace.png "Create Workspace")
 
 1. After creating workspace, click **Complete setup** to complete the SAML configuration.
 

articles/active-directory/saas-apps/hiretual-tutorial.md

@@ -85,7 +85,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. Click the **Properties** tab on the left menu bar, copy the value of **User access URL**,and save it on your computer.
 
-    ![Screenshot shows the User access URL.](./media/hiretual-tutorial/access-url.png " SSO Configuration")
+    ![Screenshot shows the User access URL.](./media/hiretual-tutorial/access-url.png "SSO Configuration")
 
 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
@@ -123,7 +123,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 1. In the **SAML2.0 Authentication** page, perform the following steps:
 
-    ![Screenshot shows the SSO Configuration.](./media/hiretual-tutorial/configuration.png " SSO Configuration")
+    ![Screenshot shows the SSO Configuration.](./media/hiretual-tutorial/configuration.png "SSO Configuration")
 
     1. In the **SAML2.O SSO URL** textbox, paste the **User access URL** which you have copied from the Azure portal.