revised portal steps

Author: Justinha

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 06/01/2023
+ms.date: 09/23/2023
 
 ms.author: justinha
 author: justinha
@@ -96,7 +96,7 @@ The following core requirements apply:
 
 > [!NOTE]
 > Some endpoints, such as the CRL endpoint, are not addressed in this article. For a list of all supported endpoints, see [Microsoft 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges#microsoft-365-common-and-office-online).
->In addition, other endpoints are required for Azure portal authentication. For more information, see [Azure portal URLs for proxy bypass](/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud#azure-portal-urls-for-proxy-bypass).
+>In addition, other endpoints are required for Microsoft Entra admin center authentication. For more information, see [Microsoft Entra admin center URLs for proxy bypass](/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud#azure-portal-urls-for-proxy-bypass).
 
 ### Azure AD Password Protection DC agent
 
@@ -243,7 +243,7 @@ To install the Azure AD Password Protection proxy service, complete the followin
         >
         > You may also see MFA required if Azure Device Registration (which is used under the covers by Azure AD Password Protection) has been configured to globally require MFA. To workaround this requirement you may use a different account that supports MFA with one of the previous two authentication modes, or you may also temporarily relax the Azure Device Registration MFA requirement.
         >
-        > To make this change, search for and select **Azure Active Directory** in the Azure portal, then select **Devices > Device Settings**. Set **Require Multi-Factor Auth to join devices** to *No*. Be sure to reconfigure this setting back to *Yes* once registration is complete.
+        > To make this change, select **Identity** in the [Microsoft Entra admin center](https://entra.microsoft.com), then select **Devices** > **Device Settings**. Set **Require Multi-Factor Auth to join devices** to *No*. Be sure to reconfigure this setting back to *Yes* once registration is complete.
         >
         > We recommend that MFA requirements be bypassed for test purposes only.
 
@@ -296,7 +296,7 @@ To install the Azure AD Password Protection proxy service, complete the followin
         >
         > You may also see MFA required if Azure Device Registration (which is used under the covers by Azure AD Password Protection) has been configured to globally require MFA. To workaround this requirement you may use a different account that supports MFA with one of the previous two authentication modes, or you may also temporarily relax the Azure Device Registration MFA requirement.
         >
-        > To make this change, search for and select **Azure Active Directory** in the Azure portal, then select **Devices > Device Settings**. Set **Require Multi-Factor Auth to join devices** to *No*. Be sure to reconfigure this setting back to *Yes* once registration is complete.
+        > To make this change, select **Identity** in the [Microsoft Entra admin center](https://entra.microsoft.com), then select **Devices** > **Device Settings**. Set **Require Multi-Factor Auth to join devices** to *No*. Be sure to reconfigure this setting back to *Yes* once registration is complete.
         >
         > We recommend that MFA requirements be bypassed for test purposes only.
 
@@ -400,7 +400,7 @@ The software installation, or uninstallation, requires a restart. This requireme
 
 The installation of on-prem Azure AD Password Protection is complete after the DC agent software is installed on a domain controller, and that computer is rebooted. No other configuration is required or possible. Password change events against the on-prem DCs use the configured banned password lists from Azure AD.
 
-To enable on-prem Azure AD Password Protection from the Azure portal or configure custom banned passwords, see [Enable on-premises Azure AD Password Protection](howto-password-ban-bad-on-premises-operations.md).
+To enable on-prem Azure AD Password Protection or configure custom banned passwords, see [Enable on-premises Azure AD Password Protection](howto-password-ban-bad-on-premises-operations.md).
 
 > [!TIP]
 > You can install the Azure AD Password Protection DC agent on a machine that's not yet a domain controller. In this case, the service starts and runs but remain inactive until the machine is promoted to be a domain controller.
@@ -436,4 +436,4 @@ The `Get-AzureADPasswordProtectionDCAgent` cmdlet may be used to query the softw
 
 ## Next steps
 
-Now that you've installed the services that you need for Azure AD Password Protection on your on-premises servers, [enable on-prem Azure AD Password Protection in the Azure portal](howto-password-ban-bad-on-premises-operations.md) to complete your deployment.
+Now that you've installed the services that you need for Azure AD Password Protection on your on-premises servers, [enable on-prem Azure AD Password Protection](howto-password-ban-bad-on-premises-operations.md) to complete your deployment.

articles/active-directory/authentication/howto-password-ban-bad-on-premises-faq.yml

@@ -33,7 +33,7 @@ sections:
           
           On-premises Azure AD Password Protection is supported in both Azure Global and Azure Government clouds.
           
-          The Azure portal does allow modification of the on-premises-specific "Password protection for Windows Server Active Directory" configuration even in non-supported clouds; such changes will be persisted but otherwise will never take effect. Registration of on-premises proxy agents or forests is unsupported in non-supported clouds, and any such registration attempts will always fail.
+          The Microsoft Entra admin center does allow modification of the on-premises-specific "Password protection for Windows Server Active Directory" configuration even in non-supported clouds; such changes will be persisted but otherwise will never take effect. Registration of on-premises proxy agents or forests is unsupported in non-supported clouds, and any such registration attempts will always fail.
           
           ### How can I apply Azure AD Password Protection benefits to a subset of my on-premises users?
           
@@ -79,7 +79,7 @@ sections:
           
           ### How can I modify the contents of the policy at the Active Directory level?
           
-          Not supported. The policy can only be administered using the Azure portal. Also see previous question.
+          Not supported. The policy can only be administered using the Microsoft Entra admin center. Also see previous question.
           
           ### Why is DFSR required for sysvol replication?
           
@@ -142,7 +142,7 @@ sections:
           
           ### Why is custom smart lockout not working even after the agents are installed in my on-premises Active Directory environment?
           
-          Custom smart lockout is only supported in Azure AD. Changes to the custom smart lockout settings in the Azure portal have no effect on the on-premises Active Directory environment, even with the agents installed.
+          Custom smart lockout is only supported in Azure AD. Changes to the custom smart lockout settings in the Microsoft Entra admin center have no effect on the on-premises Active Directory environment, even with the agents installed.
           
           ### Is a System Center Operations Manager management pack available for Azure AD Password Protection?
           
@@ -192,8 +192,9 @@ sections:
              net.exe user ContosoUser /add <password>
              ```
           
-          1. Open a web browser (you may need to use a separate device instead of your domain controller), sign in to the [Azure portal](https://portal.azure.com), and browse to Azure Active Directory > Security > Authentication methods > Password protection.
-          1. Modify the Azure AD Password Protection policy as needed for the testing you want to perform.  For example, you may decide to configure either Enforced or Audit Mode, or you may decide to modify the list of banned terms in your custom banned passwords list.
+          1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Administrator](../roles/permissions-reference.md#authentication-administrator).
+          1. Browse to Protection > Authentication methods > Password protection.
+          1. Modify the Azure AD Password Protection policy as needed for the testing you want to perform. For example, you may decide to configure either Enforced or Audit Mode, or you may decide to modify the list of banned terms in your custom banned passwords list.
           1. Synchronize the new policy by stopping and restarting the DC agent service.
           
              This step can be accomplished in various ways. One way would be to use the Service Management administrative console, by right-clicking on the Azure AD Password Protection DC Agent service and choosing "Restart". Another way may be performed from the command prompt window like so:
@@ -290,7 +291,7 @@ sections:
              FullName: 
              ```
           
-          1. Continue testing various passwords of your choice and checking the results in the event viewer using the procedures outlined in the previous steps. If you need to change the policy in the Azure portal, don't forget to synchronize the new policy down to the DC agent as described earlier.
+          1. Continue testing various passwords of your choice and checking the results in the event viewer using the procedures outlined in the previous steps. If you need to change the policy in the Microsoft Entra admin center, don't forget to synchronize the new policy down to the DC agent as described earlier.
           
           We've covered procedures that enable you to do controlled testing of Azure AD Password Protection's password validation behavior. Resetting user passwords from the command line directly on a domain controller may seem an odd means of doing such testing, but as described previously it is designed to produce repeatable results. As you are testing various passwords, keep the [password evaluation algorithm](concept-password-ban-bad.md#how-are-passwords-evaluated) in mind as it may help to explain results that you did not expect.
           

articles/active-directory/authentication/howto-password-ban-bad-on-premises-operations.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 09/13/2023
 
 ms.author: justinha
 author: justinha
@@ -31,15 +31,16 @@ This article shows you how to enable Azure AD Password Protection for your on-pr
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com) and browse to **Azure Active Directory** > **Security** > **Authentication methods** > **Password protection**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Administrator](../roles/permissions-reference.md#authentication-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Password protection**.
 1. Set the option for **Enable password protection on Windows Server Active Directory** to *Yes*.
 
     When this setting is set to *No*, all deployed Azure AD Password Protection DC agents go into a quiescent mode where all passwords are accepted as-is. No validation activities are performed, and audit events aren't generated.
 
 1. It's recommended to initially set the **Mode** to *Audit*. After you're comfortable with the feature and the impact on users in your organization, you can switch the **Mode** to *Enforced*. For more information, see the following section on [modes of operation](#modes-of-operation).
 1. When ready, select **Save**.
 
-    [![Enable on-premises password protection under Authentication Methods in the Azure portal](media/howto-password-ban-bad-on-premises-operations/enable-configure-custom-banned-passwords-cropped.png)](media/howto-password-ban-bad-on-premises-operations/enable-configure-custom-banned-passwords.png#lightbox)
+    [![Enable on-premises password protection under Authentication Methods in the Microsoft Entra admin center](media/howto-password-ban-bad-on-premises-operations/enable-configure-custom-banned-passwords-cropped.png)](media/howto-password-ban-bad-on-premises-operations/enable-configure-custom-banned-passwords.png#lightbox)
 
 ## Modes of operation
 

articles/active-directory/authentication/howto-password-smart-lockout.md

@@ -6,7 +6,7 @@ services: active-directory
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 01/29/2023
+ms.date: 09/23/2023
 
 ms.author: justinha
 author: justinha
@@ -66,8 +66,8 @@ Based on your organizational requirements, you can customize the Azure AD smart
 
 To check or modify the smart lockout values for your organization, complete the following steps:
 
-1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/#home).
-1. Search for and select *Azure Active Directory*, then select **Security** > **Authentication methods** > **Password protection**.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Administrator](../roles/permissions-reference.md#authentication-administrator).
+1. Browse to **Protection** > **Authentication methods** > **Password protection**.
 1. Set the **Lockout threshold**, based on how many failed sign-ins are allowed on an account before its first lockout.
 
     The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.
@@ -79,7 +79,7 @@ To check or modify the smart lockout values for your organization, complete the
 > [!NOTE]
 > If the first sign-in after a lockout period has expired also fails, the account locks out again. If an account locks repeatedly, the lockout duration increases.
 
-![Customize the Azure AD smart lockout policy in the Azure portal](./media/howto-password-smart-lockout/azure-active-directory-custom-smart-lockout-policy.png)
+![Customize the Azure AD smart lockout policy in the Microsoft Entra admin center](./media/howto-password-smart-lockout/azure-active-directory-custom-smart-lockout-policy.png)
 
 ## Testing Smart lockout