Merge pull request #77463 from MicrosoftDocs/master

5/21 PM Publish

Author: huypub

articles/active-directory-b2c/active-directory-b2c-get-started-custom.md

@@ -71,15 +71,9 @@ Azure AD B2C requires you to register two applications that are used to sign up
 3. Select **New application registration**.
 4. For **Name**, enter `IdentityExperienceFramework`.
 5. For **Application type**, choose **Web app/API**.
-6. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name.
+6. For **Sign-on URL**, enter `https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com`, where `your-tenant-name` is your Azure AD B2C tenant domain name. All URLs should now be using [b2clogin.com](b2clogin.md).
 7. Click **Create**. After it's created, copy the application ID and save it to use later.
 
-    ```
-    https://your--B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com
-    ```
-
-    All URLs should now be using [b2clogin.com](b2clogin.md).
-
 ### Register the ProxyIdentityExperienceFramework application
 
 1. In **App registrations (Legacy)**, select **New application registration**.

articles/active-directory/authentication/howto-mfa-nps-extension-advanced.md

@@ -37,15 +37,15 @@ To troubleshoot problems with alternate login IDs, use the recommended steps for
 
 ## IP exceptions
 
-If you need to monitor server availability, like if load balancers verify which servers are running before sending workloads, you don't want these checks to be blocked by verification requests. Instead, create a list of IP addresses that you know are used by service accounts, and disable Multi-Factor Authentication requirements for that list. 
+If you need to monitor server availability, like if load balancers verify which servers are running before sending workloads, you don't want these checks to be blocked by verification requests. Instead, create a list of IP addresses that you know are used by service accounts, and disable Multi-Factor Authentication requirements for that list.
 
-To configure an IP whitelist, go to `HKLM\SOFTWARE\Microsoft\AzureMfa` and configure the following registry value: 
+To configure an IP allowed list, go to `HKLM\SOFTWARE\Microsoft\AzureMfa` and configure the following registry value:
 
 | Name | Type | Default value | Description |
 | ---- | ---- | ------------- | ----------- |
 | IP_WHITELIST | string | Empty | Provide a semi-colon separated list of IP addresses. Include the IP addresses of machines where service requests originate, like the NAS/VPN server. IP ranges and subnets are not supported. <br><br> For example, *10.0.0.1;10.0.0.2;10.0.0.3*.
 
-When a request comes in from an IP address that exists in the whitelist, two-step verification is skipped. The IP whitelist is compared to the IP address that is provided in the *ratNASIPAddress* attribute of the RADIUS request. If a RADIUS request comes in without the ratNASIPAddress attribute, the following warning is logged: "P_WHITE_LIST_WARNING::IP Whitelist is being ignored as source IP is missing in RADIUS request in NasIpAddress attribute."
+When a request comes in from an IP address that exists in the `IP_WHITELIST`, two-step verification is skipped. The IP list is compared to the IP address that is provided in the *ratNASIPAddress* attribute of the RADIUS request. If a RADIUS request comes in without the ratNASIPAddress attribute, the following warning is logged: "P_WHITE_LIST_WARNING::IP Whitelist is being ignored as source IP is missing in RADIUS request in NasIpAddress attribute."
 
 ## Next steps
 

articles/active-directory/authentication/howto-mfaserver-adfs-2.md

@@ -82,7 +82,7 @@ You enabled IIS authentication, but to perform the pre-authentication to your Ac
 3. If users enter their username in “domain\username” format, the Server needs to be able to strip the domain off the username when it creates the LDAP query. That can be done through a registry setting.
 4. Open the registry editor and go to HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Positive Networks/PhoneFactor on a 64-bit server. If on a 32-bit server, take the “Wow6432Node” out of the path. Create a DWORD registry key called “UsernameCxz_stripPrefixDomain” and set the value to 1. Azure Multi-Factor Authentication is now securing the AD FS proxy.
 
-Ensure that users have been imported from Active Directory into the Server. See the [Trusted IPs section](#trusted-ips) if you would like to whitelist internal IP addresses so that two-step verification is not required when signing in to the website from those locations.
+Ensure that users have been imported from Active Directory into the Server. See the [Trusted IPs section](#trusted-ips) if you would like to allow internal IP addresses so that two-step verification is not required when signing in to the website from those locations.
 
 ![Registry editor to configure company settings](./media/howto-mfaserver-adfs-2/reg.png)
 
@@ -106,15 +106,17 @@ You can secure AD FS when the AD FS proxy is not used. Install the Azure Multi-F
 
 Azure Multi-Factor Authentication is now securing AD FS.
 
-Ensure that users have been imported from Active Directory into the Server. See the Trusted IPs section if you would like to whitelist internal IP addresses so that two-step verification is not required when signing in to the website from those locations.
+Ensure that users have been imported from Active Directory into the Server. See the Trusted IPs section if you would like to allow internal IP addresses so that two-step verification is not required when signing in to the website from those locations.
 
 ## Trusted IPs
+
 Trusted IPs allow users to bypass Azure Multi-Factor Authentication for website requests originating from specific IP addresses or subnets. For example, you may want to exempt users from two-step verification when they sign in from the office. For this, you would specify the office subnet as a Trusted IPs entry.
 
 ### To configure trusted IPs
+
 1. In the IIS Authentication section, click the **Trusted IPs** tab.
 2. Click the **Add…** button.
 3. When the Add Trusted IPs dialog box appears, select one of the **Single IP**, **IP range**, or **Subnet** radio buttons.
-4. Enter the IP address, range of IP addresses, or subnet that should be whitelisted. If entering a subnet, select the appropriate Netmask and click the **OK** button. The trusted IP has now been added.
+4. Enter the IP address, range of IP addresses, or subnet that should be allowed. If entering a subnet, select the appropriate Netmask and click the **OK** button.
 
 ![Configure trusted IPs to MFA Server](./media/howto-mfaserver-adfs-2/trusted.png)

articles/active-directory/authentication/howto-mfaserver-iis.md

@@ -73,4 +73,4 @@ The Trusted IPs allows users to bypass Azure Multi-Factor Authentication for web
 1. In the IIS Authentication section, click the **Trusted IPs** tab.
 2. Click **Add**.
 3. When the Add Trusted IPs dialog box appears, select the **Single IP**, **IP range**, or **Subnet** radio button.
-4. Enter the IP address, range of IP addresses or subnet that should be whitelisted. If entering a subnet, select the appropriate Netmask and click **OK**. The whitelist has now been added.
+4. Enter the IP address, range of IP addresses or subnet that should be allowed. If entering a subnet, select the appropriate Netmask and click **OK**.

articles/active-directory/authentication/overview-authentication.md

@@ -49,6 +49,10 @@ Self-service password reset includes:
 
 Azure Multi-Factor Authentication (MFA) is Microsoft's two-step verification solution. Using administrator approved authentication methods, Azure MFA helps safeguard your access to data and applications, while meeting the demand for a simple sign-in process.
 
+## License requirements
+
+[!INCLUDE [Active Directory P1 license](../../../includes/active-directory-p1-license.md)]
+
 ## Next steps
 
 The next step is to dive in and configure self-service password reset and Azure Multi-Factor Authentication.

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -47,7 +47,7 @@ The Azure AD default for browser session persistence allows users on personal de
 
 ## Configuring authentication session controls
 
-Conditional access is an Azure AD Premium capability and requires a premium license. If you would like to learn more about conditional access, see [What is conditional access in Azure Active Directory?](overview.md#license-requirements-for-using-conditional-access)
+Conditional access is an Azure AD Premium capability and requires a premium license. If you would like to learn more about conditional access, see [What is conditional access in Azure Active Directory?](overview.md#license-requirements)
 
 > [!WARNING]
 > If you are using the [configurable token lifetime](../develop/active-directory-configurable-token-lifetimes.md) feature currently in public preview, please note that we don’t support creating two different policies for the same user or app combination: one with this feature and another one with configurable token lifetime feature. Microsoft plans to retire the configurable token lifetime feature on October 15 and replace it with the conditional access authentication session management feature.  

articles/active-directory/conditional-access/overview.md

@@ -84,9 +84,9 @@ When the configured conditional access policy requires multi-factor authenticati
 
 After the user has signed in to the federated authentication service, Azure AD handles other policy requirements such as device compliance or an approved application.
 
-## License requirements for using conditional access
+## License requirements
 
-Using conditional access requires an Azure AD Premium license. To find the right license for your requirements, see [Comparing generally available features of the Free, Basic, and Premium editions](https://azure.microsoft.com/pricing/details/active-directory/).
+[!INCLUDE [Active Directory P1 license](../../../includes/active-directory-p1-license.md)]
 
 ## Next steps
 

articles/active-directory/develop/index.yml

@@ -20,10 +20,10 @@ abstract:
     image:
       alt: 
       height: 110
-      src: ./media/index/video-featured.png
+      src: ./media/index/identity-platform-thumbnail.png
       width: 250  
-    title: Building web app solutions with authentication (9:31)
-    href: https://www.youtube.com/watch?v=QWh5HZK9vRA
+    title: Microsoft identity platform overview (2:20)
+    href: https://youtu.be/y_fgJAatVhk
     width: 250
 sections: