Merge pull request #188082 from MicrosoftDocs/main

2/09 AM Publish

Author: huypub

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -114,7 +114,7 @@ If you aren't using CAE-capable clients, your default access token lifetime will
 
 1. A CAE-capable client presents credentials or a refresh token to Azure AD asking for an access token for some resource.
 1. An access token is returned along with other artifacts to the client.
-1. An Administrator explicitly [revokes all refresh tokens for the user](/powershell/module/azuread/revoke-azureaduserallrefreshtoken). A revocation event will be sent to the resource provider from Azure AD.
+1. An Administrator explicitly [revokes all refresh tokens for the user](/powershell/module/microsoft.graph.users.actions/revoke-mgusersign). A revocation event will be sent to the resource provider from Azure AD.
 1. An access token is presented to the resource provider. The resource provider evaluates the validity of the token and checks whether there's any revocation event for the user. The resource provider uses this information to decide to grant access to the resource or not.
 1. In this case, the resource provider denies access, and sends a 401+ claim challenge back to the client.
 1. The CAE-capable client understands the 401+ claim challenge. It bypasses the caches and goes back to step 1, sending its refresh token along with the claim challenge back to Azure AD. Azure AD will then reevaluate all the conditions and prompt the user to reauthenticate in this case.
@@ -168,7 +168,7 @@ Changes made to Conditional Access policies and group membership made by adminis
 
 When Conditional Access policy or group membership changes need to be applied to certain users immediately, you have two options. 
 
-- Run the [revoke-azureaduserallrefreshtoken PowerShell command](/powershell/module/azuread/revoke-azureaduserallrefreshtoken) to revoke all refresh tokens of a specified user.
+- Run the [revoke-mgusersign PowerShell command](/powershell/module/microsoft.graph.users.actions/revoke-mgusersign) to revoke all refresh tokens of a specified user.
 - Select "Revoke Session" on the user profile page in the Azure portal to revoke the user's session to ensure that the updated policies will be applied immediately.
 
 ### IP address variation

articles/active-directory/develop/reference-aadsts-error-codes.md

@@ -122,7 +122,7 @@ The `error` field has several possible values - review the protocol documentatio
 | AADSTS50053 | This error can result from two different reasons: <br><ul><li>IdsLocked - The account is locked because the user tried to sign in too many times with an incorrect user ID or password. The user is blocked due to repeated sign-in attempts. See [Remediate risks and unblock users](../identity-protection/howto-identity-protection-remediate-unblock.md).</li><li>Or, sign-in was blocked because it came from an IP address with malicious activity.</li></ul> <br>To determine which failure reason caused this error, sign in to the [Azure portal](https://portal.azure.com).  Navigate to your Azure AD tenant and then **Monitoring** -> **Sign-ins**.  Find the failed user sign-in with **Sign-in error code** 50053 and check the **Failure reason**.|
 | AADSTS50055 | InvalidPasswordExpiredPassword - The password is expired. The user's password is expired, and therefore their login or session was ended. They will be offered the opportunity to reset it, or may ask an admin to reset it via [Reset a user's password using Azure Active Directory](../fundamentals/active-directory-users-reset-password-azure-portal.md). |
 | AADSTS50056 | Invalid or null password: password does not exist in the directory for this user. The user should be asked to enter their password again. |
-| AADSTS50057 | UserDisabled - The user account is disabled. The user object in Active Directory backing this account has been disabled. An admin can re-enable this account [through Powershell](/powershell/module/activedirectory/enable-adaccount) |
+| AADSTS50057 | UserDisabled - The user account is disabled. The user object in Active Directory backing this account has been disabled. An admin can re-enable this account [through PowerShell](/powershell/module/activedirectory/enable-adaccount) |
 | AADSTS50058 | UserInformationNotProvided - Session information is not sufficient for single-sign-on. This means that a user is not signed in. This is a common error that's expected when a user is unauthenticated and has not yet signed in.</br>If this error is encountered in an SSO context where the user has previously signed in, this means that the SSO session was either not found or invalid.</br>This error may be returned to the application if prompt=none is specified. |
 | AADSTS50059 | MissingTenantRealmAndNoUserInformationProvided - Tenant-identifying information was not found in either the request or implied by any provided credentials. The user can contact the tenant admin to help resolve the issue. |
 | AADSTS50061 | SignoutInvalidRequest - Unable to complete signout. The request was invalid. |

articles/active-directory/develop/sample-v2-code.md

@@ -82,7 +82,7 @@ The following samples show public client desktop applications that access the Mi
 > | .NET | [Invoke protected API with integrated Windows authentication](https://github.com/azure-samples/active-directory-dotnet-iwa-v2) | MSAL.NET | Integrated Windows authentication |
 > | Java | [Call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-java-desktop/) | MSAL Java | Integrated Windows authentication |
 > | Node.js | [Sign in users](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-desktop) | MSAL Node | Authorization code with PKCE |
-> | Powershell | [Call Microsoft Graph by signing in users using username/password](https://github.com/azure-samples/active-directory-dotnetcore-console-up-v2) | MSAL.NET | Resource owner password credentials |
+> | PowerShell | [Call Microsoft Graph by signing in users using username/password](https://github.com/azure-samples/active-directory-dotnetcore-console-up-v2) | MSAL.NET | Resource owner password credentials |
 > | Python | [Sign in users](https://github.com/Azure-Samples/ms-identity-python-desktop) | MSAL Python | Resource owner password credentials |
 > | Universal Window Platform (UWP) | [Call Microsoft Graph](https://github.com/Azure-Samples/active-directory-xamarin-native-v2/tree/main/2-With-broker) | MSAL.NET | Web account manager |
 > | Windows Presentation Foundation (WPF) | [Sign in users and call Microsoft Graph](https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph) | MSAL.NET | Authorization code with PKCE |

articles/active-directory/devices/faq.yml

@@ -260,7 +260,7 @@ sections:
           
       - question: What happens if a user changes their password and tries to sign in to their Windows 10/11 hybrid Azure AD joined device outside the corporate network?
         answer: |
-          If a password is changed outside the corporate network (for example, by using Azure AD SSPR), then the user sign in with the new password will fail. For hybrid Azure AD joined devices, on-premises Active Directory is the primary authority. When a device does not have line of sight to the domain controller, it is unable to validate the new password. So, user needs to establish connection with the domain controller (either via VPN or being in the corporate network) before they're able to sign in to the device with their new password. Otherwise, they can only sign in with their old password because of cached sign in capability in Windows. However, the old password is invalidated by Azure AD during token requests and hence, prevents single sign-on and fails any device-based Conditional Access policies. This issue doesn't occur if you use Windows Hello for Business. 
+          If a password is changed outside the corporate network (for example, by using Azure AD SSPR), then the user sign in with the new password will fail. For hybrid Azure AD joined devices, on-premises Active Directory is the primary authority. When a device does not have line of sight to the domain controller, it is unable to validate the new password. So, user needs to establish connection with the domain controller (either via VPN or being in the corporate network) before they're able to sign in to the device with their new password. Otherwise, they can only sign in with their old password because of cached sign in capability in Windows. However, the old password is invalidated by Azure AD during token requests and hence, prevents single sign-on and fails any device-based Conditional Access policies until the user authenticates with their new password in an app or browser. This issue doesn't occur if you use Windows Hello for Business. 
           
           
   - name: Azure AD register FAQ

articles/active-directory/enterprise-users/groups-restore-deleted.md

@@ -42,7 +42,7 @@ User | Can restore any deleted Microsoft 365 group that they own
    - Restore the deleted group and its contents by selecting **Restore group**.
    - Permanently remove the deleted group by selecting **Delete permanently**. To permanently remove a group, you must be an administrator.
 
-## View the deleted Microsoft 365 groups that are available to restore using Powershell
+## View the deleted Microsoft 365 groups that are available to restore using PowerShell
 
 The following cmdlets can be used to view the deleted groups to verify that the one or ones you're interested in have not yet been permanently purged. These cmdlets are part of the [Azure AD PowerShell module](https://www.powershellgallery.com/packages/AzureAD/). More information about this module can be found in the [Azure Active Directory PowerShell Version 2](/powershell/azure/active-directory/install-adv2) article.
 
@@ -59,7 +59,7 @@ The following cmdlets can be used to view the deleted groups to verify that the
     Get-AzureADMSDeletedGroup –Id <objectId>
     ```
 
-## How to restore your deleted Microsoft 365 group using Powershell
+## How to restore your deleted Microsoft 365 group using 
 
 Once you have verified that the group is still available to restore, restore the deleted group with one of the following steps. If the group contains documents, SP sites, or other persistent objects, it might take up to 24 hours to fully restore a group and its contents.
 

articles/active-directory/enterprise-users/groups-settings-v2-cmdlets.md

@@ -47,7 +47,7 @@ To verify that the module is ready to use, use the following command:
 Now you can start using the cmdlets in the module. For a full description of the cmdlets in the Azure AD module, please refer to the online reference documentation for [Azure Active Directory PowerShell Version 2](/powershell/azure/active-directory/install-adv2).
 
 > [!NOTE]
-> The Azure AD PowerShell cmdlets does not work with the new Powershell 7 as it is based on .net Core. We are aware and this is in the process of getting updated. As of now we suggest to use the Windows PowerShell 5.x Module to be used for Azure AD powershell operations. 
+> The Azure AD PowerShell cmdlets does not work with the new PowerShell 7 as it is based on .net Core. We are aware and this is in the process of getting updated. As of now we suggest to use the Windows PowerShell 5.x Module to be used for Azure AD powershell operations. 
 
 
 ## Connect to the directory

articles/active-directory/enterprise-users/groups-troubleshooting.md

@@ -19,10 +19,10 @@ ms.collection: M365-identity-device-management
 
 ## Troubleshooting group creation issues
 
-**I disabled security group creation in the Azure portal but groups can still be created via Powershell**  
-The **User can create security groups in Azure portals** setting in the Azure portal controls whether or not non-admin users can create security groups in the Access panel or the Azure portal. It does not control security group creation via Powershell.
+**I disabled security group creation in the Azure portal but groups can still be created via PowerShell**  
+The **User can create security groups in Azure portals** setting in the Azure portal controls whether or not non-admin users can create security groups in the Access panel or the Azure portal. It does not control security group creation via PowerShell.
 
-To disable group creation for non-admin users in Powershell:
+To disable group creation for non-admin users in PowerShell:
 1. Verify that non-admin users are allowed to create groups:
 
    ```powershell
@@ -35,8 +35,8 @@ To disable group creation for non-admin users in Powershell:
    Set-MsolCompanySettings -UsersPermissionToCreateGroupsEnabled $False
    ```
 
-**I received a max groups allowed error when trying to create a Dynamic Group in Powershell**  
-If you receive a message in Powershell indicating _Dynamic group policies max allowed groups count reached_, this means you have reached the max limit for Dynamic groups in your organization. The max number of Dynamic groups per organization is 5,000.
+**I received a max groups allowed error when trying to create a Dynamic Group in PowerShell**  
+If you receive a message in PowerShell indicating _Dynamic group policies max allowed groups count reached_, this means you have reached the max limit for Dynamic groups in your organization. The max number of Dynamic groups per organization is 5,000.
 
 To create any new Dynamic groups, you'll first need to delete some existing Dynamic groups. There's no way to increase the limit.
 

articles/active-directory/external-identities/code-samples.md

@@ -31,7 +31,7 @@ You can bulk-invite external users to an organization from email addresses that
 
 
 2. Get the latest Azure AD PowerShell
-   To use the new cmdlets, you must install the updated Azure AD PowerShell module, which you can download from [the Powershell module's release page](https://www.powershellgallery.com/packages/AzureADPreview)
+   To use the new cmdlets, you must install the updated Azure AD PowerShell module, which you can download from [the PowerShell module's release page](https://www.powershellgallery.com/packages/AzureADPreview)
 
 3. Sign in to your tenancy
 

articles/active-directory/hybrid/tshoot-connect-tshoot-sql-connectivity.md

@@ -24,7 +24,7 @@ The following screenshot shows a typical error, if the SQL Server cannot be foun
 ![SQL error](./media/tshoot-connect-tshoot-sql-connectivity/sql1.png)
 
 ## Troubleshooting steps
-Open a PowerShell window and Import the ADSyncTools Powershell module
+Open a PowerShell window and Import the ADSyncTools PowerShell module
 
 ``` powershell
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

articles/active-directory/manage-apps/assign-user-or-group-access-portal.md

@@ -14,7 +14,7 @@ ms.author: ergreenl
 ms.reviewer: davidmu
 ms.custom: contperf-fy22q2, contperf-fy22q3
 
-#customer intent: As an admin, I want to manage user assignment for an app in Azure Active Directory using Powershell
+#customer intent: As an admin, I want to manage user assignment for an app in Azure Active Directory using PowerShell
 ---
 
 # Assign users and groups to an application