edit pass: reference-connect-government-cloud

denrea · denrea · commit dcb28a97f206 · 2020-04-20T12:19:16.000-07:00
diff --git a/articles/active-directory/hybrid/reference-connect-government-cloud.md b/articles/active-directory/hybrid/reference-connect-government-cloud.md
@@ -20,59 +20,60 @@ This article describes considerations for integrating a hybrid environment with
 > [!NOTE]
 > To integrate an on-premises Microsoft Azure Active Directory (Azure AD) environment with the Azure Government cloud, you need to upgrade to the latest release of [Azure AD Connect](https://www.microsoft.com/download/details.aspx?id=47594).
 
-> [!NOTE]
-> For a full list of United States government Department of Defense endpoints, refer to the [documentation](https://docs.microsoft.com/office365/enterprise/office-365-u-s-government-dod-endpoints).
+For a full list of United States government Department of Defense endpoints, refer to the [documentation](https://docs.microsoft.com/office365/enterprise/office-365-u-s-government-dod-endpoints).
 
 ## Azure AD Pass-through Authentication
 
-The following information describes implementation of Azure AD Pass-through Authentication and the Azure Government cloud.
+The following information describes implementation of Pass-through Authentication and the Azure Government cloud.
 
 ### Allow access to URLs
 
-Before deploying the Pass-through Authentication agent, verify whether a firewall exists between your servers and Azure AD. If your firewall or proxy allows Domain Name System (DNS) whitelisting, add the following connections.
+Before you deploy the Pass-through Authentication agent, verify whether a firewall exists between your servers and Azure AD. If your firewall or proxy allows Domain Name System (DNS) blocked or safe programs, add the following connections.
 
 > [!NOTE]
 > The following guidance also applies to installing the [Azure AD Application Proxy connector](https://aka.ms/whyappproxy) for Azure Government environments.
 
 |URL |How it's used|
 |-----|-----|
-|.msappproxy.us</br>.servicebus.usgovcloudapi.net|The agent uses these URLs to communicate with the Azure AD Cloud Service. |
+|&#42;.msappproxy.us</br>&#42;.servicebus.usgovcloudapi.net|The agent uses these URLs to communicate with the Azure AD cloud service. |
 |mscrl.microsoft.us:80 </br>crl.microsoft.us:80 </br>ocsp.msocsp.us:80 </br>www.microsoft.us:80| The agent uses these URLs to verify certificates.|
-|login.windows.us </br>secure.aadcdn.microsoftonline-p.com </br>.microsoftonline.us </br>.microsoftonline-p.us </br>.msauth.net </br>.msauthimages.net </br>.msecnd.net</br>.msftauth.net </br>.msftauthimages.net</br>.phonefactor.net </br>enterpriseregistration.windows.net</br>management.azure.com </br>policykeyservice.dc.ad.msft.net</br>ctdl.windowsupdate.us:80| The agent uses these URLs during the registration process.
+|login.windows.us </br>secure.aadcdn.microsoftonline-p.com </br>&#42;.microsoftonline.us </br>&#42;.microsoftonline-p.us </br>&#42;.msauth.net </br>&#42;.msauthimages.net </br>&#42;.msecnd.net</br>&#42;.msftauth.net </br>&#42;.msftauthimages.net</br>&#42;.phonefactor.net </br>enterpriseregistration.windows.net</br>management.azure.com </br>policykeyservice.dc.ad.msft.net</br>ctdl.windowsupdate.us:80| The agent uses these URLs during the registration process.
 
 ### Install the agent for the Azure Government cloud
 
 Follow these steps to install the agent for the Azure Government cloud:
 
-1. In the command line terminal, navigate to the folder that contains the executable that installs the agent.
+1. In the command-line terminal, go to the folder that contains the executable file that installs the agent.
 1. Run the following commands, which specify that the installation is for Azure Government.
 
-   For Azure AD Pass-through Authentication:
+   For Pass-through Authentication:
 
    ```
    AADConnectAuthAgentSetup.exe ENVIRONMENTNAME="AzureUSGovernment"
    ```
 
-   For Azure AD Application Proxy:
+   For Application Proxy:
 
    ```
    AADApplicationProxyConnectorInstaller.exe ENVIRONMENTNAME="AzureUSGovernment" 
    ```
 
-## Single sign-on (SSO)
+## Single sign-on
 
 ### Set up your Azure AD Connect server
 
 If you use Pass-through Authentication as your sign-on method, no additional prerequisite check is required. If you use password hash synchronization as your sign-on method and there is a firewall between Azure AD Connect and Azure AD, ensure that:
 
 - You use Azure AD Connect version 1.1.644.0 or later.
-- If your firewall or proxy allows DNS whitelisting, add the connections to the *.msappproxy.us URLs over port 443.</br>If not, allow access to the Azure datacenter IP ranges, which are updated weekly. This prerequisite applies only when you enable the feature. It is not required for actual user sign-ons.
+- If your firewall or proxy allows DNS blocked or safe programs, add the connections to the &#42;.msappproxy.us URLs over port 443.
+
+  If not, allow access to the Azure datacenter IP ranges, which are updated weekly. This prerequisite applies only when you enable the feature. It isn't required for actual user sign-ons.
 
-### Roll out Seamless SSO
+### Roll out Seamless Single Sign-On
 
-You can gradually roll out Azure AD Seamless Single Sign-On (Seamless SSO) to your users by using the following instructions. You start by adding the Azure AD URL [https://autologon.microsoft.us](https://autologon.microsoft.us) to all or selected users' Intranet zone settings by using Group Policy in Active Directory.
+You can gradually roll out Azure AD Seamless Single Sign-On to your users by using the following instructions. You start by adding the Azure AD URL [https://autologon.microsoft.us](https://autologon.microsoft.us) to all or selected users' Intranet zone settings by using Group Policy in Active Directory.
 
-You also need to enable the Intranet zone policy setting **Allow updates to status bar via script through Group Policy**.
+You also need to enable the intranet zone policy setting **Allow updates to status bar via script through Group Policy**.
 
 ## Browser considerations
 
@@ -81,9 +82,9 @@ You also need to enable the Intranet zone policy setting **Allow updates to stat
 Mozilla Firefox doesn't automatically use Kerberos authentication. Each user must manually add the Azure AD URL to their Firefox settings by following these steps:
 
 1. Run Firefox and enter **about:config** in the address bar. Dismiss any notifications that you might see.
-1. Search for the **network.negotiate-auth.trusted-uris** preference. </br>This preference lists the sites trusted by Firefox for Kerberos authentication.
-1. Right-click and then select **Modify**.
-1. Enter https://autologon.microsoft.us in the box.
+1. Search for the **network.negotiate-auth.trusted-uris** preference. This preference lists the sites trusted by Firefox for Kerberos authentication.
+1. Right-click the preference name and then select **Modify**.
+1. Enter [**https://autologon.microsoft.us**](https://autologon.microsoft.us**) in the box.
 1. Select **OK** and then reopen the browser.
 
 ### Microsoft Edge based on Chromium (all platforms)
@@ -96,5 +97,5 @@ If you have overridden the `AuthNegotiateDelegateWhitelist` or `AuthServerWh
 
 ## Next steps
 
-[Pass-through Authentication](how-to-connect-pta-quick-start.md#step-1-check-the-prerequisites)
-[Single Sign-on](how-to-connect-sso-quick-start.md#step-1-check-the-prerequisites)
+- [Pass-through Authentication](how-to-connect-pta-quick-start.md#step-1-check-the-prerequisites)
+- [Single Sign-On](how-to-connect-sso-quick-start.md#step-1-check-the-prerequisites)
