Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into probe-howto

Author: asudbring

articles/active-directory/app-provisioning/functions-for-customizing-application-data.md

@@ -1049,7 +1049,7 @@ Example: Based on the user's first name, middle name and last name, you need to
 SingleAppRoleAssignment([appRoleAssignments])
 
 **Description:** 
-Returns a single appRoleAssignment from the list of all appRoleAssignments assigned to a user for a given application. This function is required to convert the appRoleAssignments object into a single role name string. The best practice is to ensure only one appRoleAssignment is assigned to one user at a time, and if multiple roles are assigned the role string returned may not be predictable. 
+Returns a single appRoleAssignment from the list of all appRoleAssignments assigned to a user for a given application. This function is required to convert the appRoleAssignments object into a single role name string. The best practice is to ensure only one appRoleAssignment is assigned to one user at a time. This function is not supported in scenarios where users have multiple app role assignments. 
 
 **Parameters:** 
 

articles/active-directory/manage-apps/f5-aad-integration.md

@@ -24,7 +24,7 @@ SHA addresses this blind spot by enabling organizations to continue using their
 
 Having Azure AD pre-authenticate access to BIG-IP published services provides many benefits:
 
-- Password-less authentication through [Windows Hello](/windows/security/identity-protection/hello-for-business/hello-overview), [MS Authenticator](https://support.microsoft.com/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a), [Fast Identity Online (FIDO) keys](../authentication/howto-authentication-passwordless-security-key.md), and [Certificate-based authentication](../authentication/active-directory-certificate-based-authentication-get-started.md)
+- Password-less authentication through [Windows Hello](/windows/security/identity-protection/hello-for-business/hello-overview), [MS Authenticator](https://support.microsoft.com/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a), [Fast Identity Online (FIDO) keys](../authentication/howto-authentication-passwordless-security-key.md), and [Certificate-based authentication](../authentication/concept-certificate-based-authentication.md)
 
 - Preemptive [Conditional Access](../conditional-access/overview.md) and [Azure AD Multi-Factor Authentication (MFA)](../authentication/concept-mfa-howitworks.md)
 
@@ -174,13 +174,13 @@ Azure AD B2B guest access to SHA protected applications is also possible, but so
 
 ## Next steps
 
-Consider running an SHA Proof of concept (POC) using your existing BIG-IP infrastructure, or by [Deploying a BIG-IP Virtual Edition (VE) VM into Azure](f5-bigip-deployment-guide.md) takes approximately 30 minutes, at which point you'll have:
+Consider running a SHA Proof of concept (POC) using your existing BIG-IP infrastructure, or by [Deploying a BIG-IP Virtual Edition (VE) VM into Azure](f5-bigip-deployment-guide.md). Deploying a VM in Azure takes approximately 30 minutes, at which point you'll have:
 
-- A fully secured platform to model a SHA proof of concept
+- A fully secured platform to model a SHA pilot
 
 - A pre-production instance for testing new BIG-IP system updates and hotfixes
 
-At the same time, you should identify one or two applications that can be published via the BIG-IP and protected with SHA.
+You should should also identify one or two applications that can be published via the BIG-IP and protected with SHA.
 
 Our recommendation is to start with an application that isn’t yet published via a BIG-IP, so as to avoid potential disruption to production services. The guidelines mentioned in this article will help you get acquainted with the general procedure for creating the various BIG-IP configuration objects and setting up SHA. Once complete you should be able to do the same with any other new services, plus also have enough knowledge to convert existing BIG-IP published services over to SHA with minimal effort.
 

articles/active-directory/reports-monitoring/recommendation-migrate-to-authenticator.md

@@ -0,0 +1,61 @@
+---
+title: Azure Active Directory recommendation - Migrate to Microsoft authenticator | Microsoft Docs
+description: Learn why you should migrate your users to the Microsoft authenticator app in Azure AD.
+services: active-directory
+documentationcenter: ''
+author: MarkusVi
+manager: karenhoran
+editor: ''
+
+ms.assetid: 9b88958d-94a2-4f4b-a18c-616f0617a24e
+ms.service: active-directory
+ms.topic: reference
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.subservice: report-monitor
+ms.date: 03/02/2022
+ms.author: markvi
+ms.reviewer: hafowler
+
+ms.collection: M365-identity-device-management
+---
+
+# Azure AD recommendation: Migrate to Microsoft authenticator 
+
+[Azure AD recommendations](overview-recommendations.md) is a feature that provides you with personalized insights and actionable guidance to align your tenant with recommended best practices.
+
+This article covers the recommendation to migrate users to authenticator. 
+
+
+## Description
+
+Multi-factor authentication (MFA) is a key component to improve the security posture of your Azure AD tenant. However, while keeping your tenant safe is important, you should also keep an eye on keeping the security related overhead as little as possible on your users.
+
+One possibility to accomplish this goal is to migrate users using SMS or voice call for MFA to use the Microsoft authenticator app.
+
+
+## Logic 
+
+If Azure AD detects that your tenant has users authenticating using SMS or voice in the past week instead of the authenticator app, this recommendation shows up.
+
+## Value 
+
+- Push notifications through the Microsoft authenticator app provide the least intrusive MFA experience for users. This is the most reliable and secure option because it relies on a data connection rather than telephony.
+- Verification code option using Microsoft authenticator app enables MFA even in isolated environments without data or cellular signals where SMS and Voice calls would not work.
+- The Microsoft authenticator app is available for Android and iOS.
+- Pathway to passwordless: Authenticator can be a traditional MFA factor (one-time passcodes, push notification) and when your organization is ready for Password-less, the authenticator app can be used sign-into Azure AD without a password.
+
+## Action plan
+
+1.	Ensure that notification through mobile app and/or verification code from mobile app are available to users as authentication methods. How to Configure Verification Options
+
+2.	Educate users on how to add a work or school account. 
+
+
+
+ 
+
+## Next steps
+
+- [Tutorials for integrating SaaS applications with Azure Active Directory](../saas-apps/tutorial-list.md)
+- [Azure AD reports overview](overview-reports.md)

articles/active-directory/reports-monitoring/toc.yml

@@ -136,3 +136,5 @@
   items:
     - name: Integrate your third party apps
       href: recommendation-integrate-third-party-apps.md
+    - name: Migrate to Microsoft authenticator
+      href: recommendation-migrate-to-authenticator.md

articles/bastion/bastion-create-host-powershell.md

@@ -1,5 +1,6 @@
 ---
 title: 'Deploy Bastion:PowerShell'
+titleSuffix: Azure Bastion
 description: Learn how to deploy Azure Bastion using PowerShell.
 author: cherylmc
 ms.service: bastion
@@ -20,7 +21,7 @@ You can also deploy Bastion by using the following other  methods:
 
 * [Azure portal](./tutorial-create-host-portal.md)
 * [Azure CLI](create-host-cli.md)
-* [ Quickstart - deploy with default settings](quickstart-host-portal.md)
+* [Quickstart - deploy with default settings](quickstart-host-portal.md)
 
 ## Prerequisites
 
@@ -64,10 +65,6 @@ This section helps you deploy Azure Bastion using Azure PowerShell.
    $bastion = New-AzBastion -ResourceGroupName "myBastionRG" -Name "myBastion" -PublicIpAddress $publicip -VirtualNetwork $vnet
    ```
 
-## <a name="ip"></a>Disassociate VM public IP address
-
-Azure Bastion doesn't use the public IP address to connect to the client VM. If you don't need the public IP address for your VM, you can disassociate the public IP address. See [Dissociate a public IP address from an Azure VM](../virtual-network/ip-services/remove-public-ip-address-vm.md).
-
 ## <a name="connect"></a>Connect to a VM
 
 You can use any of the following articles to connect to a VM that's located in the virtual network to which you deployed Bastion. You can also use the [Connection steps](#steps) in the section below. Some connection types require the [Standard SKU](configuration-settings.md#skus).
@@ -76,7 +73,11 @@ You can use any of the following articles to connect to a VM that's located in t
 
 ### <a name="steps"></a>Connection steps
 
-[!INCLUDE [Links to Connect to VM articles](../../includes/bastion-vm-connect.md)]
+[!INCLUDE [Connection steps](../../includes/bastion-vm-connect.md)]
+
+## <a name="ip"></a>Remove VM public IP address
+
+Azure Bastion doesn't use the public IP address to connect to the client VM. If you don't need the public IP address for your VM, you can disassociate the public IP address. See [Dissociate a public IP address from an Azure VM](../virtual-network/ip-services/remove-public-ip-address-vm.md).
 
 ## Next steps