Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

articles/active-directory-b2c/extensions-app.md

@@ -36,6 +36,7 @@ If you accidentally deleted the `b2c-extensions-app`, you have 30 days to recove
 > [!NOTE]
 > An application can only be restored if it has been deleted within the last 30 days. If it has been more than 30 days, data will be permanently lost. For more assistance, file a support ticket.
 
+<!--Hide portal steps until SP bug is fixed
 ### Recover the extensions app using the Azure portal
 
 1. Sign in to your Azure AD B2C tenant.
@@ -44,18 +45,18 @@ If you accidentally deleted the `b2c-extensions-app`, you have 30 days to recove
 1. Select **Restore app registration**.
 
 You should now be able to [see the restored app](#verifying-that-the-extensions-app-is-present) in the Azure portal.
-
+-->
 ### Recover the extensions app using Microsoft Graph
-To restore the app using Microsoft Graph, you must restore both the application and the service principal.
+To restore the app using Microsoft Graph, you must restore both the application object and the service principal. For more information, see the [Restore deleted item](/graph/api/directory-deleteditems-restore) API.
 
-To restore the application:
+To restore the application object:
 1. Browse to [https://developer.microsoft.com/en-us/graph/graph-explorer](https://developer.microsoft.com/en-us/graph/graph-explorer).
 1. Log in to the site as a global administrator for the Azure AD B2C directory that you want to restore the deleted app for. This global administrator must have an email address similar to the following: `username@{yourTenant}.onmicrosoft.com`.
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.application`. This operation will list all of the applications that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.application?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the application in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
 1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.]
 
-To restore the service principal:
+To restore the service principal object:
 1. Issue an HTTP GET against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/microsoft.graph.servicePrincipal`. This operation will list all of the service principals that have been deleted within the past 30 days. You can also use the URL `https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=displayName eq 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'` to filter by the app's **displayName** property.
 1. Find the service principal in the list where the name begins with `b2c-extensions-app` and copy its `id` property value.
 1. Issue an HTTP POST against the URL `https://graph.microsoft.com/v1.0/directory/deleteditems/{id}/restore`. Replace the `{id}` portion of the URL with the `id` from the previous step.

articles/active-directory-domain-services/policy-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Built-in policy definitions for Azure Active Directory Domain Services
 description: Lists Azure Policy built-in policy definitions for Azure Active Directory Domain Services. These built-in policy definitions provide common approaches to managing your Azure resources.
-ms.date: 07/26/2022
+ms.date: 08/08/2022
 ms.service: active-directory
 ms.subservice: domain-services
 author: justinha

articles/active-directory/conditional-access/concept-conditional-access-grant.md

@@ -36,7 +36,7 @@ All policies are enforced in two phases:
    - Use the session details gathered in phase 1 to identify any requirements that haven't been met. 
    - If there's a policy that is configured to block access, with the block grant control, enforcement will stop here and the user will be blocked. 
    - The user will be prompted to complete more grant control requirements that weren't satisfied during phase 1 in the following order, until policy is satisfied:  
-      - [Multi-factor authentication​](concept-conditional-access-grant.md#require-multifactor-authentication)
+      - [Multi-factor authentication​](concept-conditional-access-grant.md#require-multi-factor-authentication)
       - [Device to be marked as compliant](./concept-conditional-access-grant.md#require-device-to-be-marked-as-compliant)
       - [Hybrid Azure AD joined device](./concept-conditional-access-grant.md#require-hybrid-azure-ad-joined-device)
       - [Approved client app](./concept-conditional-access-grant.md#require-approved-client-app)

articles/active-directory/conditional-access/concept-conditional-access-policies.md

@@ -81,7 +81,7 @@ The public preview supports the following scenarios:
 
 - Require user reauthentication during [Intune device enrollment](/mem/intune/fundamentals/deployment-guide-enrollment), regardless of their current MFA status.
 - Require user reauthentication for risky users with the [require password change](concept-conditional-access-grant.md#require-password-change) grant control.
-- Require user reauthentication for risky sign-ins with the [require multifactor authentication](concept-conditional-access-grant.md#require-multifactor-authentication) grant control.
+- Require user reauthentication for risky sign-ins with the [require multifactor authentication](concept-conditional-access-grant.md#require-multi-factor-authentication) grant control.
 
 When administrators select **Every time**, it will require full reauthentication when the session is evaluated.
 

articles/active-directory/conditional-access/howto-conditional-access-session-lifetime.md

@@ -27,7 +27,7 @@ Hybrid Azure AD joined devices require network line of sight to your on-premises
 | **Primary audience** | Suitable for hybrid organizations with existing on-premises AD infrastructure |
 |   | Applicable to all users in an organization |
 | **Device ownership** | Organization |
-| **Operating Systems** | Windows 11, Windows 10 or 8.1 |
+| **Operating Systems** | Windows 11, Windows 10 or 8.1 except Home editions |
 |   | Windows Server 2008/R2, 2012/R2, 2016, 2019 and 2022 |
 | **Provisioning** | Windows 11, Windows 10, Windows Server 2016/2019/2022 |
 |   | Domain join by IT and autojoin via Azure AD Connect or ADFS config |

articles/active-directory/devices/concept-azure-ad-join-hybrid.md

@@ -3,7 +3,7 @@ title: Hide or delete access package in entitlement management - Azure AD
 description: Learn how to hide or delete an access package in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
-author: owinfreyatl
+author: owinfreyATL
 manager: karenhoran
 editor: 
 ms.service: active-directory
@@ -22,7 +22,7 @@ ms.collection: M365-identity-device-management
 ---
 # Hide or delete an access package in Azure AD entitlement management
 
-Access packages are discoverable by default. This means that if a policy allows a user to request the access package, they will automatically see the access package listed in their My Access portal. However, you can change the **Hidden** setting so that the access package is not listed in user's My Access portal.
+When you create access packages, they're discoverable by default. This means that if a policy allows a user to request the access package, they'll automatically see the access package listed in their My Access portal. However, you can change the **Hidden** setting so that the access package isn't listed in the user's My Access portal.
 
 This article describes how to hide or delete an access package.
 
@@ -32,33 +32,33 @@ Follow these steps to change the **Hidden** setting for an access package.
 
 **Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager
 
-1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
+1. In the Azure portal, select **Azure Active Directory** and then select **Identity Governance**.
 
-1. In the left menu, click **Access packages** and then open the access package.
+1. In the left menu, select **Access packages** and then open the access package.
 
-1. On the Overview page, click **Edit**.
+1. On the Overview page, select **Edit**.
 
 1. Set the **Hidden** setting.
 
     If set to **No**, the access package will be listed in the user's My Access portal.
 
-    If set to **Yes**, the access package will not be listed in the user's My Access portal. The only way a user can view the access package is if they have the direct **My Access portal link** to the access package. For more information, see [Share link to request an access package](entitlement-management-access-package-settings.md).
+    If set to **Yes**, the access package won't be listed in the user's My Access portal. The only way a user can view the access package is if they have the direct **My Access portal link** to the access package. For more information, see [Share link to request an access package](entitlement-management-access-package-settings.md).
 
 ## Delete an access package
 
 An access package can only be deleted if it has no active user assignments. Follow these steps to delete an access package.
 
 **Prerequisite role:** Global administrator, User administrator, Catalog owner, or Access package manager
 
-1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
+1. In the Azure portal, select **Azure Active Directory** and then select **Identity Governance**.
 
-1. In the left menu, click **Access packages** and then open the access package.
+1. In the left menu, select **Access packages** and then open the access package.
 
-1. In the left menu, click **Assignments** and remove access for all users.
+1. In the left menu, select **Assignments** and remove access for all users.
 
-1. In the left menu, click **Overview** and then click **Delete**.
+1. In the left menu, select **Overview** and then select **Delete**.
 
-1. In the delete message that appears, click **Yes**.
+1. In the delete message that appears, select **Yes**.
 
 ## Next steps
 

articles/active-directory/governance/entitlement-management-access-package-edit.md

@@ -3,7 +3,7 @@ title: Tutorial - Manage access to resources in Azure AD entitlement management
 description: Step-by-step tutorial for how to create your first access package using the Azure portal in Azure Active Directory entitlement management.
 services: active-directory
 documentationCenter: ''
-author: owinfreyatl
+author: owinfreyATL
 manager: karenhoran
 editor: markwahl-msft
 ms.service: active-directory