Merge pull request #178947 from MicrosoftDocs/master

Merge master to live, 4 AM

Author: ttorble

.openpublishing.redirection.active-directory.json

@@ -82,7 +82,7 @@
         },
         {
             "source_path": "articles/active-directory/user-help/multi-factor-authentication-end-user-first-time.md",
-            "redirect_url": "https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc",
+            "redirect_url": "https://support.microsoft.com/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a",
             "redirect_document_id": false
         },
         {

articles/active-directory-b2c/partner-bloksec.md

@@ -21,8 +21,6 @@ zone_pivot_groups: b2c-policy-type
 
 ::: zone pivot="b2c-custom-policy"
 
-
-
 ::: zone-end
 
 In this sample tutorial, learn how to integrate Azure Active Directory (AD) B2C authentication with [BlokSec](https://bloksec.com/). BlokSec simplifies the end-user login experience by providing customers passwordless authentication and tokenless multifactor authentication (MFA). BlokSec protects customers against identity-centric cyber-attacks such as password stuffing, phishing, and man-in-the-middle attacks.
@@ -55,6 +53,7 @@ The following architecture diagram shows the implementation.
 Request a demo tenant with BlokSec by filling out [the form](https://bloksec.com/request-a-demo/). In the message field indicates that you would like to onboard with Azure AD B2C. Download and install the free BlokSec yuID mobile app from the app store. Once your demo tenant has been prepared, you'll receive an email. On your mobile device where the BlokSec application is installed, select the link to register your admin account with your yuID app.
 
 ::: zone pivot="b2c-user-flow"
+
 ## Prerequisites
 
 To get started, you'll need:
@@ -69,6 +68,7 @@ To get started, you'll need:
 ::: zone-end
 
 ::: zone pivot="b2c-custom-policy"
+
 ## Prerequisites
 
 To get started, you'll need:
@@ -112,10 +112,10 @@ To get started, you'll need:
 1. Sign-in to the [Azure portal](https://portal.azure.com/#home) as the global administrator of your Azure AD B2C tenant.
 1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
 1. On the **Portal settings | Directories + subscriptions** page, find your Azure AD B2C directory in the **Directory name** list, and then select **Switch**.
-1. Choose **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C** 
-1. Navigate to **Dashboard > Azure Active Directory B2C > Identity providers**
-1. Select New **OpenID Connect Provider**
-1. Select **Add**
+1. Choose **All services** in the top-left corner of the Azure portal, then search for and select **Azure AD B2C**.
+1. Navigate to **Dashboard** > **Azure Active Directory B2C** > **Identity providers**.
+1. Select New **OpenID Connect Provider**.
+1. Select **Add**.
 
 ### Part 3 - Configure an Identity provider
 
@@ -126,14 +126,14 @@ To get started, you'll need:
 |Property  |Value  |
 |:---------|:---------|
 |Name     |Enter BlokSec yuID – Passwordless or a name of your choice|
-|Metadata URL|https://api.bloksec.io/oidc/.well-known/openid-configuration|         
+|Metadata URL| `https://api.bloksec.io/oidc/.well-known/openid-configuration` |
 |Client ID|The application ID from the BlokSec admin UI captured in **Part 1**|
 |Client Secret|The application Secret from the BlokSec admin UI captured in **Part 1**|
 |Scope|OpenID email profile|
 |Response type|Code|
 |Domain hint|yuID|
 
-1. Select **OK**
+1. Select **OK**.
 
 1. Select **Map this identity provider’s claims**.
 
@@ -177,13 +177,13 @@ You should now see BlokSec as a new OIDC Identity provider listed within your B2
 
 1. Select **Run user flow**
 
-1. In the form, enter the Replying URL, for example, https://jwt.ms
+1. In the form, enter the Replying URL, such as `https://jwt.ms`.
 
 1. The browser will be redirected to the BlokSec login page. Enter the account name registered during User registration. The user will receive a push notification to their mobile device where the BlokSec yuID application is installed; upon opening the notification, the user will be presented with an authentication challenge
 
-1. Once the authentication challenge is accepted, the browser will redirect the user to the replying URL.  
+1. Once the authentication challenge is accepted, the browser will redirect the user to the replying URL.
 
-## Next steps 
+## Next steps
 
 For additional information, review the following articles:
 
@@ -320,7 +320,8 @@ The following XML demonstrates the first two orchestration steps of a user journ
 
 The relying party policy, for example [SignUpSignIn.xml](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAndLocalAccounts/SignUpOrSignin.xml), specifies the user journey which Azure AD B2C will execute. Find the **DefaultUserJourney** element within relying party. Update the **ReferenceId** to match the user journey ID, in which you added the identity provider.
 
-In the following example, for the `CustomSignUpOrSignIn` user journey, the ReferenceId is set to `CustomSignUpOrSignIn`.  
+In the following example, for the `CustomSignUpOrSignIn` user journey, the ReferenceId is set to `CustomSignUpOrSignIn`.
+
 ```xml
 <RelyingParty>
   <DefaultUserJourney ReferenceId="CustomSignUpSignIn" />
@@ -346,12 +347,12 @@ Select **Upload Custom Policy**, and then upload the two policy files that you c
 
 If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C.
 
-## Next steps 
+## Next steps
 
 For additional information, review the following articles:
 
 - [Custom policies in Azure AD B2C](./custom-policy-overview.md)
 
 - [Get started with custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy)
 
-::: zone-end
+::: zone-end

articles/active-directory/authentication/concept-sspr-policy.md

@@ -127,6 +127,7 @@ After the module is installed, use the following steps to complete each task as
 ### Check the expiration policy for a password
 
 1. Open a PowerShell prompt and [connect to your Azure AD tenant](/powershell/module/azuread/connect-azuread#examples) using a *global administrator* or *user administrator* account.
+
 1. Run one of the following commands for either an individual user or for all users:
 
    * To see if a single user's password is set to never expire, run the following cmdlet. Replace `<user ID>` with the user ID of the user you want to check, such as *driley\@contoso.onmicrosoft.com*:
@@ -144,6 +145,7 @@ After the module is installed, use the following steps to complete each task as
 ### Set a password to expire
 
 1. Open a PowerShell prompt and [connect to your Azure AD tenant](/powershell/module/azuread/connect-azuread#examples) using a *global administrator* or *user administrator* account.
+
 1. Run one of the following commands for either an individual user or for all users:
 
    * To set the password of one user so that the password expires, run the following cmdlet. Replace `<user ID>` with the user ID of the user you want to check, such as *driley\@contoso.onmicrosoft.com*

articles/active-directory/authentication/howto-authentication-passwordless-faqs.md

@@ -15,7 +15,7 @@ ms.reviewer: aakapo
 
 ms.collection: M365-identity-device-management
 ---
-# Deployment frequently asked questions (FAQs) for hybrid FIDO2 security keys in Azure AD 
+# Deployment frequently asked questions (FAQs) for hybrid FIDO2 security keys in Azure AD
 
 This article covers deployment frequently asked questions (FAQs) for hybrid Azure AD joined devices and passwordless sign-in to on-prem resources. With this passwordless feature, you can enable Azure AD authentication on Windows 10 devices for hybrid Azure AD joined devices using FIDO2 security keys. Users can sign into Windows on their devices with modern credentials like FIDO2 keys and access traditional Active Directory Domain Services (AD DS) based resources with a seamless single sign-on (SSO) experience to their on-prem resources.
 
@@ -175,14 +175,14 @@ To unblock the accounts, use **Active Directory Users and Computers** to modify
 
 ### How is Azure AD Kerberos linked to my on-premises Active Directory Domain Services environment?
 
-There are two parts - the on-premises AD DS environment, and the Azure AD tenant.
+There are two parts: the on-premises AD DS environment and the Azure AD tenant.
 
 **Active Directory Domain Services (AD DS)**
 
 The Azure AD Kerberos server is represented in an on-premises AD DS environment as a domain controller (DC) object. This DC object is made up of multiple objects:
 
 * *CN=AzureADKerberos,OU=Domain Controllers,\<domain-DN>*
-    
+
     A *Computer* object that represents a Read-Only Domain Controller (RODC) in AD DS. There's no computer associated with this object. Instead, it's a logical representation of a DC.
 
 * *CN=krbtgt_AzureAD,CN=Users,\<domain-DN>*